The privacy of personal information has received significant attention in mobile software. Although previous researchers have designed some methods to identify the conflict between app behavior and privacy policies, little is known about investigating regulation requirements for third-party libraries (TPLs). The regulators enacted multiple regulations to regulate the usage of personal information for TPLs (e.g., the "California Consumer Privacy Act" requires businesses clearly notify consumers if they share consumers' data with third parties or not). However, it remains challenging to analyze the legality of TPLs due to three reasons: 1) TPLs are mainly published on public repositoriesinstead of app market (e.g., Google play). The public repositories do not perform privacy compliance analysis for each TPL. 2) TPLs only provide independent functions or function sequences. They cannot run independently, which limits the application of performing dynamic analysis. 3) Since not all the functions of TPLs are related to user privacy, we must locate the functions of TPLs that access/process personal information before performing privacy compliance analysis. To overcome the above challenges, in this paper, we propose an automated system named ATPChecker to analyze whether the Android TPLs meet privacy-related regulations or not. Our findings remind developers to be mindful of TPL usage when developing apps or writing privacy policies to avoid violating regulations

翻译：个人信息隐私问题在移动软件领域受到广泛关注。尽管先前的研究人员已设计出多种方法识别应用行为与隐私政策之间的冲突，但针对第三方库（TPLs）的监管要求研究尚不充分。监管机构颁布了多项法规以规范TPLs对个人信息的使用（例如《加州消费者隐私法案》要求企业明确告知消费者是否与第三方共享其数据）。然而，由于以下三个原因，分析TPLs的合法性仍具挑战性：1）TPLs主要发布在公共代码库而非应用市场（如Google Play）。公共代码库不会对每个TPL进行隐私合规性分析。2）TPLs仅提供独立功能或功能序列，无法独立运行，这限制了动态分析技术的应用。3）由于并非TPLs的所有功能都与用户隐私相关，在进行隐私合规性分析前，必须定位TPLs中访问/处理个人信息的函数。为克服上述挑战，本文提出了一种名为ATPChecker的自动化系统，用于分析Android TPLs是否符合隐私相关法规。我们的研究结果提醒开发者在开发应用或编写隐私政策时，需谨慎使用TPLs以避免违反法规。