Wearable devices are becoming increasingly popular in modern life, making significant contributions to human health monitoring. While security and privacy violations in standard apps have been extensively studied in many previous work, wearable apps have received comparatively little attention. This paper presents an automated framework that leverages Large Language Models (LLM) to identify privacy violations in Android wearable apps. The method evaluates both declared practices by extracting third-party services and shared data types from a Knowledge graph generated from the Manifest and Data Safety sections, and actual behaviors by analyzing sent-out network traffic. We evaluated the proposal on 711 popular companion apps and found that 67.5 % violate the declared data collection and sharing practices, with 48% leaking data to undeclared third-party services.
Detecting Privacy Non-Compliance in Wearable Apps via Knowledge Graphs and LLMs
Nguyen T. T. L.;Carminati B.;Ferrari E.
2025-01-01
Abstract
Wearable devices are becoming increasingly popular in modern life, making significant contributions to human health monitoring. While security and privacy violations in standard apps have been extensively studied in many previous work, wearable apps have received comparatively little attention. This paper presents an automated framework that leverages Large Language Models (LLM) to identify privacy violations in Android wearable apps. The method evaluates both declared practices by extracting third-party services and shared data types from a Knowledge graph generated from the Manifest and Data Safety sections, and actual behaviors by analyzing sent-out network traffic. We evaluated the proposal on 711 popular companion apps and found that 67.5 % violate the declared data collection and sharing practices, with 48% leaking data to undeclared third-party services.
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
