|
|
Evaluating Privacy Policy for Mobile Health APPs with Machine Learning |
Zhao Yang1,2(),Yan Zhouzhou1,Shen Qiqi1,Li Zhonghang1 |
1School of Information Management, Wuhan University, Wuhan 430072, China 2School of National Secrecy, Wuhan University, Wuhan 430072, China |
|
|
Abstract [Objective] This paper analyzes privacy policies for mobile health APPs in China with machine learning, aiming to improve the efficiency and accuracy of compliance evaluation. [Methods] First, we constructed the evaluation system for the privacy policy compliance of mobile health APPs according to relevant policies and regulations. Then, based on the hard voting classifier, we established the compliance evaluation model integrating three machine learning algorithms: CNN, RNN and LSTM. Finally, we examined our model using 1210 mobile health APPs from the Android APP market, and evaluated the compliance of their privacy policies. [Results] The overall compliance of the privacy policies for mobile health APPs was poor. There are many violations in the six evaluation criteria. The compliance scores of online medical APPs, medical service APPs, health management APPs, and medical information APPs were 0.63, 0.59, 0.61and 0.66. [Limitations] Due to the limited amount of annotated privacy policy data, the proposed model may not be able to fully learn the features of evaluation indicators. [Conclusions] This proposed model could conduct large-scale, fine-grained automatic evaluation of the compliance of APPs privacy policies. It also provides new ideas and methods for the government agencies and APP operators to improve decision making.
|
Received: 24 August 2021
Published: 21 June 2022
|
|
Fund:Wuhan University Humanities and Social Sciences Youth Academic Team Project(201909);Wuhan University National Secrecy School Independent Scie.pngic Research Project(2021017) |
Corresponding Authors:
Zhao Yang,ORCID:0000-0003-1784-2733
E-mail: yangzhao_0813@whu.edu.cn
|
[1] |
王天屹, 刘爱萍. 大数据环境下医疗数据隐私保护对策研究[J]. 信息技术与网络安全, 2019, 38(8): 28-32.
|
[1] |
( Wang Tianyi, Liu Aiping. Research on Privacy Protection of Medical Information in Big Data[J]. Information Technology and Network Security, 2019, 38(8): 28-32.)
|
[2] |
艾媒咨询. 2020-2021中国互联网医疗行业发展白皮书[EB/OL]. [2021-06-10]. https://www.iimedia.cn/c400/77397.html.
|
[2] |
( iMedia Research. 2020-2021 China Internet Medical Industry Development White Paper[EB/OL]. [2021-06-10]. https://www.iimedia.cn/c400/77397.html.)
|
[3] |
何培育, 王潇睿. 智能手机用户隐私安全保障机制研究: 基于第三方应用程序“隐私条款”的分析[J]. 情报理论与实践, 2018, 41(10): 40-46.
|
[3] |
( He Peiyu, Wang Xiaorui. Security Assurance Mechanism of Smart Phone Users’ Privacy Based on “Privacy Clause” of Third Party Application[J]. Information Studies: Theory & Application, 2018, 41(10): 40-46.)
|
[4] |
李延舜. 我国移动应用软件隐私政策的合规审查及完善——基于49例隐私政策的文本考察[J]. 法商研究, 2019, 36(5): 26-39.
|
[4] |
( Li Yanshun. The Compliance Review and Improvement of China’s Mobile App Privacy Policy: A Text Review on 49 Cases of Privacy Policy[J]. Studies in Law and Business, 2019, 36(5): 26-39.)
|
[5] |
郭清玥, 吴丹. 基于文本分析的APP隐私政策框架优化研究[J]. 信息资源管理学报, 2021, 11(1): 18-29.
|
[5] |
( Guo Qingyue, Wu Dan. Research on Optimization of APP Privacy Policy Framework Based on Text Analysis[J]. Journal of Information Resources Management, 2021, 11(1): 18-29.)
|
[6] |
刘乾坤, 刘昊鹏, 秦子昂, 等. 基于内容分析法的健康APP用户隐私保护政策发展现状研究[J]. 中国医院, 2019, 23(9): 20-23.
