Apps and devices (mobile devices, web browsers, IoT, VR, voice assistants, etc.) routinely collect user data, and send them to first- and third-party servers through the network. Recently, there is a lot of interest in (1) auditing the actual data collection practices of those systems; and also in (2) checking the consistency of those practices against the statements made in the corresponding privacy policies. In this paper, we argue that the contextual integrity (CI) tuple can be the basic building block for defining and implementing such an auditing framework. We elaborate on the special case where the tuple is partially extracted from the network traffic generated by the end-device of interest, and partially from the corresponding privacy policies using natural language processing (NLP) techniques. Along the way, we discuss related bodies of work and representative examples that fit into that framework. More generally, we believe that CI can be the building block not only for auditing at the edge, but also for specifying privacy policies and system APIs. We also discuss limitations and directions for future work.

翻译：应用程序与设备（移动设备、网页浏览器、物联网、虚拟现实设备、语音助手等）通常收集用户数据，并通过网络发送至第一方和第三方服务器。近年来，（1）审计这些系统实际的数据收集行为，以及（2）检验这些行为与相应隐私政策声明之间的一致性，引起了广泛关注。本文提出，语境完整性（CI）元组可作为定义和实现此类审计框架的基本构成单元。我们重点阐述了元组部分从目标终端设备生成的网络流量中提取、部分通过自然语言处理（NLP）技术从对应隐私政策中获取的特殊情况，并探讨了适用于该框架的相关工作与代表性案例。更广泛而言，我们认为CI不仅可作为边缘端审计的基础构件，还可用于规范隐私策略与系统应用程序编程接口。最后，我们讨论了当前局限性与未来研究方向。