By Davide Caputo July 9, 2020


Python Version License: AGPL v3

3PDroid is a Python tool for verifying if an Android app complies with the Google Play privacy guidelines described here. 3PDroid is based on a combination of static analysis, dynamic analysis, and machine learning techniques to assess if an Android app complies with the Google Play privacy guidelines or not.

❱ Publication

More details about 3PDroid can be found in the paper “On the (Un)Reliability of Privacy Policies in Android Apps

Please use the following bibtex entry to cite our work:

  author = {Luca Verderame and Davide Caputo and Andrea Romdhana and Alessio Merlo},
  title = {On the (Un)Reliability of Privacy Policies in Android Apps},
  booktitle = {Proc. of the IEEE International Joint Conference on Neural Networks (IJCNN 2020)},
  month = {July},
  year = {2020},
  address = {Glasgow, UK}

❱ Requirements

  • Tested only on Ubuntu 18.04 and Ubuntu 20.04

  • Use python 3.7.5

  • Install virtualenv

    pip3 install virtualenv
  • Download Oracle VirtualBox

  • Download emulator

  • Setup emulator (if needed)

    • Obtain root permissions (if needed)
    • emulator with nat e forward ports 5555 and 5554
    • emulator with bridged adapter
    • install droidbot app (download)
  • Enable accessibility services

  • Add adb path in PATH environment variable

  • Download nltk resources

    import nltk"stopwords")"punkt")

OPTIONAL, if you want to use appium and the random modality (default is Droidbot)

  • Download appium

    npm install -g appium
    npm install -g appium-doctor
  • Verify appium installation

    appium-doctor --android

❱ Start Analysis

  1. Create Virtualenv
virtualenv -p python3 venv
  1. Enable Virtualenv
source venv/bin/activate
  1. Install Requirements
pip install -r requirements
  1. Start Emulator Manager
  1. Move apps to analyze within apps dir
  2. Start experiments
python3 -t 10 -m 20 --type Droidbot --emulator-name AndroidEmulator -d \home\user\path\3PDroid\apps

❱ After Analysis

  • Check if the apps with privacy policy contain explicit acceptance or not

  • Update results with some new data and stats

  • CREvaluator (see “On the (Un)Reliability of Privacy Policies in Android Apps” for more information)


❱ License

This tool is available under a dual license: a commercial one required for closed source projects or commercial projects, and an AGPL license for open-source projects.

Depending on your needs, you must choose one of them and follow its policies. A detail of the policies and agreements for each license type is available in the LICENSE.COMMERCIAL and LICENSE files.

Stay Updated on the Latest Cyber Security News