My research lies at the intersection of Usable Privacy & Security and Software Engineering, with a central interest in Privacy Policy as a bridge between software practices, regulatory requirements, and user-facing privacy communication. I develop empirical methods and engineering tools that help software practitioners implement privacy and security requirements, while enabling end-users to better understand and act on privacy information. My work has been published in top-tier Cybersecurity (USENIX Sec, IEEE S&P, PETS), Software Engineering (ICSE, FSE, ASE, TSE, TOSEM), and ML/AI (ICML, AAAI) venues.

II organize my research landscape into two closely connected areas: Usable Privacy & Security and Software Engineering, as below.

Usable Privacy and Security

1) Privacy Policy and Privacy Document Generation

• Automated Privacy Policy Generators [USENIX Sec’24], Privacy Bills of Materials (PriBOM) [PETS’25]
• Privacy Labels Generation for Websites [arXiv], Privacy Labels Generation for GAI-based Application Repos [arXiv]

2) Usability of Privacy Documents

• Contextual Privacy Policies for Mobile Apps [USENIX Sec’24][ASE’25] [SE’26]
• Privacy Policy Transparency for AI4Science [CHI’25], Financial Mobile Apps [IST’25]
• iOS App Privacy Reports [IEEE S&P’25], Risk-based Privacy Disclosures [Tel’ Policy’26]

3) Longitudinal Measurement of Privacy Policy Evolution

• Android Mobile App and Their Privacy Policies from 2017 to 2024
• Frontier LLM Provider Privacy Policies from 2021 to 2025 [arXiv]

4) Governance, Safety, and Accountability Documents

• Environmental, Social, and Governance (ESG) Reports [ICSA’26]
• Australian AI Transparency Statement [arXiv]
• Code of Conducts of Online Video Games [arXiv]

5) Security and Privacy of LLMs/Agent/Skills

• Privacy Risks in Android Smartphone Agents [APSEC’25], User Privacy Perceptions of GenAI Smartphones [arXiv]
• Privacy Awareness of MLLM Smartphone Agents [AAAI’26], Privacy Personalizaion of MLLM Smartphone Agents [arXiv]
• Right to be Forgotten in LLMs [AI&Ethics’24], Fairness of Machine Unlearning [AI&Ethics’25]
• Visual Privacy Protection in Live Streaming [ICML’26], CAPTCHA Using Audio Illusions [arXiv]

Software Engineering

1) AI for Software Engineering (AI4SE)

• Repo-Level Code Generation [TSE’24], Java Unit-test Case Generation [ASE’25][ICSE’26], Security Analysis of Program Generation [ICSE’26], IaC Code Generation [FSE’26]
• Missing Info Augmentation of Textual Vulunerability Descriptions [TSE’25][ASEJ’26]
• Android API Compatibility Issues [arXiv], Android Phone Performance Issues [TOSEM’25]
• Status Quo of AI-empowered Tools in Software Development [arXiv]

2) Software Engineering for AI (SE4AI)

• Automated Service Deployment on Cloud Platforms [FSE’26]
• Identifying AI Capabilities in Android Apps [arXiv]