The privacy of personal information has received significant attention in mobile software. Although previous researchers have designed some methods to identify the conflict between app behavior and privacy policies, little is known about investigating regulation requirements for third-party libraries (TPLs). The regulators enacted multiple regulations to regulate the usage of personal information for TPLs (e.g., the "California Consumer Privacy Act" requires businesses clearly notify consumers if they share consumers' data with third parties or not). However, it remains challenging to analyze the legality of TPLs due to three reasons: 1) TPLs are mainly published on public repositoriesinstead of app market (e.g., Google play). The public repositories do not perform privacy compliance analysis for each TPL. 2) TPLs only provide independent functions or function sequences. They cannot run independently, which limits the application of performing dynamic analysis. 3) Since not all the functions of TPLs are related to user privacy, we must locate the functions of TPLs that access/process personal information before performing privacy compliance analysis. To overcome the above challenges, in this paper, we propose an automated system named ATPChecker to analyze whether the Android TPLs meet privacy-related regulations or not. Our findings remind developers to be mindful of TPL usage when developing apps or writing privacy policies to avoid violating regulations

翻译：个人信息隐私在移动软件中备受关注。尽管已有研究者设计了一些方法来识别应用行为与隐私政策之间的冲突，但对于第三方库（TPLs）的监管要求研究尚不充分。监管机构制定了多项法规来规范TPLs对个人信息的使用（例如，《加州消费者隐私法案》（CCPA）要求企业明确告知消费者是否与第三方共享其数据）。然而，由于以下三个原因，分析TPLs合规性仍面临挑战：1）TPLs主要发布在公共代码仓库而非应用市场（如Google Play）。公共代码仓库不会对每个TPL进行隐私合规分析。2）TPLs仅提供独立功能或功能序列，无法独立运行，这限制了动态分析的应用。3）由于TPLs并非所有功能都与用户隐私相关，执行隐私合规分析前必须先定位访问/处理个人信息的TPLs功能。为克服上述挑战，本文提出一个名为ATPChecker的自动化系统，用于分析Android TPLs是否符合隐私相关法规。我们的发现提醒开发者在开发应用或编写隐私政策时需谨慎使用TPLs，以避免违反法规。