A Framework for Major Stakeholders in Android Application Industry to Manage Privacy Policies of Android Applications

As Android's permission-based system cannot fulfill the requirements of personal data protection, several countries around the world are requesting application developers to provide privacy policies for their applications. To address the issue, this study proposes a framework to Manage Privacy Policies of Android Applications (MaPPA). MaPPA provides standard format for application providers to present privacy policies in machine processable format and to embed the policies into applications. Application verifiers or marketplace providers can then verify whether an application complies with embedded privacy policies and envelop verification reports in the application. Therefore, users can extract privacy policies and verification reports from applications directly. Compared to providing URL links to privacy policies in marketplaces, the proposed framework can reduce the cost for application developers to maintain additional servers to provide privacy policies. Moreover, application users can obtain verification reports in an application to comfirm the consistency between privacy policies and application behavior. In light of this, the study can hopefully solve current problems of privacy policy notification for Android applications.