measuring the effectiveness of privacy policies for voice … · 2 days ago · work also includes...

Measuring the Effectiveness of Privacy Policiesfor Voice Assistant Applications

Song Liao Christin Wilson Long Cheng Hongxin Hu and Huixing DengSchool of Computing Clemson University

ABSTRACTVoice Assistants (VA) such as Amazon Alexa and Google Assistantare quickly and seamlessly integrating into peoplersquos daily livesThe increased reliance on VA services raises privacy concerns suchas the leakage of private conversations and sensitive informationPrivacy policies play an important role in addressing usersrsquo privacyconcerns and informing them about the data collection storage andsharing practices VA platforms (both Amazon Alexa and GoogleAssistant) allow third-party developers to build new voice-apps andpublish them to the app store Voice-app developers are requiredto provide privacy policies to disclose their appsrsquo data practicesHowever little is known whether these privacy policies are infor-mative and trustworthy or not on emerging VA platforms On theother hand many users invoke voice-apps through voice and thusthere exists a usability challenge for users to access these privacypolicies

In this paper we conduct the first large-scale data analytics tosystematically measure the effectiveness of privacy policies pro-vided by voice-app developers on twomainstreamVA platformsWeseek to understand the quality and usability issues of privacy poli-cies provided by developers in the current app stores We analyzed64720 Amazon Alexa skills and 2201 Google Assistant actions Ourwork also includes a user study to understand usersrsquo perspectiveson VArsquos privacy policies Our findings reveal a worrisome reality ofprivacy policies in two mainstream voice-app stores where thereexists a substantial number of problematic privacy policies Surpris-ingly Google and Amazon even have official voice-apps violatingtheir own requirements regarding the privacy policy

1 INTRODUCTIONVirtual Assistants (VA) such as Amazon Alexa and Google Assistanthave been seamlessly integrated into our daily life An estimated325 billion digital voice assistants are being used around the worldin 2019 The number is forecasted to reach 8 billion users by 2023which is higher than the current world population [9] VA handlesa wide range of queries that humans are posing eg from orderingeveryday items managing bank accounts controlling smart homedevices to recommending clothing stores and new fashions Despitethe many convenient features there is an increasing concern onprivacy risks of VA users [16 19 23 26 31 32 35 37]

Privacy and data protection laws are in place in most of thecountries around the world to protect end users online These com-pliance requirements aremostly satisfied by providing a transparentprivacy policy by developers Google was fined euro50 million by aFrench data protection regulator after its privacy policy failed tocomply with General Data Protection Regulation (EU GDPR) Thisfine was not for failing to provide a privacy policy but for nothaving a one that was good enough and failing to provide enough

information to users [6] Researchers have shown that there aremany discrepancies between mobile apps (eg Android apps) andtheir privacy policies [17 36 39 47] which may be either becauseof careless preparation by benign developers or an intentional de-ception by malicious developers [41] Such inconsistencies couldlead to public enforcement actions by the Federal Trade Commis-sion (FTC) or other regulatory agencies [48] For example FTCfined $800000 against Path (a mobile app operator) because of anincomplete data practice disclosure in its privacy policy [13] Inanother case Snapchat transmitted geolocation information fromusers of its Android app despite the privacy policy states that itdid not track such information In 2014 FTC launched a formalinvestigation requesting Snapchat to implement a comprehensiveprivacy program [14]

VA platforms allow third-party developers to build new voice-apps (which are called skills on Amazon platform and actions onGoogle platform respectively) and publish them to app stores Inorder to comply with privacy regulations (such as COPPA [18])and protect consumersrsquo privacy voice-app developers are requiredto provide privacy policies and notify users of their appsrsquo datapractices Typically a proper privacy policy is a document thatshould have answers to aminimum of three important questions [7]1) What information is being collected 2) How this informationis being used and 3) What information is being shared Third-party skills and actions are in very high number in the respectivestores Developers are required to provide privacy policies for theirvoice-apps Policies could be diverse and poorly written whichresults in more users ignoring the privacy policy and choosing tonot read it This also leads to users using a privacy-sensitive servicewithout having a proper understanding of the data that is beingcollected from them and what the developer will do with it On theother hand the feature that makes VA devices like Amazon Echoand Google Assistant interesting is the ability to control them overthe voice without the need of physically accessing them Despitethe convenience it poses challenges on effective privacy noticesto enable users to make informed privacy decisions The privacypolicy may be missing completely in the conversational interfaceunless users read it over the smartphone app or through the web

In this work we mainly investigate the following three researchquestions (RQs)

bull RQ1 What is the overall quality of privacy policies pro-vided by voice-app developers in different VA platformsDo they provide informative and meaningful privacy poli-cies as required by VA platforms

bull RQ2 For a seemingly well-written privacy policy that con-tains vital information regarding the service provided tousers can we trust it or not Can we detect inconsistentprivacy policies of voice-apps

1

arX

iv2

007

1457

0v1

[cs

CR

] 2

9 Ju

l 202

0

bull RQ3 What are VA usersrsquo perspectives on privacy policiesof voice-apps What is possibly a better usability choicefor VA users to make informed privacy decisions

We conduct the first empirical analysis to measure the effective-ness of privacy policies provided by voice-app developers on bothAmazon Alexa and Google Assistant platforms Such an effort hasnot previously been reported The major contributions and findingsare summarized as follow1

bull We analyze 64720 Amazon Alexa skills and 2201 GoogleAssistant actions We first check whether they have a pri-vacy policy For the 17952 skills and 1967 actions that haveone unfortunately we find there are many voice-apps inapp stores with incorrect privacy policy URLs or brokenlinks Surprisingly Google and Amazon even have officialvoice-apps violating their own requirements regarding theprivacy policy

bull We further analyze the privacy policy content to identifypotential inconsistencies between policies and voice-appsWe develop a Natural Language Processing (NLP)-basedapproach to capture data practices from privacy policiesWe then compare the data practices of a privacy policyagainst the apprsquos description We find there are privacypolicies that are inconsistent with the corresponding skilldescriptions We also find skills which are supposed tohave a privacy policy but do not provide one

bull We conduct a user study with 91 participants to under-stand usersrsquo perspectives on VArsquos privacy policies usingthe Amazon Mechanical Turk crowdsourcing platform Wealso discuss solutions to improve the usability of privacynotices to VA users

2 BACKGROUND AND CHALLENGES21 Voice-app and privacy policyVoice-app listing on the store We mainly focus on two main-stream VA platforms ie Amazon Alexa and Google Assistantboth with conceptually similar architectures These platforms allowthird-party developers to publish their own voice-apps on VA storesA voice-apprsquos introduction page that is shared by the developer onthe store contains the app name a detailed description the cate-gory it belongs to developer information user rating and reviewsprivacy policy link and example voice commands which can beviewed by end users The source code is not included in the submis-sion and therefore is not available either to the certification teamsof VA platforms or to end users Users who enable a skillactionthrough the voice-app store may make their decisions based onthe description It explains the functionality and behavior of thevoice-app and what the user can expect from it Some developersalso mention the data that is required from users (ie data practices)in the description

VA platformrsquos requirements on privacy policy Applicationdevelopers are often required to provide a privacy policy and notifyusers of their appsrsquo privacy practices VA platforms have different

1Accompanying materials of this work including the dataset empirical evidencesfor inconsistent privacy policies and tools are available at httpsgithubcomvoice-assistant-researchvoice-assistant

requirements regarding the privacy policies of voice-apps GoogleAssistant requires every action to have a privacy policy provided onsubmission Amazon Alexa requires skills that collect personal in-formation only to mandatorily have a privacy policy Both Amazonand Google prevent the submission of a voice-app for certification iftheir respective requirements are not met [1 10] In addition to theprivacy policy URL both platforms offer an option for developers toprovide a URL for the terms of use as well These URLs if providedby the developers are made available along with the voice-apprsquoslisting on the store

Requirements on specific content in privacy policiesGooglehas a Privacy Policy Guidance page [7] in their documentationfor action developers The guide explains what Googlersquos minimumexpectation is for a privacy policy document According to theguide the privacy disclosures included in the policy should be com-prehensive accurate and easy to understand for the users Theprivacy policy should disclose all the information that an actioncollects through all the interfaces including the data that is col-lected automatically How the collected information is used andwho and when the collected information is shared with should bespecified Google rejects an action if developers do not provide (oreven misspell) the action name company name or developer emailin the privacy policy The link should be valid and should also bea public document viewable by everyone Amazon Alexa doesnrsquotprovide a guideline for the privacy policy content in their Alexadocumentation

Voice-app enablement VA users enable official (ie developedby VA platforms) or third-party voice-apps to expand the function-ality of their devices Voice-apps can be enabled by saying a simplecommand through voice or by adding it from the smartphone appA voice-app for which the developer has requested permissionto access userrsquos data sends a permission request to the userrsquos VAcompanion app on smartphone during enablement The other voice-apps are directly enabled A privacy policy can be accessed eitherover the VA companion app or through the web On the contraryit is not accessible through the VA devices over voice VA platformsdo not require end users to accept a privacy policy or the terms ofuse of a voice-app before enabling it on their devices It is left forthe users to decide whether to go through the privacy policy of thevoice-app they use or not

