If the inline PDF is not rendering correctly, you can download the PDF file here.
 V. Afonso, A. Bianchi, Y. Fratantonio, A. Doupe, M. Polino, P. de Geus, C. Kruegel, and G. Vigna, “Going native: Using a large-scale analysis of android apps to create a practical native-code sandboxing policy,” in NDSS ’16, Feb. 2016.
 S. Arzt, S. Rasthofer, C. Fritz, E. Bodden, A. Bartel, J. Klein, Y. Le Traon, D. Octeau, and P. McDaniel, “Flow-Droid: Precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for android apps,” SIGPLAN Not., vol. 49, no. 6, pp. 259–269, Jun. 2014.
 R. Balebako, A. Marsh, J. Lin, J. Hong, and L. F. Cranor, “The privacy and security behaviors of smartphone app developers,” in USEC ’14, 2014.
 A. Continella, Y. Fratantonio, M. Lindorfer, A. Puccetti, A. Zand, C. Kruegel, and G. Vigna, “Obfuscation-resilient privacy leak detection for mobile apps through differential analysis,” in NDSS ’17, 2017.
 L. F. Cranor, P. G. Leon, and B. Ur, “A large-scale evaluation of U.S. financial institutions standardized privacy notices,” ACM Trans. Web, vol. 10, no. 3, pp. 17:1–17:33, Aug. 2016.
 B. Efron, “Bootstrap methods: Another look at the jackknife,” in Breakthroughs in statistics. Springer, 1992, pp. 569–593.
 W. Enck, P. Gilbert, B.-G. Chun, L. P. Cox, J. Jung, P. McDaniel, and A. N. Sheth, “TaintDroid: An information-flow tracking system for realtime privacy monitoring on smartphones,” in OSDI ’10, 2010.
 T. Ermakova, B. Fabian, and E. Babina, “Readability of privacy policies of healthcare websites,” in Wirtschaftsinformatik ’15, 2015.
 M. I. Gordon, D. Kim, J. Perkins, L. Gilham, N. Nguyen, and M. Rinard, “Information-flow analysis of android applications in DroidSafe,” in NDSS ’15, 2015.
 H. Harkous, K. Fawaz, R. Lebret, F. Schaub, K. G. Shin, and K. Aberer, “Polisis: Automated analysis and presentation of privacy policies using deep learning,” in USENIX Security ’18, 2018.
 J. Huang, O. Schranz, S. Bugiel, and M. Backes, “The art of app compartmentalization: Compiler-based library privilege separation on stock android,” in CCS ’17, 2017.
 L. Lei, Y. He, K. Sun, J. Jing, Y. Wang, Q. Li, and J. Weng, “Vulnerable implicit service: A revisit,” in CCS ’17, 2017.
 T. Libert, “An automated approach to auditing disclosure of third-party data collection in website privacy policies,” in WWW ’18, 2018.
 J. Lin, B. Liu, N. Sadeh, and J. I. Hong, “Modeling users’ mobile app privacy preferences: Restoring usability in a sea of permission settings,” in SOUPS ’14. USENIX Assoc., 2014.
 B. Liu, B. Liu, H. Jin, and R. Govindan, “Efficient privilege de-escalation for ad libraries in mobile apps,” in MobiSys ’15, 2015.
 C. D. Manning, P. Raghavan, and H. Schütze, Introduction to information retrieval. Cambridge University Press, 2008.
 E. Mariconti, L. Onwuzurike, P. Andriotis, E. D. Cristofaro, G. J. Ross, and G. Stringhini, “Mamadroid: Detecting android malware by building markov chains of behavioral models,” in NDSS ’17, 2017.
 X. Pan, X. Wang, Y. Duan, X. Wang, and H. Yin, “Dark hazard: Learning-based, large-scale discovery of hidden sensitive operations in android apps,” in NDSS ’17, 2017.
 R. Ramanath, F. Liu, N. Sadeh, and N. A. Smith, “Unsupervised alignment of privacy policies using hidden markov models,” in ACL ’14, 2014.
