Speaker: Song Liao

Date: Mar 6, 11:45am–12:45pm

Abstract: Voice personal assistants (VPAs) such as Amazon Alexa and Google Assistant are rapidly gaining popularity in both domestic and business. Today’s VPA services have been largely expanded by allowing third-party developers to build voice apps (named “skill” in the Amazon Alexa platform) and publish them to marketplaces. To ensure the content safety and privacy of voice apps, VPA platform providers have specified a set of policy requirements to be adhered to by third-party developers.

In this talk, I will present our work on ensuring policy and privacy compliance in voice applications. For policy compliance, to understand the range and scope of how existing voice apps conform to various policy requirements, we designed “SkillDetective”, a dynamic testing tool to automatically test voice-app behaviors and report on potential policy violations against VPA policy requirements. Additionally, we developed “SkillScanner”, an efficient static analysis tool to facilitate third-party developers to detect policy violations early in the voice-app development lifecycle, preventing the inflow of new policy-violating voice-apps from being published. Regarding privacy compliance, we analyzed privacy policy documents from third-party developers in the US marketplace. The results showed that a substantial number of problematic privacy policies exist in the Amazon Alexa and Google Assistant platforms. We also extend our focus to voice apps in European marketplaces, assessing their privacy compliance with GDPR regulations.

Biographical Sketch: Song Liao is currently a final-year Ph.D. student in the School of Computing at Clemson University. He received his B.S. and M.S. degrees from Xi’an Jiaotong University in 2015 and 2018, respectively. His research interests include IoT security and privacy, along with online abuse detection. Specifically, he delved deeply into the policy and privacy compliance of voice assistant applications, conducting a comprehensive series of studies in this area. His works have been published in top conferences, including ACM CCS, Usenix Security, WWW, and KDD. Notably, his work on privacy policy analysis received the Distinguished Award in ACSAC 2020.

Location and Zoom link: 307 Love, or https://fsu.zoom.us/j/95658766132