22 Challenges on privacy policy analysisExisting privacy policy analysis on smartphone platforms [17 3639 41 47 48] typically conduct static code analysis to analyzepotential inconsistencies between an apprsquos privacy policy and itsruntime behavior Unlike smartphone app platforms the sourcecode of voice-apps in Amazon Alexa and Google Assistant plat-forms are not publicly available A voice-app is hosted in a serverselected by its developer and only the developer has access to itAs far as we know the source code is not available even to theVA platformrsquos certification teams This limits the extent of our pri-vacy analysis since we neither have a ground truth to validate ourfindings of inconsistent privacy policies nor the actual code to findmore inconsistencies with the privacy policies provided The onlyuseful information that we have about a voice-app is the descrip-tion that is provided by the developer Descriptions do not have

2

DescriptionDataset

Privacy Policy Dataset

NLP Analysis Data Practices in

Privacy Policy

Data Practices in Description

Inconsistency Checking

Broken URLs Duplicate links

Policies Without Data Practice

Incomplete PoliciesMissing PoliciesOutputs

Preprocessing

Figure 1 Processing pipeline of our privacy policy analysis

a minimum character count and developers can add a single linedescription or a longer description explaining all functionalities andother relevant information Regardless due to the unavailability ofother options we use the voice-app descriptions for our analysisto detect problematic privacy policies For this reason our resultson the inconsistency checking of privacy policies (in Section 33)are not focused on the exact number of mismatches and errors buton the existence of problems potentially affecting the overall userexperience

3 METHODOLOGYIn this section we first present an overview of our approach andthen detail the major modules including data collection process (Sec-tion 31) capturing data practices based on NLP analysis (Sec-tion 32) and inconsistency checking (Section 33) We seek tounderstand whether developers provide informative and meaning-ful privacy policies as required by VA platforms Fig 1 illustratesthe processing pipeline of our privacy policy analysis As previouslymentioned each skillactionrsquos listing page on the store containsa description and a privacy policy link (URL) We first collect allthese webpages and pre-process them to identify high-level issuessuch as broken URLs and duplicate URLs Then we conduct an NLPbased analysis to capture data practices provided in privacy policiesand descriptions We seek to identify three types of problematicprivacy policies i) without any data practice ii) incomplete policies(eg a skillrsquos privacy policy lacks data collection information butit has been mentioned in the skillrsquos description) and iii) missingpolicies (eg a skill without a privacy policy but requires one dueto its data collection practices)

31 Data collectionWe built a crawler to collect a voice-apprsquos id name developer infor-mation description and privacy policy link from Amazon Alexarsquosskills store and Google Assistantrsquos actions store There were severalchallenges for crawling introduction pages of voice-apps First forthe skills store 23 categories of skills are listed but these are notmutually exclusive The category communication is a subcate-gory in the social category and the category home services isa subcategory in the lifestyle category Some skills are classifiedand listed in multiple categories We need to remove duplicatesduring the data collection Second Alexarsquos skills store only pro-vides up to 400 pages per category and each page contains 16 skillsThough Amazon Alexa claimed there are over 100000 skills on

its skills store we were able to crawl only 64720 unique skillsThird Google actions store lists actions in pages that dynamicallyload more actions when users reach the end of the page We wereunable to use the crawler to automatically get information aboutall the actions As a result we crawled 2201 actions belonging to18 categories from the Google actions store The total numbers ofskills and actions by category we collected are listed in Table 9 andTable 10 in Appendix

Another challenge was to obtain the privacy policy contentGiven the privacy policy links we observed that there are fivetypes of policy pages i) normal html pages ii) pdf pages iii) Googledoc and Google drive documents iv) txt files and v) other typesof files (eg doc docx or rtf) For normal html pages we used thewebdriver [12] tool to collect the webpage content when they areopened For the other types of pages we downloaded these filesand then extracted the content from them Finally we convertedall the privacy policies in different formats to the txt format

PrivacyPolicyDatasetWe collected 64720 unique skills under21 categories from Alexarsquos skills store and 17952 of these skillsprovide privacy policy links Among the 2201 Google actions wecollected 1967 have privacy policy links

0

02

04

06

08

1

0 1000 2000 3000 4000 5000 6000 7000 8000 9000 10000

Cum

ulat

ive

Fra

ctio

n (C

DF

)

Privacy Policy Length ( of Words)

Google ActionAmazon Skill

Figure 2 Length of a privacy policy

For each skillaction with a valid policy link we calculated thenumber of words in the document Fig 2 shows the cumulativedistribution function of the privacy policy length The averagelength is 2336 words for Alexa skills and 1479 words for Googleactions respectively We also observed many very short privacypolicies which are not informative An example is the Google actionMister Baavlo which says We do not store any of your data but

3

does not mention what data it collects Examples of short privacypolicies are listed in Table 1

Voice-app name SkillAction Privacy policy

Passive income tips Skill This is just a sample privacy policy link You can usethis url If you do not have it

Activity Book Skill This skill does not collect or save any personalinformation

BestDateCalendar Skill It directs to Google home page

Story Time Skill (Kids) No information is collected during the use of StoryTime

KidsBrushYourTeethSong Skill (Kids) Privacy Policy (no content)Mister baavlo Action We do not store any of your data

Sanskrit names for yogaposes Action Google Docs You need permission to access this

published document

Table 1 Examples of short privacy policies

Description Dataset Description of a voice-app is intended tointroduce the voice-app to end users with information regarding itsfunctionality and other relevant information It may also containdata practices (eg the data required to be collected to achieve afunctionality) of the voice-app We collected voice-app descriptionsand used them as baselines to detect potentially inconsistent privacypolicies In our dataset all skillsactions come with descriptions

32 Capturing data practicesIn order to automatically capture data practices in privacy policiesand descriptions of voice-apps we develop a keyword-based ap-proach using NLP However we want to emphasize that we do notclaim to resolve challenges for comprehensively extracting datapractices (ie data collection sharing and storing) from naturallanguage policies Instead we mainly focus on obtaining empiri-cal evidences of problematic privacy policies using a simple andaccurate (ie in terms of the true positive) approach We discussthe limitation of our approach in Section 6

Verb set related to data practices Researchers in [20 41] havesummarized four types of verbs commonly used in privacy policiesCollect Use Retain and Disclose Each type contains seman-tically similar verbs in terms of the functionality Collect meansan app would collect gather or acquire data from user Use indi-cates an app would use or process data Retain means storing orremembering user data and Disclose means an app would shareor transfer data to another party

VerbSet

Access Ask Assign Collect Create Enter Gather Import ObtainObserve Organize Provide Receive Request Share Use Include

Integrate Monitor Process See Utilize Retain Cache Delete EraseKeep Remove Store Transfer Communicate Disclose Reveal Sell

Send Update View Need Require SaveNounSet

Address Name Email Phone Birthday Age Gender Location DataContact Phonebook SMS Call Profession Income Information

Table 2 Keyword dictionary related to data practices

Noun set related to data practices From Amazonrsquos skill per-mission list [5] and Amazon Developer Services Agreement [3] wemanually collected a dictionary of 16 nouns related to data practicesTable 2 lists a dictionary with 40 verbs and 16 nouns that we usedin our privacy policy analysis

Phrases extractionWe first parsed a privacy policy into sen-tences We used the SpaCy library [8] to analyze each sentence andobtained the attribute for each word SpaCy can effectively find thestraight correlation between a noun and a verb and ignore otherwords in a sentence We identified three types of basic phrases

bull noun (subject) + verb eg Alexa (will) tell or email (is)required

bull verb + noun (object) eg send (a) messagebull verb + noun (object) + noun + noun eg tell (you) (the)

name (of) meeting (on) (your) calendarNext we combined two basic phrases to generate a longer phrase

if they share the same verb The combined phrase would followpatterns subject+verb+object or subject+is+passive verb For ex-ample for a sentence Alexa skill will quickly tell you the name andtime of the next meeting on your Outlook calendar we obtainedthe phrase Alex tell name meeting calendar

Identifying data practices Given all phrases extracted fromthe privacy policy and description we used the verb and nounsets in Table 2 to identify data practice phrases Specifically wecompared the similarity of verb and noun in each phrase with theverb and noun sets respectively If the similarity is higher thana threshold we consider the phrase as a data practice phrase Tomeasure the semantic similarity of two phrases we used the simi-larity measurement based on word2vec provided by SpaCy whichis determined by comparing two word vectors We set the similaritythreshold to 08 in our analysis so as to achieve a high true positiverate (but no guarantee of the false negative rate) For example ourtool identified privacy policies of 1117 skills in Amazon Alexa and95 actions in Google Assistant having zero data practice (detailsare in Sec 422) Our manual analysis confirmed that these privacypolicies do contain no data practice

33 Inconsistency checkingWith description phrases and privacy policy phrases for each voice-app we checked any potential inconsistency between them Firstif the data practice phrases in a description are not semanticallysimilar to any data practice phrase in the corresponding privacy pol-icy we consider this privacy policy to be incomplete For examplethe description of skill Thought Leaders mentions Permissionrequired Customerrsquos Full name Customerrsquos Email Address Cus-tomerrsquos Phone number but none of them are mentioned in itsprivacy policy We consider it an incomplete privacy policy

Second since Amazon Alexa only requires skills that collect per-sonal information to provide a privacy policy we detected whethera privacy policy of an Alexa skill is missing although it is requiredIf the description mentions that a skill collects some data but theskill has no privacy policy we consider that the skill lacks a privacypolicy For example a skill Heritage Flag Color mentions Thedevice location is required in its description But the developerdoesnrsquot provide a privacy policy Note that it only reflects an incon-sistency between the privacy policy and description since there is alack of the ground truth to validate whether the skill really collectsthe location information or not

