PriAgent: A Collaborative Multi-Agent Framework for Auditing Android Privacy Compliance
DOI:
https://doi.org/10.1609/aaai.v40i2.37135Abstract
Stringent regulations like General Data Protection Regulation (GDPR) mandate that an application's code-level data handling must align with its natural-language privacy policy, creating a critical auditing challenge. However, existing methods, predominantly reliant on static analysis, suffer from a critical limitation: in their pursuit of soundness via over-approximation, they exhibit "semantic blindness"—detecting what data flows exist but not why. This leads to an overwhelming volume of false positives, rendering automated auditing impractical. To bridge this gap, we introduce PriAgent, a novel framework that approaches compliance auditing as a multi-stage, AI-driven reasoning task. Instead of a monolithic model, PriAgent deploys a team of specialized agents that execute a divide-and-conquer strategy. They systematically prune the analysis space by abstracting data flows, pinpoint semantic loci critical for inspection, and perform on-demand summarization of large code blocks to ensure scalability. PriAgent leverages Retrieval-Augmented Generation (RAG) with a curated knowledge base of Android APIs, equipping agents to discern potentially non-compliant behavior from benign functionality. By correlating code-level evidence with the app's stated privacy policy, PriAgent delivers a holistic and explainable verdict for each potential violation. Our evaluations demonstrate that PriAgent significantly reduces false positives, enabling a more scalable and precise compliance audit.
Published
2026-03-14
How to Cite
Zhang, Z., Li, Z., Jiang, Z., Yin, J., Wang, X., Chen, J., & Liu, Q. (2026). PriAgent: A Collaborative Multi-Agent Framework for Auditing Android Privacy Compliance. Proceedings of the AAAI Conference on Artificial Intelligence, 40(2), 1587–1595. https://doi.org/10.1609/aaai.v40i2.37135
Issue
Section
AAAI Technical Track on Application Domains II
