The privacy of personal information has received significant attention in
mobile software. Although previous researchers have designed some methods to
identify the conflict between app behavior and privacy policies, little is
known about investigating regulation requirements for third-party libraries
(TPLs). The regulators enacted multiple regulations to regulate the usage of
personal information for TPLs (e.g., the “California Consumer Privacy Act”
requires businesses clearly notify consumers if they share consumers’ data with
third parties or not). However, it remains challenging to analyze the legality
of TPLs due to three reasons: 1) TPLs are mainly published on public
repositoriesinstead of app market (e.g., Google play). The public repositories
do not perform privacy compliance analysis for each TPL. 2) TPLs only provide
independent functions or function sequences. They cannot run independently,
which limits the application of performing dynamic analysis. 3) Since not all
the functions of TPLs are related to user privacy, we must locate the functions
of TPLs that access/process personal information before performing privacy
compliance analysis. To overcome the above challenges, in this paper, we
propose an automated system named ATPChecker to analyze whether the Android
TPLs meet privacy-related regulations or not. Our findings remind developers to
be mindful of TPL usage when developing apps or writing privacy policies to
avoid violating regulations.