4 MAJOR FINDINGSIn this section we discuss major findings from our analysis of theprivacy policies available in the stores of both Amazon Alexa andGoogle Assistant We first present high-level issues such as brokenand incorrect privacy policy URLs duplicate privacy policy linksand issues in Google and Amazonrsquos official voice-apps Then weconduct a content analysis of privacy policies and discuss the issues

4

such as zero data practice and inconsistency in privacy policies Inaddition we discuss usability issues of privacy policies for voice-apps We back our findings with representative examples that wefound from the app stores during our analysis

41 High-level issues

Amazon skills Google actionsTotal Percentage Total Percentage

Without privacy policy 46768 72 234 11Valid privacy policy URL 16197 25 1887 85Broken privacy policy URL 1755 3 80 4

Table 3 Statistics of privacy policies on two VA platforms

411 Not all voice-apps have a privacy policy URL Both Googleand Amazon have taken different approaches when it comes to therequirement of a privacy policy for each voice-app available to usersWhile Google has made it mandatory for developers to provide aprivacy policy along with each action Amazon is more lenientand makes it a requirement only for skills that declare that theycollect personal information through the skill On analyzing thestores we have noticed irregularities concerning this as illustratedin Table 3 Out of the 2201 actions we collected from the Googleaction directory only 1967 have privacy policies provided whichmeans that 11 of the actions do not have a privacy policy providedWhile it is not possible to submit an action for certification withoutincluding a privacy policy URL it is puzzling how these actions areavailable in the storewithout providing one Out of these 234 actionsthat do not have privacy policies 101 actions were developed byGoogle while the other 133 actions were developed by 41 otherdevelopers

In the case of Alexa skills as shown in Table 3 only 17952 (28)skills have a privacy policy out of the 64720 skills we collected(ie 46768 skills without a privacy policy) It is partially becauseof the lenient skill certification in Alexa After conducting furtherexperiments on the skill certification we have understood that evenif a skill collects personal information the developer can chooseto not declare it during the certification stage and bypass the pri-vacy policy requirement This is achieved by collecting personalinformation through the conversational interface (eg asking usersrsquonames) Even though this data collection is prohibited the certifica-tion system of Amazon Alexa doesnrsquot reject such skills As a resultdevelopers may choose to not provide a privacy policy Amazononly requires skills that collect personal data to provide a privacypolicy and thus not all these 46768 skills require a privacy policy InSec 424 we identify skills that potentially lack a required privacypolicy

412 Broken links and incorrect URLs For those actions andskills that have provided a privacy policy URL not every URL leadsto the page containing a privacy policy Through our experimentswe found 80 Google actions and 1755 Alexa skills that have pro-vided broken privacy policy URLs as shown in Table 3 There arealso URLs which lead to other developerrsquos privacy policies Anexample for this is the skill NORAD Tracks Santa by NORADwhich provides a privacy policy URL that links to Amazonrsquos privacy

Figure 3 Landing page of the privacy policy URL providedwith the Google action and Alexa skill developed by Ru-betek

policy page instead of a privacy policy written by the developerThe privacy policy URL of Rubetek SmartHome which is both anAlexa skill and a Google action leads to the companyrsquos homepagewhich promotes its products as shown in Fig 3 rather than linkingto the privacy policy page Sec 42 presents our content analysis ofprivacy policies which provides more details about the voice-appswith incorrect privacy policy URLs

20

40

60

80

100

Alexa Skills Google Actions

With Duplicate Privacy Policy URLsWith Unique Privacy Policy URLs

239

1728

10124

7828

(122)

(878)

(564)

(436)

Per

cent

age

Figure 4 Duplicate privacy policy URLs in two platforms

413 Duplicate URLs We found a substantial portion of privacypolicies share same URLs In particular Amazon Alexa has morethan 56 of skills with duplicate privacy policy URLs Fig 4 showsthe prevalence of duplicate privacy policy URLs in both platformsOut of the 17952 Amazon skills with privacy policies 7828 skillshave a unique privacy policy URL The other 10124 skills (564)share 1206 different privacy policy URLs Out of these 1783 skills(99) have provided the same link (httpsgetstorylinecompublicprivacyhtml) as their privacy policy URLs Note that these 1783skills are not from the same developer which indicates that theprivacy policy is irrelevant to these skills Table 4 lists the mostcommon privacy policy URLs in Alexa and Google platforms Theissue of duplicate URLs is more serious on Amazon Alexa platformThe top three duplicate URLs are shared by 3205 skills constituting178 of the total skills that have a privacy policy As shown inFig 4 the Google Assistant platform has 122 of actions withduplicate privacy policy URLs 1728 out of 1967 actions have aunique privacy policy The other 239 actions share 64 differentprivacy policy URLs

5

Platform Duplicate privacy policy URLs Total Percentage

Amazonhttpsgetstorylinecompublicprivacyhtml 1783 99

httpscorppatchcomprivacy 1012 56httpscirstprivacy-policy 410 23

Googlehttpsxappmediacomprivacy-policy 32 16httpsvoxionusgoogle-privacy-policy 24 12httpswwwspokenlayercomprivacy 20 10

Table 4 The most common duplicate privacy policy URLs

To understand why there exists such a large number of voice-apps with duplicate privacy policy URLs especially on AmazonAlexa platform we further examined the developer informationof these voice-apps Our intuition is that developers who pub-lished multiple voice-apps may use the same privacy policy URLsWe found that for the developers who developed more than oneskill 77 of their skills use duplicate privacy policy URLs Ta-ble 5 lists the top 5 developers who published the most skillswith a privacy policy on Amazon Alexa platform As illustratedin the table 2064 out of 2069 skills (998) use duplicate pri-vacy policy URLs Obviously the content of these privacy pol-icy URLs are not skill-specific and users may skip reading theprivacy policy although it is provided A serious problem hap-pens if such a privacy policy link is broken which results in hun-dreds of skills being affected For example we found a brokenlink httpswwwfreshdigitalgroupcomprivacy-policy-for-bots(shown in Table 5) There are 217 skills using this link and thus alltheir privacy policies become inaccessible As to the Google actionswe also observed the similar issue Although Google requires thata privacy policy must include one of the following action namecompany name or developer email there are developers using ageneral privacy policy with the company name or email for all theiractions For the developers who published more than one action275 of actions have duplicate privacy policy URLs For the top 10developers who published the most actions 86 of their actionsuse a duplicate privacy policy link

Developer of skillsdeveloped

Skills withduplicate URLs Top duplicate URLs used by the developer

Patchcom 1012 1012 httpcorppatchcomprivacy

Radioco 295 292 httpwwwlottostrategiescomscriptshowpage1001029bprivacy_policyhtml

Tinbu LLC 264 263 httpspokenlayercomprivacy

FreshDigitalGroup 259 258 httpswwwfreshdigitalgroupcomprivacy-policy-for-bots

Witlingo 239 239 httpwwwwitlingocomprivacy-policy

Table 5 Top 5 developers that published themost skills witha privacy policy on Amazon Alexa platform

414 There are Google and Amazonrsquos official voice-apps violatingtheir own requirements We found two official Weather skills onAmazon Alexarsquos skills store and one of them asks for userrsquos locationaccording to the description but it doesnrsquot provide a privacy policyFig 5 shows the Weather skill developed by Amazon This skillmay be automatically enabled and available on all Alexa devicessince it is a built-in skill This example demonstrates that AmazonAlexa violates its own requirement by publishing voice-apps capa-ble of collecting personal information without providing a privacypolicy

Figure 5 An official skill lacks a privacy policy Even thoughit collects the userrsquos location according to the description noprivacy policy is provided

We collected 98 Amazon Alexa official skills (ie developed byAmazon Amazon Alexa Devs and Amazon Education ConsumerTeam) out of which 59 skills come with privacy policy URLs (butall are duplicate URLs) Among these privacy policy links 30 linkspoint to the general Amazon privacy notice and 6 links are the AWS(Amazon Web Services) privacy notice Amazon payment privacyor Alexa term of use Surprisingly 23 privacy policy links are totallyunrelated to privacy notice in which 17 links are Amazon home-page and 6 links are pages about insurance In Googlersquos actionsstore we found 110 official actions developed by Google in which101 actions donrsquot provide a privacy policy For the 9 actions witha privacy policy link they point to two different Google PrivacyPolicy pages and both are general privacy policies Google requiresthat every action should have an app-specific privacy policy pro-vided by developers on submission However our analysis revealsthat this requirement has not been enforced in a proper manner

42 Content analysis of privacy policies421 Irrelevance to specific voice-app It is important to cover

all aspects of a servicersquos data practices in the privacy policy Thecontradiction is providing these data practices for a service that isnot capable of doing any of the data collections mentioned in theprivacy policy This is especially evident in the Alexa skill storewhere most skills have a privacy policy that is common across allservices that the developers provide These policies do not clearlydefine what data practices the skill is capable of Some of theseprivacy policies do not even mention the Alexa skill or Googleaction as a service and state that it is the privacy policy of a specificservice such as the website We analyzed whether a voice-appmentions the app name in its privacy policy There are only 3233skills out of 17952 skills (around 18) mentioning skillsrsquo names intheir privacy policies For Google actions 1038 out of 1967 actions(around 53) mention action names in the privacy policies

There were also privacy policies provided for kids skills whichmention that the service is not intended to be used by children andalso that the service can collect some form of personal informationwhich is not allowed for skills in kids category according to AmazonAlexarsquos privacy requirements [2] Fig 6 shows an example wherethe privacy policy URL provided with a kids skill disclosing thecollection of personal data In addition we found 137 skills in theAmazon Alexarsquos kids category whose privacy policies mention

