PrivacyCAT: Privacy-Aware Code Analysis at Scale. Mao, K., Åhs, C. T, Cela, S., Distefano, D., Gardner, N., Grigore, R., Gustafsson, P., Hajdu, Á., Kapus, T., Marescotti, M., Cunha Sampaio, G., & Suzanne, T. In Proceedings of the 46th International Conference on Software Engineering: Software Engineering in Practice, pages 106–117, 2024. ACM. ![PrivacyCAT: Privacy-Aware Code Analysis at Scale [pdf]](https://bibbase.org/img/filetypes/pdf.svg "pdf")
Pdf ![PrivacyCAT: Privacy-Aware Code Analysis at Scale [link]](https://bibbase.org/img/filetypes/link.svg "link")
Link doi abstract bibtex 8 downloads Static and dynamic code analyses have been widely adopted in industry to enhance software reliability, security, and performance by automatically detecting bugs in the code. In this paper, we introduce PrivacyCAT, a code analysis system developed and deployed at WhatsApp to protect user privacy. PrivacyCAT automatically detects privacy defects in code at early stages (before reaching production and affecting users), and therefore, it prevents such vulnerabilities from evolving into privacy incidents. PrivacyCAT comprises of a collection of static and dynamic taint analysers. We report on the technical development of PrivacyCAT and the results of two years of its large-scale industrial deployment at WhatsApp. We present our experience in designing its system architecture, and continuous integration process. We discuss the unique challenges encountered in developing and deploying such kind of analyses within an industrial context. Since its deployment in 2021, PrivacyCAT has safeguarded data privacy in $74%$ of privacy site events (SEVs). It has prevented 493 potential privacy SEVs from being introduced into the codebases, enabling developers to maintain a high privacy standard for the code that supports over two billion WhatsApp users.
@inproceedings{icse2024,
author = {Mao, Ke and {\AA}hs, Cons T and Cela, Sopot and Distefano, Dino and Gardner, Nick and Grigore, Radu and Gustafsson, Per and Hajdu, \'Akos and Kapus, Timotej and Marescotti, Matteo and Cunha Sampaio, Gabriela and Suzanne, Thibault},
title = {{P}rivacy{CAT}: Privacy-Aware Code Analysis at Scale},
year = {2024},
publisher = {ACM},
doi = {10.1145/3639477.3639742},
booktitle = {Proceedings of the 46th International Conference on Software Engineering: Software Engineering in Practice},
pages = {106--117},
type = {Conference},
url_pdf = {https://hajduakos.github.io/publications/icse2024.pdf},
url_link = {https://doi.org/10.1145/3639477.3639742},
abstract = {Static and dynamic code analyses have been widely adopted in industry to enhance software reliability, security, and performance by automatically detecting bugs in the code. In this paper, we introduce PrivacyCAT, a code analysis system developed and deployed at WhatsApp to protect user privacy. PrivacyCAT automatically detects privacy defects in code at early stages (before reaching production and affecting users), and therefore, it prevents such vulnerabilities from evolving into privacy incidents. PrivacyCAT comprises of a collection of static and dynamic taint analysers. We report on the technical development of PrivacyCAT and the results of two years of its large-scale industrial deployment at WhatsApp. We present our experience in designing its system architecture, and continuous integration process. We discuss the unique challenges encountered in developing and deploying such kind of analyses within an industrial context. Since its deployment in 2021, PrivacyCAT has safeguarded data privacy in $74\%$ of privacy site events (SEVs). It has prevented 493 potential privacy SEVs from being introduced into the codebases, enabling developers to maintain a high privacy standard for the code that supports over two billion WhatsApp users.},
}
Downloads: 8
{"_id":"YSkhmcZGar5rdHaQ8","bibbaseid":"mao-hs-cela-distefano-gardner-grigore-gustafsson-hajdu-etal-privacycatprivacyawarecodeanalysisatscale-2024","author_short":["Mao, K.","Åhs, C. T","Cela, S.","Distefano, D.","Gardner, N.","Grigore, R.","Gustafsson, P.","Hajdu, Á.","Kapus, T.","Marescotti, M.","Cunha Sampaio, G.","Suzanne, T."],"bibdata":{"bibtype":"inproceedings","type":"Conference","author":[{"propositions":[],"lastnames":["Mao"],"firstnames":["Ke"],"suffixes":[]},{"propositions":[],"lastnames":["Åhs"],"firstnames":["Cons","T"],"suffixes":[]},{"propositions":[],"lastnames":["Cela"],"firstnames":["Sopot"],"suffixes":[]},{"propositions":[],"lastnames":["Distefano"],"firstnames":["Dino"],"suffixes":[]},{"propositions":[],"lastnames":["Gardner"],"firstnames":["Nick"],"suffixes":[]},{"propositions":[],"lastnames":["Grigore"],"firstnames":["Radu"],"suffixes":[]},{"propositions":[],"lastnames":["Gustafsson"],"firstnames":["Per"],"suffixes":[]},{"propositions":[],"lastnames":["Hajdu"],"firstnames":["Ákos"],"suffixes":[]},{"propositions":[],"lastnames":["Kapus"],"firstnames":["Timotej"],"suffixes":[]},{"propositions":[],"lastnames":["Marescotti"],"firstnames":["Matteo"],"suffixes":[]},{"propositions":[],"lastnames":["Cunha","Sampaio"],"firstnames":["Gabriela"],"suffixes":[]},{"propositions":[],"lastnames":["Suzanne"],"firstnames":["Thibault"],"suffixes":[]}],"title":"PrivacyCAT: Privacy-Aware Code Analysis at Scale","year":"2024","publisher":"ACM","doi":"10.1145/3639477.3639742","booktitle":"Proceedings of the 46th International Conference on Software Engineering: Software Engineering in Practice","pages":"106–117","url_pdf":"https://hajduakos.github.io/publications/icse2024.pdf","url_link":"https://doi.org/10.1145/3639477.3639742","abstract":"Static and dynamic code analyses have been widely adopted in industry to enhance software reliability, security, and performance by automatically detecting bugs in the code. In this paper, we introduce PrivacyCAT, a code analysis system developed and deployed at WhatsApp to protect user privacy. PrivacyCAT automatically detects privacy defects in code at early stages (before reaching production and affecting users), and therefore, it prevents such vulnerabilities from evolving into privacy incidents. PrivacyCAT comprises of a collection of static and dynamic taint analysers. We report on the technical development of PrivacyCAT and the results of two years of its large-scale industrial deployment at WhatsApp. We present our experience in designing its system architecture, and continuous integration process. We discuss the unique challenges encountered in developing and deploying such kind of analyses within an industrial context. Since its deployment in 2021, PrivacyCAT has safeguarded data privacy in $74%$ of privacy site events (SEVs). It has prevented 493 potential privacy SEVs from being introduced into the codebases, enabling developers to maintain a high privacy standard for the code that supports over two billion WhatsApp users.","bibtex":"@inproceedings{icse2024,\n author = {Mao, Ke and {\\AA}hs, Cons T and Cela, Sopot and Distefano, Dino and Gardner, Nick and Grigore, Radu and Gustafsson, Per and Hajdu, \\'Akos and Kapus, Timotej and Marescotti, Matteo and Cunha Sampaio, Gabriela and Suzanne, Thibault},\n title = {{P}rivacy{CAT}: Privacy-Aware Code Analysis at Scale},\n year = {2024},\n publisher = {ACM},\n doi = {10.1145/3639477.3639742},\n booktitle = {Proceedings of the 46th International Conference on Software Engineering: Software Engineering in Practice},\n pages = {106--117},\n\n type = {Conference},\n\n url_pdf = {https://hajduakos.github.io/publications/icse2024.pdf},\n url_link = {https://doi.org/10.1145/3639477.3639742},\n\n abstract = {Static and dynamic code analyses have been widely adopted in industry to enhance software reliability, security, and performance by automatically detecting bugs in the code. In this paper, we introduce PrivacyCAT, a code analysis system developed and deployed at WhatsApp to protect user privacy. PrivacyCAT automatically detects privacy defects in code at early stages (before reaching production and affecting users), and therefore, it prevents such vulnerabilities from evolving into privacy incidents. PrivacyCAT comprises of a collection of static and dynamic taint analysers. We report on the technical development of PrivacyCAT and the results of two years of its large-scale industrial deployment at WhatsApp. We present our experience in designing its system architecture, and continuous integration process. We discuss the unique challenges encountered in developing and deploying such kind of analyses within an industrial context. Since its deployment in 2021, PrivacyCAT has safeguarded data privacy in $74\\%$ of privacy site events (SEVs). It has prevented 493 potential privacy SEVs from being introduced into the codebases, enabling developers to maintain a high privacy standard for the code that supports over two billion WhatsApp users.},\n}\n\n","author_short":["Mao, K.","Åhs, C. T","Cela, S.","Distefano, D.","Gardner, N.","Grigore, R.","Gustafsson, P.","Hajdu, Á.","Kapus, T.","Marescotti, M.","Cunha Sampaio, G.","Suzanne, T."],"key":"icse2024","id":"icse2024","bibbaseid":"mao-hs-cela-distefano-gardner-grigore-gustafsson-hajdu-etal-privacycatprivacyawarecodeanalysisatscale-2024","role":"author","urls":{" pdf":"https://hajduakos.github.io/publications/icse2024.pdf"," link":"https://doi.org/10.1145/3639477.3639742"},"metadata":{"authorlinks":{}},"downloads":8},"bibtype":"inproceedings","biburl":"https://hajduakos.github.io/publications.bib","dataSources":["WFubm6dru5DutkSZW"],"keywords":[],"search_terms":["privacycat","privacy","aware","code","analysis","scale","mao","åhs","cela","distefano","gardner","grigore","gustafsson","hajdu","kapus","marescotti","cunha sampaio","suzanne"],"title":"PrivacyCAT: Privacy-Aware Code Analysis at Scale","year":2024,"downloads":8}