|
[6] |
( Liu Qiankun, Liu Haopeng, Qin Ziang, et al. Research on Users’ Privacy Protection Policy of M-Health Application Based on Content Analysis[J]. Chinese Hospitals, 2019, 23(9): 20-23.)
|
[7] |
付少雄, 赵安琪. 健康APP用户隐私保护政策调查分析——以《信息安全技术个人信息安全规范》为框架[J]. 图书馆论坛, 2019, 39(12): 109-118.
|
[7] |
( Fu Shaoxiong, Zhao Anqi. Research on User Privacy Protection Policies of Health Apps——Based on Information Security Technology—Personal Information Security Specification[J]. Library Tribune, 2019, 39(12): 109-118.)
|
[8] |
王晰巍, 相甍甍, 张长亮, 等. 新媒体环境下信息隐私国内外研究动态及发展趋势[J]. 图书情报工作, 2017, 61(15): 6-14.
|
[8] |
( Wang Xiwei, Xiang Mengmeng, Zhang Changliang, et al. Research on the Development Trend of Domestic and Foreign Information Privacy Under New Media Environment[J]. Library and Information Service, 2017, 61(15): 6-14.)
|
[9] |
Rowan M, Dehlinger J. A Privacy Policy Comparison of Health and Fitness Related Mobile Applications[J]. Procedia Computer Science, 2014, 37: 348-355.
doi: 10.1016/j.procs.2014.08.051
|
[10] |
Zapata B C, Hernández Niñirola A, Fernández-Alemán J L, et al. Assessing the Privacy Policies in Mobile Personal Health Records[C]// Proceedings of the 36th Annual International Conference of the IEEE Engineering in Medicine and Biology Society. 2014: 4956-4959.
|
[11] |
Bachiri M, Idri A, Fernández-Alemán J L, et al. Evaluating the Privacy Policies of Mobile Personal Health Records for Pregnancy Monitoring[J]. Journal of Medical Systems, 2018, 42(8): 144.
doi: 10.1007/s10916-018-1002-x
pmid: 29959535
|
[12] |
Powell A C, Singh P, Torous J. The Complexity of Mental Health App Privacy Policies: A Potential Barrier to Privacy[J]. JMIR MHealth and UHealth, 2018, 6(7): e158.
doi: 10.2196/mhealth.9871
|
[13] |
Benjumea J, Ropero J, Rivera-Romero O, et al. Assessment of the Fairness of Privacy Policies of Mobile Health Apps: Scale Development and Evaluation in Cancer Apps[J]. JMIR MHealth and UHealth, 2020, 8(7): e17134.
doi: 10.2196/17134
|
[14] |
Parker L, Halter V, Karliychuk T, et al. How Private is Your Mental Health App Data? An Empirical Study of Mental Health App Privacy Policies and Practices[J]. International Journal of Law and Psychiatry, 2019, 64: 198-204.
doi: S0160-2527(18)30268-1
pmid: 31122630
|
[15] |
O’Loughlin K, Neary M, Adkins E C, et al. Reviewing the Data Security and Privacy Policies of Mobile Apps for Depression[J]. Internet Interventions, 2019, 15: 110-115.
doi: 10.1016/j.invent.2018.12.001
|
[16] |
Rosenfeld L, Torous J, Vahia I V. Data Security and Privacy in Apps for Dementia: An Analysis of Existing Privacy Policies[J]. The American Journal of Geriatric Psychiatry, 2017, 25(8): 873-877.
doi: S1064-7481(17)30301-9
pmid: 28645535
|
[17] |
Robillard J M, Feng T L, Sporn A B, et al. Availability, Readability, and Content of Privacy Policies and Terms of Agreements of Mental Health Apps[J]. Internet Interventions, 2019, 17: 100243.
doi: 10.1016/j.invent.2019.100243
|
[18] |
Sunyaev A, Dehling T, Taylor P L, et al. Availability and Quality of Mobile Health App Privacy Policies[J]. Journal of the American Medical Informatics Association, 2014, 22(e1): e28-e33.
|
[19] |
马骋宇, 刘乾坤. 移动健康应用程序的隐私政策评价及实证研究[J]. 图书情报工作, 2020, 64(7): 46-55.