6

Figure 6 Privacy policy URL provided with a kids skillHeadspace Bedtime Story disclosing the collection of per-sonal data which is prohibited according to Amazon Alexarsquosprivacy requirements [2]

data collection is involved But they just provide a general privacypolicy All these skills potentially violate Amazon Alexarsquos privacyrequirements on kids skills

422 Zero data practice We applied our method described inSec 32 to capture data practices in each privacy policy Fig 7illustrates the cumulative distribution function of data practiceswe identified using our privacy policy dataset For these privacypolicies with data practices the average amount is 242 in AmazonAlexa and 166 in Google Assistant respectively The maximumnumber of data practices in a privacy policy is 428 which is likelya general privacy policy rather than an app-specific one

0

02

04

06

08

1

0 10 20 30 40 50 60 70 80 90 100

Cum

ulat

ive

Fra

ctio

n (C

DF

)

Number of Data Practices


Figure 7 Number of data practices in a privacy policy

In particular 1117 privacy policies provided with Alexa skillshave zero data practices Fig 8 shows the breakdown of differentissues of these privacy policies 670 URLs lead to totally unrelatedpages which have advertisements and shopping options 251 URLslead to an actual privacy policy page but has no data practicesmentioned 120 URLs lead to a page where the actual link to theprivacy policy does exist but will be redirected to some other pages76 URLs lead to an actual website domain but the link is not foundThese too can be considered as broken links

Our tool identified 95 Google actions having privacy policieswith zero data practice as shown in Fig 8 37 URLs lead to a pagethat is not found 25 URLs are privacy policies but with no datapractice 11 URLs lead to unrelated links with shopping options andproduct advertisements 5 URLs lead to a page containing the link

0

100

200

300

400

500

600

700

Unrelated page

No data practice phrase

Redirect page

Page not found

Ski

ll nu

mbe

r

(a) Amazon skills with no data practice

0

5

10

15

20

25

30

35

40

Page not found


Need login

Unrelated page

Redirect page

Act

ion

num

ber

(b) Google actions with no data practice

Figure 8 Different issues of privacy policies that have zerodata practice in two VA platforms

to the actual privacy policy In addition 17 actions provide theirprivacy policy as a Google doc which does not have the correctpermissions set which results in users not being able to access itThis was exclusively found within the Google actions while theyviolate Googlersquos restriction the link should be a public documentviewable by everyone

423 Inconsistency between the privacy policy and descriptionUsing the method presented in Section 33 we identified 50 Alexaskills that have a privacy policy which is inconsistent with thecorresponding description These skills describe the collection ofpersonal data in the description but these data practices are notmentioned in the privacy policy provided The consequence of suchoccurrences is that the users are not informed about what happensto their information and who it is shared with Among the 50 skills19 skills ask for address or location 10 skills request email accountpassword name is asked by 7 skills and 4 skills require the birthdayother skills ask for phone number contact gender or health dataFig 9 shows an example where the skill Running Outfit Advisormentions collecting the gender information in the description butdoes not mention this data practice in its privacy policy In anothercase the description of the skill Record - Journal - Things to DoCalendar describes the collection of personal information like theaddress of the user The description has the following line DeviceAddress Your device address will be used to provide responses withevents local to your area In the skillrsquos privacy policy the datapractices are not disclosed clearly enough but only says we willcollect personal information by lawful We treated this kind ofprivacy policy as inconsistent (incomplete) privacy policy sinceit fails to give a clear idea about its data practices Table 11 inAppendix shows the list of these skills with inconsistency betweenthe privacy policy and description

424 Missing required privacy policies In Sec 411 we haveshown 234 Google actions do not have a privacy policy providedwhich violates its own restriction Google require all actions topost a link to their privacy policy in the directory Here we focuson Amazon Alexa skills and identify cases with missing requiredprivacy policies

To collect userrsquos personal data for use within the voice-appsdevelopers can use the built-in feature of collecting the personalinformation directly from their Amazon account after taking per-missions from the user This permission is taken from the userwhen the skill is first enabled While this is appropriate and respect

7

Figure 9 Running Outfit Advisor skill mentions collectingthe gender information in the description but does notmen-tion this data practice in its privacy policy

the users privacy there is another channel that can be misused forcollecting personal information A developer can develop a skill toask for the personal information from the user through the con-versational interface Both Amazon and Google prohibit the use ofconversational interface to collect personal data But in the caseof Amazon this is not strictly enforced in the vetting process Bycollecting personal information in this manner the developer canavoid adding a privacy policy URL to the skillrsquos distribution require-ments This is possible because Amazon requires only skills thatpublicly declare that they collect personal information to manda-torily have a privacy policy The developer can easily bypass thisrequirement by lying about not collecting personal information

Data of Skills Skills names

Name 10

First Name Analysis Haircut Scheduler insuranceservice LOVE CALCULATOR Mr Tongue Twister(Kids) My daily task Name My Grandkids Social

Network Uncle Tony (Kids) whorsquos right

Location 6 Doctor Locator Heritage Flag Color Lapel AthleticsOC Transpo Weather World Time

Gender 1 Interactive Bed Time Story (Kids)Age 1 bright smile

Birthday 1 Cake WalkIp Address 1 Network-Assistant

Table 6 Skills with no privacy policies despite mentioningthe collection of users data in their descriptions

Fig 10 in Appendix illustrates an example where the skill NameMy Grandkids includes in its description that it asks the users forpersonal information and stores it for future use In another casethe skill Lapel Athletics requires the device location according toits description But both these skills do not provide a privacy policyTable 6 lists skills which are supposed to have a privacy policy butdo not provide one

425 Cross-platform inconsistency For a few voice-apps thatare present on both Alexa and Google platforms we found thatthe privacy policies provided with each are not the same Com-paring Google actions and Alexa skills we found that 23 voice-apps which are present on both the platforms have differences in

the privacy policy links provided despite the name the descrip-tions and the developer name being the same 13 of these pairshave different privacy policies links all together For example theskill Did Thanos Kill Me uses a duplicate privacy policy linkhttpsgetstorylinecompublicprivacyhtml (shown in Table 4)but the corresponding Google action version provides a specific pri-vacy policy Since Google requires every action to provide a privacypolicy link developers provide one with the Google action but maychoose to not provide one along with the Alexa skill since the Alexaplatform doesnrsquot have this requirement We found 10 such pairsof skills Table 7 shows the list of these skills with cross-platforminconsistency

Issue Skill name

Different privacypolicies provided ina skill amp action pair

VB Connect Orbit B-Hyve Freeze DancersBurbank Town Center New York Daily News

uHoo RadioMv MyHealthyDay Real Simple TipsDid Thanos Kill Me Central Mall Lawton CreativeDirector The Hartford Small Business Insurance

A skill doesnrsquot havea privacy policywhile the Googleaction version has

one

Triple M NRL Collective Noun Sleep by NatureMade Coin Control Those Two Girls RadioChaser A Precious Day Running facts Ash

London Live Weekend Breakfast

Table 7 Same voice-apps with different privacy policies ontwo VA platforms

426 Potential noncompliance with legal regulations We ob-served skills that collect personal information being published onthe Amazon Alexa skills store under the kids category withoutproviding a privacy policy For example Table 6 lists 3 skills (whichare marked with Kids in the table) in the kids category lacking aprivacy policy This is not compliant with the COPPA regulationswhich require every developer collecting personal information fromchildren to follow certain rules Providing a privacy policy withaccurate information about the data being collected and what it isused for is one of the main requirements The objective is to clearlylet the parents know about what personal information can be col-lected by the skill from their children Health related informationcan also be collected by a skill through the conversational interfacewithout providing a privacy policy even though only the user candecide whether to provide it or not But still having the capability todo so might be a violation of the HIPAA (Health Insurance Portabil-ity and Accountability Act) regulation CalOPPA (California OnlinePrivacy Protection Act) requires developers to provide a privacypolicy that states exactly what data can be collected from users InSec 421 we found that 137 kids skills provide general informationwithout providing specifics on what personal data they actuallycollect These voice-apps and their privacy policies may not be incompliance with legal regulations

43 Usability issues431 Lengthy privacy policies One of the main problems asso-

ciated with privacy policies regardless of the type of service it isprovided with is the length of the privacy policy document Mostdevelopers write long policies that decreases the interest that a userhas in reading it From the analysis of the privacy policies in ourdatasets as shown in Fig 2 we observed that 58 of the privacy

8

policies have more than 1500 words Being a legal document ittakes an average of 12 mins to read 1500 words This makes theprivacy policy hard to read for the users and almost impossibleto be read out through voice The privacy policies of Google andAmazon themselves are more than 4300 words each The averagenumber of words in a privacy policy provided along with Alexaskills is 2336 and that of Google actions is 1479 This results inusers frequently skipping reading the privacy policy even if it isprovided The participants of the user study we conducted as shownin Sec 8 complained about the length of the privacy policy beingthe major reason for them not reading the privacy policy

432 Hard to access The constrained interfaces on VA devicespose challenges on effective privacy notices According to the cur-rent architecture of Amazon Alexa and the Google Assistant theprivacy policy is not available directly through VA devices usedat home like the Amazon Echo and the Google Home No promptis delivered either during any part of the users interaction withthe voice-app that requests the user to take a look at the privacypolicy If at all the user wants to view the privacy policy heshe hasto either find the voice-app listing on the store webpage or checkthe companion app using smartphones and find a voice-apprsquos pri-vacy policy URL provided in the listing The permissions set bythe developer to collect personal information from users is shownas a prompt in the smartphone companion app to the user whileenabling the voice-app But as mentioned in the Sec 424 develop-ers do not necessarily have to take permission from user and caninstead collect it during the conversation We discuss solutions toimprove the usability of privacy notice for voice-apps in Sec 63

