Benjamin Andow

Co-authored papers

2020

• Cardpliance: PCI-DSS Compliance of Android Applications

  Proceedings of the USENIX Security Symposium

  Samin Yaseer Mahmud, Akhil Acharya, Benjamin Andow, William Enck, and Bradley Reaves

  PDF

  Static analysis can automatically check PCI-DSS compliance of Android apps; 1.67% of 358 popular apps improperly store card numbers or verification codes.

• Actions Speak Louder than Words: Entity-Sensitive Privacy Policy and Dataflow Analysis with PoliCheck

  Proceedings of the USENIX Security Symposium

  Benjamin Andow, Samin Yaseer Mahmud, Justin Whitaker, William Enck, Bradley Reaves, Kapil Singh, and Serge Egelman

  PDF Video Slides

  Up to 42% of Android apps incorrectly disclose or omit privacy-sensitive data flows in their policy policy.

2019

• PolicyLint: Investigating Internal Privacy Policy Contradictions on Google Play

  Proceedings of the USENIX Security Symposium

  Benjamin Andow, Samin Yaseer Mahmud, Wenyu Wang, Justin Whitaker, William Enck, Bradley Reaves, Kapil Singh, and Tao Xie

  PDF Video

  Automated analysis found that 14% of 11,430 app privacy policies contradict themselves, indicating misleading data practices.