|
[19] |
( Ma Chengyu, Liu Qiankun. Research on the Privacy Policy’s Evaluation and Empirical Study of Mobile Health Applications[J]. Library and Information Service, 2020, 64(7): 46-55.)
|
[20] |
Contissa G, Docter K, Lagioia F, et al. Claudette Meets GDPR: Automating the Evaluation of Privacy Policies Using A.pngicial Intelligence[J]. SSRN Electronic Journal, 2018: 1-59.
|
[21] |
Harkous H, Fawaz K, Lebret R, et al. Polisis: Automated Analysis and Presentation of Privacy Policies Using Deep Learning[C]// Proceedings of the 27th USENIX Security Symposium. 2018:531-548.
|
[22] |
全国信息安全标委会. 信息安全技术个人信息安全规范(GB/T 35273-2020)[EB/OL]. [2021-06-10]. http://openstd.samr.gov.cn/bzgk/gb/newGbInfo?hcno=4568F276E0F8346EB0FBA097AA0CE05E.
|
[22] |
(National Information Security Standardization Technical Committee. Information Security Technology—Personal Information Security Specification (GB/T 35273-2020)[EB/OL]. [2021-06-10]. http://openstd.samr.gov.cn/bzgk/gb/newGbInfo?hcno=4568F276E0F8346EB0FBA097AA0CE05E.)
|
[23] |
中华人民共和国网络安全法[EB/OL]. [2021-06-10]. http://www.cac.gov.cn/2016-11/07/c_1119867116.htm.
|
[23] |
( The Cybersecurity Law of the People’s Republic of China[EB/OL]. [2021-06-10]. http://www.cac.gov.cn/2016-11/07/c_1119867116.htm.)
|
[24] |
App违法违规收集使用个人信息行为认定方法[EB/OL]. [2021-06-10]. http://www.cac.gov.cn/2019-12/27/c_1578986455686625.htm.
|
[24] |
( Ide.pngication Method of APP’s Illegal Collection and Use of Personal Information[EB/OL]. [2021-06-10]. http://www.cac.gov.cn/2019-12/27/c_1578986455686625.htm.)
|
[25] |
App违法违规收集使用个人信息自评估指南[EB/OL]. [2021-06-10]. https://pip.cybersac.cn/jbxt/privacy/detail/20190302114600934277.
|
[25] |
( Self-Assessment Guide of APP’s Illegal Collection and Use of Personal Information[EB/OL]. [2021-06-10]. https://pip.cybersac.cn/jbxt/privacy/detail/20190302114600934277.)
|
[26] |
电信终端产业协会. APP收集使用个人信息最小必要评估规范[EB/OL]. [2021-06-10]. http://www.taf.org.cn/StdDetail.aspx?uid=8EBE18CA-10C0-4300-B425-FDC43A9305ED&stdType=TAF.
|
[26] |
(Telecommunication Terminal Industry Forum Association. Application Software User Personal Information Collection and Usage Minimization and Necessity Evaluation Specification General Principle[EB/OL]. [2021-06-10]. http://www.taf.org.cn/StdDetail.aspx?uid=8EBE18CA-10C0-4300-B425-FDC43A9305ED&stdType=TAF.)
|
[27] |
常见类型移动互联网应用程序必要个人信息范围规定[EB/OL]. [2021-06-10]. http://www.cac.gov.cn/2021-03/22/c_1617990997054277.htm.
|
[27] |
( Provisions on the Scope of Necessary Personal Information for Common Types of Mobile Internet Applications[EB/OL]. [2021-06-10]. http://www.cac.gov.cn/2021-03/22/c_1617990997054277.htm.)
|
[28] |
赵宇鑫, 努尔布力, 艾壮. 基于集成学习投票算法的Android恶意应用检测[J]. 计算机工程与应用, 2020, 56(22): 74-82.
|
[28] |
( Zhao Yuxin, Nurbol, Ai Zhuang. Android Malware Detection Based on Ensemble Learning Voting Algorithm[J]. Computer Engineering and Applications, 2020, 56(22): 74-82.)
|
|
Viewed |
|
|
|
Full text
|
|
|
|
|
Abstract
|
|
|
|
|
Cited |
|
|
|
|
|
Shared |
|
|
|
|
|
Discussed |
|
|
|
|