5 USER STUDYWe conducted an online user study using the Amazon MechanicalTurk crowdsourcing platform [4] and our study has received an IRBapproval Different from prior user studies that focus on understand-ing security and privacy concerns of VA devices [15 25 31 37 43]we aimed to understand how users engage with privacy policiesand their perspectives on them We looked for the frequency ofchecking the privacy policies and any issues the users might haveencountered with it Our participants were MTurk workers whoreside in USA having a HIT (Human Intelligence Tasks) acceptancerate greater than 98 and have at least 500 HITs approved prior tothis study These filters were added to reduce the amount of junkdata that we may have collected All participants were initially pre-sented with a consent form approved by the IRB office Participantswho did not consent to the form were denied to proceed with thestudy We rewarded $02 to each participant who completed thestudy

We had a total of 98 participants who took part in our study Wehad included a question to ensure that the user is answering thesurvey authentically Based on the responses to this question werejected the answers of 7 participants Our results for the user studywere thus based on responses from 91 users The participants areeither Amazon Alexa users or Google Assistant users We didnrsquotinclude participants who use other assistants like Siri and Cortanain our study We had 66 participants who are Alexa users and 25participants who use Google assistant at home

Question Response of usersYes 48Are you aware of the privacy policies of your skillsactions No 52Rarely 73Half the time 11How often do you read the privacy policy of a skillactionMost of the time 16No 66Do you read the privacy policy from the skillactionrsquos

webpageAlexa app Yes 34No 47Maybe 21Do you know what personal data the skillsactions

you use are capable of collecting from you Yes 32No 79Maybe 7Do you read the privacy policy before using a new

skill action Yes 14No 75Maybe 7Do you read the privacy policy before enabling a

kidrsquos skill action Yes 18

Table 8 Survey responses

Table 8 shows the survey responses When asked about whetherthey are aware of the privacy policies of the voice-apps they useabout 48 of the participants claimed that they are aware of itBut when asked about how often they actually read the privacypolicy provided by the developer 73 responded with rarely 11responded that they read it half the time 34 of our participantssaid that they use the smartphone app or the skills webpage to readthe privacy policy while the rest 66 said that they never read it47 were not aware of what data is being collected by the skill fromthem and another 21 were not entirely sure either This shows amajor usability issue where the users ignore the privacy policy evenwhen it is provided by the developer When asked about the issuesthey face with privacy policies 20 of the participants responded bysaying it is hard to access 44 of participants felt that the documentwas too long 24 claimed that they felt inconsistencies between theprivacy policy and the skillrsquos actual functionality and descriptionUsers also had problem with developers not providing a privacypolicy at all and the ones provided being not informative Thedocument being too legal and hard to comprehend was a concernfor the users Only 14 of participants felt that they always checkthe privacy policy before enabling a skill 79 of our participantsdid not check the privacy policy before enabling a general skill and75 did not check it before enabling a kids skill This lack of usage ofthe privacy policy by the users shows the need of the voice assistantplatforms to address the concerns and take measures to improvethe quality as well as the usability of the privacy policies providedby the developers We have included a few responses from theparticipants about their perspectives on whether privacy policiesshould be required for every voice-app in Table 12 in Appendix

6 DISCUSSIONIn this section we discuss the limitation of this work and further re-search that can help in addressing the user frustration over privacypolicies in VA platforms

61 LimitationWe are unable to examine the actual source code of voice-apps Theavailability of the source code can largely increase the knowledgeof what personal data the voice-app is able to collect and where itis stored This can be compared with the privacy policy to ensurethe developer is not performing any malicious activity or misus-ing the userrsquos trust With having no baseline a future research

9

effort that can be done on this regard is to dynamically test voice-apps by enabling them and check their data collection practicesMost developers provide short descriptions which will introducethe skillaction to end users but data practices are not frequentlydefined in the descriptions Since the data related to voice-appsis very limited we largely depend on the descriptions providedwith the voice-apps This makes our findings on the inconsistencychecking not complete As mentioned in Sec 32 our focus is onrevealing the existence of problematic privacy policies rather thanidentifying all the inconsistent privacy policies For capturing datapractices we use a keyword-based method and compare the simi-larity of a privacy policy with our keyword dictionary Howeverthe keyword set can be incomplete In our future work we plan touse machine learning techniques to train a model to identify datapractices from natural language documents Nevertheless we havecollected strong evidence in revealing issues over privacy policieson VA platforms In addition the dataset of Google actions thatwe collected and used for our study is not complete and does notcontain all the voice-apps available in the app store The actionsare listed in pages that automatically load more data when the userreaches the end of the page Since more and more actions keepgetting loaded dynamically we were unable to use the crawler toautomatically get information about all the actions

62 Why poor-quality privacy policiesAmazon Alexa and Google Assistant not explicitly requiring app-specific privacy policies results in developers providing the samedocument that explains data practices of all their services Thisleads to uncertainties and confusion among end users There areskills with privacy policies containing up to 428 data practices andmost of these data practices are not relevant to the skill Thus thesedocuments do not give a proper understanding of the capabilities ofthe skill to end users The poor quality of privacy policies providedwith voice-apps is partially due to the lack of an app-specific pri-vacy policy and due to the lenient certification system During thecertification process the content of a privacy policy is not checkedthoroughly when the skill is submitted for certification which hasresulted in a large amount of inactive and broken links and also pri-vacy policies not related to the skill Some privacy policies mentiondata practices that are in violation of the privacy requirements thatAmazon and Google have set but these voice-apps are still certified

In some cases even if the developer writes the privacy policywith proper intention and care there can be some discrepanciesbetween the policy and the actual code Updates made to the skillmight not be reflected in the privacy policy This is especially pos-sible with the current VA architecture because the backend code ofthe skill can be updated at any time by the developer and does notrequire any re-certification to be made available to the end usersThe outdated policy may lead to the developers unintentionallycollecting personal information without informing the users

63 Privacy policy through voiceThe unavailability of privacy policies through voice requires usersto access them over the web or through the apps on their phonesOne possible reason for this can be due to the large size of the

privacy policies and the time required to read out the long docu-ment Users who only use voice assistant services through theirVA devices may not necessarily be aware of the existence of theprivacy policies in the respective stores Also it is completely left tothe user to decide whether to view the privacy policy or not Thereis no approval asked prior to enabling the voice-app for the userIn order to address these issues we propose to introduce a built-inintent (ie functionality) for a voice-app that gives information tousers about the privacy policy of the voice-app through a voiceresponse The major challenge for this is that the privacy policiesare usually too long to be read out to users Thus the responseprovided by the built-in intent has to be marginally short

Prior work has been done to summarize the privacy policies tomake it more readable to the user Tools like Polisis [27] and Priva-cycheck [11] conduct privacy policy analysis and represent the datapractices mentioned in the document in a simpler form to usersBut from our analysis of the skillsactions available in the storeswe have noticed that most privacy policies are general policies anddo not necessarily define what the behavior of the voice-app inparticular is Since personal information can be collected throughthe conversational interface our approach aims in understandingthis capability from the voice-apprsquos source code automatically gen-erating an easy-to-digest privacy notice and letting the user knowabout it through the voice channel To achieve this we describeour preliminary approach based on the Alexa platform We takethe interaction model of a skill which is a JSON (JavaScript ObjectNotation) file and scan for all the slots and their slot types specifiedWe categorise the built-in slot types based on what type of personalinformation they can collect For custom slot types we comparethe values provided with the entries in datasets we assembled ofpossible values and check for a match After we get all the types ofinformation that can be collected by the skill we create a responsenotifying the user that the skill has these capabilities and adviseusers to look at the detailed privacy policy provided by the devel-opers The intent can be invoked when the skill is first enabled Onopening the skill for the first time this brief privacy notice can beread out to the user This will give the user a better understandingof what the skill heshe just enabled is capable of collecting andusing The users can also ask to invoke this intent later to get abrief version of the privacy policy As our future work we planto extend this approach to help developers automatically generateprivacy policies for their voice-apps

7 RELATEDWORK71 Privacy concerns for voice assistantsMany research efforts have been undertaken to study user concerns(human factors) about the securityprivacy of VA devices [15 16 1923 25 26 31 32 37 43] Fruchter et al [25] used natural languageprocessing to identify privacy and security related reviews about VAdevices from four major online retailers Target Walmart Amazonand Best Buy The authors highlighted that users worried aboutthe lack of clarity about the scope of data collection by their voiceassistants Through a semi-structured interviews with 17 VA usersAbdi et al [15] uncovered the lack of trust users have with some ofVA use cases such as shopping and a very limited conception of VAecosystem and related data activities Malkin et al [31] surveyed 116

10

VA owners and found that half did not know that their recordingswere being stored by the device manufacturers Similarly authorsin [43 46] conducted interviews on smart home owners to examineuser mental models and understand their privacy perceptions ofIoT devices Geeng et al [26] investigated tensions and challengesthat arise among multiple users in smart home environment Lau etal [29] conducted interviews with both VA users and non-usersand revealed that privacy concerns could be the main deterringfactor for new users