 A. Razaghpanah, R. Nithyanand, N. Vallina-Rodriguez, S. Sundaresan, M. Allman, C. Kreibich, and P. Gill, “Apps, trackers, privacy and regulators: A global study of the mobile tracking ecosystem,” in NDSS ’18, 2018.
 A. Razaghpanah, N. Vallina-Rodriguez, S. Sundaresan, C. Kreibich, P. Gill, M. Allman, and V. Paxson, “Haystack: In situ mobile traffic analysis in user space,” CoRR, vol. abs/1510.01419, 2015.
 D. Reidsma and J. Carletta, “Reliability measurement without limits,” Comput. Linguist., vol. 34, no. 3, pp. 319–326, Sep. 2008.
 J. Ren, M. Lindorfer, D. Dubois, A. Rao, D. Choffnes, and N. Vallina-Rodriguez, “Bug fixes, improvements, ... and privacy leaks – a longitudinal study of PII leaks across android app versions,” in NDSS ’18, 2018.
 J. Ren, A. Rao, M. Lindorfer, A. Legout, and D. Choffnes, “Recon: Revealing and controlling PII leaks in mobile network traffic,” in MobiSys ’16, 2016.
 I. Reyes, P. Wijesekera, J. Reardon, A. E. B. On, A. Razaghpanah, N. Vallina-Rodriguez, and S. Egelman, ““Won’t somebody think of the children?" Examining COPPA compliance at scale,” in PETS ’18, vol. 3, 2018, pp. 63–83.
 D. J. Solove and W. Hartzog, “The FTC and the new common law of privacy,” Columbia Law Review, vol. 114, pp. 583–676, 2014.
 P. Story, S. Zimmeck, A. Ravichander, D. Smullen, Z. Wang, J. Reidenberg, N. C. Russell, and N. Sadeh, “Natural language processing for mobile app privacy compliance,” AAAI Spring Symposium on Privacy-Enhancing Artificial Intelligence and Language Technologies, Mar. 2019.
 P. Story, S. Zimmeck, and N. Sadeh, “Which apps have privacy policies?” in APF ’18, 2018.
 G. Tottie, Negation in English speech and writing. Academic Press, 1991.
 J. Towns, T. Cockerill, M. Dahan, I. Foster, K. Gaither, A. Grimshaw, V. Hazlewood, S. Lathrop, D. Lifka, G. D. Peterson, R. Roskies, J. R. Scott, and N. Wilkins-Diehr, “XSEDE: Accelerating scientific discovery,” Computing in Science & Engineering, vol. 16, no. 5, pp. 62–74, Sep. 2014.
 G. S. Tuncay, S. Demetriou, K. Ganju, and C. A. Gunter, “Resolving the predicament of android custom permissions,” in NDSS ’18, 2018.
 N. Viennot, E. Garcia, and J. Nieh, “A measurement study of Google Play,” in SIGMETRICS ’14, 2014.
 H. Wang, Z. Liu, Y. Guo, X. Chen, M. Zhang, G. Xu, and J. Hong, “An explorative study of the mobile app ecosystem from app developers’ perspective,” in WWW ’17, 2017.
 T. Watanabe, M. Akiyama, T. Sakai, and T. Mori, “Understanding the inconsistencies between text descriptions and the use of privacy-sensitive resources of mobile apps,” in SOUPS ’15, 2015.
 L. Yu, X. Luo, X. Liu, and T. Zhang, “Can we trust the privacy policies of android apps?” in DSN ’16, 2016.
 Y. Zhuang, A. Rafetseder, Y. Hu, Y. Tian, and J. Cappos, “Sensibility Testbed: Automated IRB policy enforcement in mobile research apps,” in HotMobile ’18, 2018.
 S. Zimmeck and S. M. Bellovin, “Privee: An architecture for automatically analyzing web privacy policies,” in USENIX Security ’14, 2014.
 S. Zimmeck, Z. Wang, L. Zou, R. Iyengar, B. Liu, F. Schaub, S. Wilson, N. Sadeh, S. M. Bellovin, and J. Reidenberg, “Automated analysis of privacy requirements for mobile apps,” in NDSS ’17, 2017.