A good graphical user interface (GUI) is crucial for an application's usability,
so vendors and regulatory agencies increasingly place restrictions on how GUI
elements should appear to and interact with users. Motivated by this concern,
this paper presents a new technique (based on static analysis) for checking
conformance between (Android) applications and GUI policies expressed in a
formal specification language. In particular, this paper (1) describes a
specification language for formalizing GUI policies, (2) proposes a new
program abstraction called an event-driven layout forest, and (3) describes
a static analysis for constructing this abstraction and checking it against a
GUI policy. We have implemented the proposed approach in a tool called
Venus, and we evaluate it on 2361 Android
applications and 17 policies. Our
evaluation shows that Venus can uncover malicious applications that perform
ad fraud and identify violations of GUI design guidelines and GDPR
laws.