There has been an increasing amount of research on techni-cal attack vectors against VA systems and the corresponding de-fenses One line of research is to exploit interpretation errors ofuser commands by speech recognition such as voice squatting at-tack [28 45] and generate hiddeninaudible voice commands [2133 34 38 40 42 44] Another line of research focuses on defensemechanisms including continuous authentication [24] cancelingunwanted baseband signals [44] correlating magnetic changes withvoice commands [22] and user presence-based access control [30]Our work differs from these previous work in that we investigatethe effectiveness of privacy policies provided by voice-app develop-ers

72 Privacy policy analysis for mobile appsPrivacy policies disclose an organizationrsquos or developerrsquos data prac-tices Though researchers have conducted privacy policy analysison Android platform [17 36 39 41 47 48] there is an absence of pri-vacy policy analysis on VA platforms Zimmeck et al [48] presenteda privacy analysis system for Android to analyze appsrsquo potentialnon-compliance with privacy requirements and inconsistenciesbetween privacy policies and apps Results show that 71 of appsthat lack a privacy policy should have one and a substantial por-tion of apps exhibit potential privacy requirement inconsistenciesWang et al [39] developed a hierarchical mapping based approachfor privacy policy analysis which is able to handle the data inputtedby users in addition to the data accessed directly through the mobiledevice The user input data is checked for possible privacy leaksand this is used to determine whether the apprsquos privacy policy is incontradiction with this leakage The consistency between the datacollected by the app and the privacy policy provided is verified byusing a data flow analysis A major difference of our work fromthese works is that we rely on voice-apprsquos description to detectinconsistency in privacy policies due to the unavailability of voice-apprsquos source code To the best of our knowledge this is the firstwork to systematically measure the effectiveness of privacy policiesfor voice-apps

8 CONCLUSIONIn this work we conducted a comprehensive empirical analysis onprivacy policy of 64720 Amazon Alexa skills and 2201 Google As-sistant actions We designed an NLP-based approach to capture datapractices in privacy policies and descriptions of voice-apps Ourresults showed that a substantial number of problematic privacypolicies exist in Amazon Alexa and Google Assistant platforms aworrisome reality of privacy policies on VA platforms Google andAmazon even have official voice-apps violating their own require-ments regarding the privacy policy We also conducted a user study

to understand usersrsquo perspectives on voice-appsrsquo privacy policieswhich reflects real-world user frustrations on this issue We alsodiscussed possible approaches to improve the usability of privacypolicies on VA platforms

REFERENCES[1] Alexa Skills Policy Testing httpsdeveloperamazoncomfrdocscustom-

skillspolicy-testing-for-an-alexa-skillhtml[2] Alexa Skills Security Requirements httpsdeveloperamazoncomfrdocscustom-

skillssecurity-testing-for-an-alexa-skillhtml[3] Amazon Developer Services Agreement httpsdeveloperamazoncomsupport

legalda[4] Amazon mechanical turk httpswwwmturkcom[5] Configure Permissions for Customer Information in Your Skill

httpsdeveloperamazoncomen-USdocsalexacustom-skillsconfigure-permissions-for-customer-information-in-your-skillhtml

[6] Google fined euro50 million for GDPR violation in Francehttpswwwthevergecom201912118191591google-gdpr-fine-50-million-euros-data-consent-cnil

[7] Google Privacy Policy Guidance httpsdevelopersgooglecomassistantconsolepoliciesprivacy-policy-guide

[8] Industrial-Strength Natural Language Processing httpsspacyio[9] Number of digital voice assistants in use worldwide from 2019 to

2023 httpswwwstatistacomstatistics973815worldwide-digital-voice-assistant-in-use

[10] Policies for Actions on Google httpsdevelopersgooglecomactionspoliciesgeneral-policies

[11] PrivacyCheck for Google Chrome httpsidentityutexaseduprivacycheck-for-google-chrome

[12] Selenium automates browsers httpswwwseleniumdev[13] Snapchat Transmitted Usersrsquo Location and Collected Their Address Books

Without Notice Or Consent httpswwworrickcomInsights201302FTC-Assesses-800000-Fine-Against-Mobile-App-Operator-and-Issues-Mobile-Privacy-and-Security-Guidance

[14] Snapchat Transmitted Usersrsquo Location and Collected Their Address BooksWithout Notice Or Consent httpswwwftcgovnews-eventspress-releases201405snapchat-settles-ftc-charges-promises-disappearing-messages-were

[15] Noura Abdi Kopo M Ramokapane and Jose M Such More than smart speakersSecurity and privacy perceptions of smart home personal assistants In FifteenthSymposium on Usable Privacy and Security (SOUPS 2019) Santa Clara CA 2019USENIX Association

[16] Tawfiq Ammari Jofish Kaye Janice Y Tsai and Frank Bentley Music searchand iot How people (really) use voice assistants ACM Transactions on Computer-Human Interaction (TOCHI) 26(3)1ndash28 2019

[17] Benjamin Andow Samin Yaseer Mahmud Wenyu Wang Justin WhitakerWilliam Enck Bradley Reaves Kapil Singh and Tao Xie Policylint Investi-gating internal privacy policy contradictions on google play In Proceedings ofthe 28th USENIX Conference on Security Symposium page 585ndash602 2019

[18] Noah Apthorpe Sarah Varghese and Nick Feamster Evaluating the contextualintegrity of privacy regulation Parentsrsquo iot toy privacy norms versus COPPA In28th USENIX Security Symposium (USENIX Security) 2019

[19] Alexander Benlian Johannes Klumpe and Oliver Hinz Mitigating the intrusiveeffects of smart home assistants by using anthropomorphic design features Amultimethod investigation Information Systems Journal pages 1ndash33 2019

[20] TravisD Breaux Hanan Hibshi and Ashwini Rao Eddy a formal languagefor specifying and analyzing data flow specifications for conflicting privacyrequirements Requirements Engineering pages 1ndash27 2014

[21] Nicholas Carlini Pratyush Mishra Tavish Vaidya Yuankai Zhang Micah SherrClay Shields David Wagner and Wenchao Zhou Hidden voice commands In25th USENIX Security Symposium (USENIX Security 16) pages 513ndash530 2016

[22] S Chen K Ren S Piao C Wang Q Wang J Weng L Su and A Mohaisen Youcan hear but you cannot steal Defending against voice impersonation attacks onsmartphones In 2017 IEEE 37th International Conference on Distributed ComputingSystems (ICDCS) pages 183ndash195 2017

[23] H Chung M Iorga J Voas and S Lee ldquoalexa can i trust yourdquo IEEE Computer50(9)100ndash104 2017

[24] Huan Feng Kassem Fawaz and Kang G Shin Continuous authentication forvoice assistants In Proceedings of the 23rd Annual International Conference onMobile Computing and Networking (MobiCom) pages 343ndash355 2017

[25] Nathaniel Fruchter and Ilaria Liccardi Consumer attitudes towards privacy andsecurity in home assistants In Extended Abstracts of the 2018 CHI Conference onHuman Factors in Computing Systems 2018

[26] Christine Geeng and Franziska Roesner Whorsquos in control Interactions in multi-user smart homes In Proceedings of the 2019 CHI Conference on Human Factors

11

in Computing Systems (CHIrsquo19) pages 1ndash13 2019[27] Hamza Harkous Kassem Fawaz Reacutemi Lebret Florian Schaub Kang G Shin and

Karl Aberer Polisis Automated analysis and presentation of privacy policiesusing deep learning CoRR abs180202561 2018

[28] Deepak Kumar Riccardo Paccagnella Paul Murley Eric Hennenfent JoshuaMason Adam Bates and Michael Bailey Skill squatting attacks on amazon alexaIn 27th USENIX Security Symposium (USENIX Security) pages 33ndash47 2018

[29] Josephine Lau Benjamin Zimmerman and Florian Schaub Alexa are youlistening Privacy perceptions concerns and privacy-seeking behaviors withsmart speakers Proc ACM Hum-Comput Interact 2(CSCW)1ndash31 2018

[30] X Lei G Tu A X Liu C Li and T Xie The insecurity of home digital voiceassistants - vulnerabilities attacks and countermeasures In 2018 IEEE Conferenceon Communications and Network Security (CNS) pages 1ndash9 2018

[31] Nathan Malkin Joe Deatrick Allen Tong Primal Wijesekera Serge Egelmanand David Wagner Privacy attitudes of smart speaker users In 19th PrivacyEnhancing Technologies Symposium (PETS) 2019

[32] Graeme McLean and Kofi Osei-Frimpong Hey alexa examine the variablesinfluencing the use of artificial intelligent in-home voice assistants Computersin Human Behavior 9928 ndash 37 2019

[33] Nirupam Roy Sheng Shen Haitham Hassanieh and Romit Roy ChoudhuryInaudible voice commands The long-range attack and defense In 15th USENIXSymposium on Networked Systems Design and Implementation (NSDI 18) pages547ndash560 2018

[34] Lea Schoumlnherr Katharina Kohls Steffen Zeiler Thorsten Holz and DorotheaKolossa Adversarial attacks against automatic speech recognition systems viapsychoacoustic hiding In Network and Distributed System Security Symposium(NDSS) 2019

[35] Faysal Shezan HangHu JiaminWang GangWang and Yuan Tian Read betweenthe lines An empirical measurement of sensitive applications of voice personalassistant systems In Proceedings of The Web Conference (WWW) 2020

[36] R Slavin X Wang M B Hosseini J Hester R Krishnan J Bhatia T D Breauxand J Niu Toward a framework for detecting privacy policy violations in androidapplication code In 2016 IEEEACM 38th International Conference on SoftwareEngineering (ICSE) pages 25ndash36 2016

