@inbook{10.1145/3696630.3728508,
author = {Alecci, Marco and Sannier, Nicolas and Ceci, Marcello and Abualhaija, Sallam and Samhi, Jordan and Bianculli, Domenico and Bissyand\'{e}, Tegawend\'{e} and Klein, Jacques},
title = {Toward LLM-Driven GDPR Compliance Checking for Android Apps},
year = {2025},
isbn = {9798400712760},
publisher = {Association for Computing Machinery},
address = {New York, NY, USA},
url = {https://doi.org/10.1145/3696630.3728508},
abstract = {Android apps extensively collect sensitive personal data from our devices daily. Despite stringent regulations like the European Union's General Data Protection Regulation (GDPR), many applications (apps) fail to comply with these legal requirements. While previous studies have focused on the compliance of privacy policies, checking how these policies are implemented in the actual code has not yet been extensively investigated. Moreover, previous efforts have often been limited in scope.This paper explores the potential of Large Language Models (LLMs) to address the challenge of verifying privacy regulation compliance in Android apps. Specifically, we address scenarios where source code is unavailable by investigating whether LLM can work with Smali code—a human-readable representation of Android byte-code extracted from APK files. Through this exploratory investigation, we aim to uncover if LLMs can bridge the gap between legal privacy requirements and their technical implementation in mobile apps. Through initial experiments, we assess the feasibility and effectiveness of a straightforward LLM-driven method for identifying compliance issues and provide directions for our future research efforts to improve our approach and perform large-scale experiments.},
booktitle = {Proceedings of the 33rd ACM International Conference on the Foundations of Software Engineering},
pages = {606–610},
numpages = {5}
}