[37] Maurice E Stucke and Ariel Ezrachi How digital assistants can harm oureconomy privacy and democracy Berkeley Technology Law Journal 32(3)1240ndash1299 2017

[38] Tavish Vaidya Yuankai Zhang Micah Sherr and Clay Shields Cocaine noodlesExploiting the gap between human and machine speech recognition In 9thUSENIX Workshop on Offensive Technologies (WOOT 15) 2015

[39] X Wang X Qin M Bokaei Hosseini R Slavin T D Breaux and J Niu GuileakTracing privacy policy claims on user input data for android applications In 2018IEEEACM 40th International Conference on Software Engineering (ICSE) pages37ndash47 2018

[40] Qiben Yan Kehai Liu Qin Zhou Hanqing Guo and Ning Zhang SurfingattackInteractive hidden attack on voice assistants using ultrasonic guided wave InNetwork and Distributed Systems Security (NDSS) Symposium 2020

[41] L Yu X Luo X Liu and T Zhang Can we trust the privacy policies of androidapps In 2016 46th Annual IEEEIFIP International Conference on DependableSystems and Networks (DSN) pages 538ndash549 2016

[42] Xuejing Yuan Yuxuan Chen Yue Zhao Yunhui Long Xiaokang Liu Kai ChenShengzhi Zhang Heqing Huang XiaoFeng Wang and Carl A Gunter Com-mandersong A systematic approach for practical adversarial voice recognitionIn Proceedings of the 27th USENIX Conference on Security Symposium (SECrsquo18)pages 49ndash64 2018

[43] Eric Zeng Shrirang Mare and Franziska Roesner End user security and privacyconcerns with smart homes In Proceedings of the Thirteenth USENIX Conferenceon Usable Privacy and Security SOUPS rsquo17 page 65ndash80 USA 2017 USENIXAssociation

[44] Guoming Zhang Chen Yan Xiaoyu Ji Tianchen Zhang Taimin Zhang andWenyuan Xu Dolphinattack Inaudible voice commands In Proceedings of the2017 ACM SIGSAC Conference on Computer and Communications Security (CCSrsquo17) pages 103ndash117 2017

[45] Nan Zhang Xianghang Mi Xuan Feng XiaoFeng Wang Yuan Tian and FengQian Understanding and mitigating the security risks of voice-controlled third-party skills on amazon alexa and google home In IEEE Symposium on Securityand Privacy (SP) 2019

[46] Serena Zheng Noah Apthorpe Marshini Chetty and Nick Feamster User per-ceptions of smart home iot privacy Proc ACM Hum-Comput Interact 2018

[47] Sebastian Zimmeck Peter Story Daniel Smullen Abhilasha Ravichander ZiqiWang Joel Reidenberg N Russell and Norman Sadeh Maps Scaling privacycompliance analysis to a million apps Proceedings on Privacy Enhancing Tech-nologies 201966ndash86 07 2019

[48] Sebastian Zimmeck Ziqi Wang Lieyong Zou Roger Iyengar Bin Liu FlorianSchaub ShormirWilson Norman Sadeh Steven M Bellovin and Joel ReidenbergAutomated analysis of privacy requirements for mobile apps In 24th Network ampDistributed System Security Symposium (NDSS 2017) 2017

Appendices

Category Skills wecrawled

Skills with aprivacy policy

Business amp Finance 3599 1420Connected Car 140 100

Education amp Reference 7990 1460Food amp Drink 1379 407Games amp Trivia 11822 1461Health amp Fitness 2026 844

Kids 3252 461Lifestyle 11080 2693Local 1283 377

Movies amp TV 915 153Music amp Audio 9216 3155

News 6810 2907Noveltyamp Humor 3418 394

Productivity 4263 1434Shopping 342 204

Smart Home 2432 2254Social 1479 531Sports 1592 343

Travel amp Transportation 1187 205Utilities 1025 191Weather 853 150Total skills 76103 21144

Total unique skills 64720 17952Table 9 Alexa skills by category in our dataset Some skillsare classified and listed in multiple categories After remov-ing the cross-listed duplicates we obtained 64720 uniqueskills and 17952 of these skills provide privacy policy links

Category Actions wecrawled

Actions with aprivacy policy

Arts amp Lifestyle 96 85Business amp Finance 159 156

Communication amp Social 27 11Education amp Reference 153 145

Food amp Drink 152 142Games amp Fun 174 167

Health amp Fitness 122 119Kids amp Family 102 101

Local 65 61Movies Photos amp TV 52 44

Music amp Audio 132 121News amp Magazines 176 80


Smart Home 290 274Sports 161 142

Travel amp Transportation 142 136Weather 57 56

Total actions 2201 1967Table 10 Google actions by category in our dataset

12

Arbonne My Office Arm My Guardzilla Ash Timber FlooringAtrium Health Best Roomies Cake Walk Call Handler CitySparkEvents Conway Daily Sun Calendar Crush Calculator Find MyPhone Flu Season FortiRecorder garage control GINA Talkgroup messenger Hal9000 Happy birthday Home Workout

Exercise Video Fitness 7 Day Videos hugOne ISS Distance FromMe K5 Kamakshi Cloudrsquos GPS Finder Kotipizza Laconia DailySun Calendar Mailbox Assistant Maui Time Calendar My AirQuality My Extra Brain My Two Cents Natural Hazards

Neighbor Knocker Novant Health OMS Customer Care PortlandPhoenix Calendar Prayer Time Record-Journal - Things to DoCalendar Running Clothes Running Outfit Advisor SkyHomeSkyView Academy The Transit Oracle (Bus Predictions for SF

Muni) Thought Leaders Ticket Finder Trip Tracker Trivia Questwalk cake What Should I Wear whatrsquos nearby WP6

Table 11 Amazon Alexa skills with inconsistency betweenthe privacy policy and description

Figure 10 Although the skill description mentions collec-tion of personal information no privacy policy is provided

Question Do you think all skills should have a privacy policy

Responses

A privacy policy is always necessary to give users a piece of mindUsers should be able to know the risks involved such as if others could

be listening in illegallyPrivacy policy is definitely required so it can assure consumers that it

is unlikely that malicious actions will occur with their dataThey should be made easily accessible too

Required if in fact there are things that customers should be warnedabout prior to using it

A privacy policy would be completely necessary I feel like the skillsneed to disclose everything being done with a userrsquos data

But it should be easily explained and controls easily learnedIf data is being collected this is personal information that the user

should have some control overIt needs to be more digestible so people will actually read it

I do think it is necessary to have a privacy policy but I do think itshould be short and easy to understand

Table 12 Userrsquos view on the necessity of privacy policiesWepresent a few selected responses received from the partici-pants in our user study when asked the question Do youthink all skills should have a privacy policy

13

Abstract

1 Introduction

2 Background and Challenges

21 Voice-app and privacy policy

22 Challenges on privacy policy analysis

3 Methodology

31 Data collection

32 Capturing data practices

33 Inconsistency checking

4 Major Findings


42 Content analysis of privacy policies

43 Usability issues

5 User Study

6 Discussion

61 Limitation

62 Why poor-quality privacy policies

63 Privacy policy through voice

7 Related Work

71 Privacy concerns for voice assistants

72 Privacy policy analysis for mobile apps

8 Conclusion

References

bull RQ3 What are VA usersrsquo perspectives on privacy policiesof voice-apps What is possibly a better usability choicefor VA users to make informed privacy decisions

We conduct the first empirical analysis to measure the effective-ness of privacy policies provided by voice-app developers on bothAmazon Alexa and Google Assistant platforms Such an effort hasnot previously been reported The major contributions and findingsare summarized as follow1

bull We analyze 64720 Amazon Alexa skills and 2201 GoogleAssistant actions We first check whether they have a pri-vacy policy For the 17952 skills and 1967 actions that haveone unfortunately we find there are many voice-apps inapp stores with incorrect privacy policy URLs or brokenlinks Surprisingly Google and Amazon even have officialvoice-apps violating their own requirements regarding theprivacy policy

bull We further analyze the privacy policy content to identifypotential inconsistencies between policies and voice-appsWe develop a Natural Language Processing (NLP)-basedapproach to capture data practices from privacy policiesWe then compare the data practices of a privacy policyagainst the apprsquos description We find there are privacypolicies that are inconsistent with the corresponding skilldescriptions We also find skills which are supposed tohave a privacy policy but do not provide one

bull We conduct a user study with 91 participants to under-stand usersrsquo perspectives on VArsquos privacy policies usingthe Amazon Mechanical Turk crowdsourcing platform Wealso discuss solutions to improve the usability of privacynotices to VA users

2 BACKGROUND AND CHALLENGES21 Voice-app and privacy policyVoice-app listing on the store We mainly focus on two main-stream VA platforms ie Amazon Alexa and Google Assistantboth with conceptually similar architectures These platforms allowthird-party developers to publish their own voice-apps on VA storesA voice-apprsquos introduction page that is shared by the developer onthe store contains the app name a detailed description the cate-gory it belongs to developer information user rating and reviewsprivacy policy link and example voice commands which can beviewed by end users The source code is not included in the submis-sion and therefore is not available either to the certification teamsof VA platforms or to end users Users who enable a skillactionthrough the voice-app store may make their decisions based onthe description It explains the functionality and behavior of thevoice-app and what the user can expect from it Some developersalso mention the data that is required from users (ie data practices)in the description

VA platformrsquos requirements on privacy policy Applicationdevelopers are often required to provide a privacy policy and notifyusers of their appsrsquo privacy practices VA platforms have different

1Accompanying materials of this work including the dataset empirical evidencesfor inconsistent privacy policies and tools are available at httpsgithubcomvoice-assistant-researchvoice-assistant

requirements regarding the privacy policies of voice-apps GoogleAssistant requires every action to have a privacy policy provided onsubmission Amazon Alexa requires skills that collect personal in-formation only to mandatorily have a privacy policy Both Amazonand Google prevent the submission of a voice-app for certification iftheir respective requirements are not met [1 10] In addition to theprivacy policy URL both platforms offer an option for developers toprovide a URL for the terms of use as well These URLs if providedby the developers are made available along with the voice-apprsquoslisting on the store

Requirements on specific content in privacy policiesGooglehas a Privacy Policy Guidance page [7] in their documentationfor action developers The guide explains what Googlersquos minimumexpectation is for a privacy policy document According to theguide the privacy disclosures included in the policy should be com-prehensive accurate and easy to understand for the users Theprivacy policy should disclose all the information that an actioncollects through all the interfaces including the data that is col-lected automatically How the collected information is used andwho and when the collected information is shared with should bespecified Google rejects an action if developers do not provide (oreven misspell) the action name company name or developer emailin the privacy policy The link should be valid and should also bea public document viewable by everyone Amazon Alexa doesnrsquotprovide a guideline for the privacy policy content in their Alexadocumentation

Voice-app enablement VA users enable official (ie developedby VA platforms) or third-party voice-apps to expand the function-ality of their devices Voice-apps can be enabled by saying a simplecommand through voice or by adding it from the smartphone appA voice-app for which the developer has requested permissionto access userrsquos data sends a permission request to the userrsquos VAcompanion app on smartphone during enablement The other voice-apps are directly enabled A privacy policy can be accessed eitherover the VA companion app or through the web On the contraryit is not accessible through the VA devices over voice VA platformsdo not require end users to accept a privacy policy or the terms ofuse of a voice-app before enabling it on their devices It is left forthe users to decide whether to go through the privacy policy of thevoice-app they use or not

22 Challenges on privacy policy analysisExisting privacy policy analysis on smartphone platforms [17 3639 41 47 48] typically conduct static code analysis to analyzepotential inconsistencies between an apprsquos privacy policy and itsruntime behavior Unlike smartphone app platforms the sourcecode of voice-apps in Amazon Alexa and Google Assistant plat-forms are not publicly available A voice-app is hosted in a serverselected by its developer and only the developer has access to itAs far as we know the source code is not available even to theVA platformrsquos certification teams This limits the extent of our pri-vacy analysis since we neither have a ground truth to validate ourfindings of inconsistent privacy policies nor the actual code to findmore inconsistencies with the privacy policies provided The onlyuseful information that we have about a voice-app is the descrip-tion that is provided by the developer Descriptions do not have

2

DescriptionDataset



Privacy Policy






Preprocessing








0

02

04

06

08

1

0 1000 2000 3000 4000 5000 6000 7000 8000 9000 10000

Cum

ulat

ive

Fra

ctio

n (C

DF

)





3









published document





VerbSet
















4











20

40

60

80

100



239

1728

10124

7828

(122)

(878)

(564)

(436)

Per

cent

age



5





















6




0

02

04

06

08

1

0 10 20 30 40 50 60 70 80 90 100

Cum

ulat

ive

Fra

ctio

n (C

DF

)






0

100

200

300

400

500

600

700

Unrelated page


Redirect page

Page not found

Ski

ll nu

mbe

r


0

5

10

15

20

25

30

35

40

Page not found


Need login

Unrelated page

Redirect page

Act

ion

num

ber







7




Name 10










Issue Skill name





one







8














9








10
































11
























Appendices
























12








Responses










13

Abstract

1 Introduction




3 Methodology

31 Data collection



4 Major Findings



43 Usability issues

5 User Study

6 Discussion

61 Limitation



7 Related Work



8 Conclusion

References

DescriptionDataset



Privacy Policy






Preprocessing








0

02

04

06

08

1

0 1000 2000 3000 4000 5000 6000 7000 8000 9000 10000

Cum

ulat

ive

Fra

ctio

n (C

DF

)





3









published document





VerbSet
















4











20

40

60

80

100



239

1728

10124

7828

(122)

(878)

(564)

(436)

Per

cent

age



5





















6




0

02

04

06

08

1

0 10 20 30 40 50 60 70 80 90 100

Cum

ulat

ive

Fra

ctio

n (C

DF

)






0

100

200

300

400

500

600

700

Unrelated page


Redirect page

Page not found

Ski

ll nu

mbe

r


0

5

10

15

20

25

30

35

40

Page not found


Need login

Unrelated page

Redirect page

Act

ion

num

ber







7




Name 10










Issue Skill name





one







8














9








10
































11
























Appendices
























12








Responses










13

Abstract

1 Introduction




3 Methodology

31 Data collection



4 Major Findings



43 Usability issues

5 User Study

6 Discussion

61 Limitation



7 Related Work



8 Conclusion

References









published document





VerbSet
















4











20

40

60

80

100



239

1728

10124

7828

(122)

(878)

(564)

(436)

Per

cent

age



5





















6




0

02

04

06

08

1

0 10 20 30 40 50 60 70 80 90 100

Cum

ulat

ive

Fra

ctio

n (C

DF

)






0

100

200

300

400

500

600

700

Unrelated page


Redirect page

Page not found

Ski

ll nu

mbe

r


0

5

10

15

20

25

30

35

40

Page not found


Need login

Unrelated page

Redirect page

Act

ion

num

ber







7




Name 10










Issue Skill name





one







8














9








10
































11
























Appendices
























12








Responses










13

Abstract

1 Introduction




3 Methodology

31 Data collection



4 Major Findings



43 Usability issues

5 User Study

6 Discussion

61 Limitation



7 Related Work



8 Conclusion

References











20

40

60

80

100



239

1728

10124

7828

(122)

(878)

(564)

(436)

Per

cent

age



5





















6




0

02

04

06

08

1

0 10 20 30 40 50 60 70 80 90 100

Cum

ulat

ive

Fra

ctio

n (C

DF

)






0

100

200

300

400

500

600

700

Unrelated page


Redirect page

Page not found

Ski

ll nu

mbe

r


0

5

10

15

20

25

30

35

40

Page not found


Need login

Unrelated page

Redirect page

Act

ion

num

ber







7




Name 10










Issue Skill name





one







8














9








10
































11
























Appendices
























12








Responses










13

Abstract

1 Introduction




3 Methodology

31 Data collection



4 Major Findings



43 Usability issues

5 User Study

6 Discussion

61 Limitation



7 Related Work



8 Conclusion

References





















6




0

02

04

06

08

1

0 10 20 30 40 50 60 70 80 90 100

Cum

ulat

ive

Fra

ctio

n (C

DF

)






0

100

200

300

400

500

600

700

Unrelated page


Redirect page

Page not found

Ski

ll nu

mbe

r


0

5

10

15

20

25

30

35

40

Page not found


Need login

Unrelated page

Redirect page

Act

ion

num

ber







7




Name 10










Issue Skill name





one







8














9








10
































11
























Appendices
























12








Responses










13

Abstract

1 Introduction




3 Methodology

31 Data collection



4 Major Findings



43 Usability issues

5 User Study

6 Discussion

61 Limitation



7 Related Work



8 Conclusion

References




0

02

04

06

08

1

0 10 20 30 40 50 60 70 80 90 100

Cum

ulat

ive

Fra

ctio

n (C

DF

)






0

100

200

300

400

500

600

700

Unrelated page


Redirect page

Page not found

Ski

ll nu

mbe

r


0

5

10

15

20

25

30

35

40

Page not found


Need login

Unrelated page

Redirect page

Act

ion

num

ber







7




Name 10










Issue Skill name





one







8














9








10
































11
























Appendices
























12








Responses










13

Abstract

1 Introduction




3 Methodology

31 Data collection



4 Major Findings



43 Usability issues

5 User Study

6 Discussion

61 Limitation



7 Related Work



8 Conclusion

References




Name 10










Issue Skill name





one







8














9








10
































11
























Appendices
























12








Responses










13

Abstract

1 Introduction




3 Methodology

31 Data collection



4 Major Findings



43 Usability issues

5 User Study

6 Discussion

61 Limitation



7 Related Work



8 Conclusion

References














9








10
































11
























Appendices
























12








Responses










13

Abstract

1 Introduction




3 Methodology

31 Data collection



4 Major Findings



43 Usability issues

5 User Study

6 Discussion

61 Limitation



7 Related Work



8 Conclusion

References








10
































11
























Appendices
























12








Responses










13

Abstract

1 Introduction




3 Methodology

31 Data collection



4 Major Findings



43 Usability issues

5 User Study

6 Discussion

61 Limitation



7 Related Work



8 Conclusion

References
































11
























Appendices
























12








Responses










13

Abstract

1 Introduction




3 Methodology

31 Data collection



4 Major Findings



43 Usability issues

5 User Study

6 Discussion

61 Limitation



7 Related Work



8 Conclusion

References
























Appendices
























12








Responses










13

Abstract

1 Introduction




3 Methodology

31 Data collection



4 Major Findings



43 Usability issues

5 User Study

6 Discussion

61 Limitation



7 Related Work



8 Conclusion

References








Responses










13

Abstract

1 Introduction




3 Methodology

31 Data collection



4 Major Findings



43 Usability issues

5 User Study

6 Discussion

61 Limitation



7 Related Work



8 Conclusion

References

measuring the effectiveness of privacy policies for voice … · 2 days ago · work also includes...

Documents