@inproceedings{52235, abstract = {{Android applications collecting data from users must protect it according to the current legal frameworks. Such data protection has become even more important since the European Union rolled out the General Data Protection Regulation (GDPR). Since app developers are not legal experts, they find it difficult to write privacy-aware source code. Moreover, they have limited tool support to reason about data protection throughout their app development process. This paper motivates the need for a static analysis approach to diagnose and explain data protection in Android apps. The analysis will recognize personal data sources in the source code, and aims to further examine the data flow originating from these sources. App developers can then address key questions about data manipulation, derived data, and the presence of technical measures. Despite challenges, we explore to what extent one can realize this analysis through static taint analysis, a common method for identifying security vulnerabilities. This is a first step towards designing a tool-based approach that aids app developers and assessors in ensuring data protection in Android apps, based on automated static program analysis. }}, author = {{Khedkar, Mugdha and Bodden, Eric}}, booktitle = {{Proceedings of the IEEE/ACM 11th International Conference on Mobile Software Engineering and Systems (MOBILESoft '24). Association for Computing Machinery, New York, NY, USA, 65–68.}}, keywords = {{static program analysis, data protection and privacy, GDPR compliance}}, location = {{Lisbon, Portugal}}, title = {{{Toward an Android Static Analysis Approach for Data Protection}}}, doi = {{10.1145/3647632.3651389}}, year = {{2024}}, } @inproceedings{44146, abstract = {{Many Android applications collect data from users. When they do, they must protect this collected data according to the current legal frameworks. Such data protection has become even more important since the European Union rolled out the General Data Protection Regulation (GDPR). App developers have limited tool support to reason about data protection throughout their app development process. Although many Android applications state a privacy policy, privacy policy compliance checks are currently manual, expensive, and prone to error. One of the major challenges in privacy audits is the significant gap between legal privacy statements (in English text) and technical measures that Android apps use to protect their user's privacy. In this thesis, we will explore to what extent we can use static analysis to answer important questions regarding data protection. Our main goal is to design a tool based approach that aids app developers and auditors in ensuring data protection in Android applications, based on automated static program analysis.}}, author = {{Khedkar, Mugdha}}, booktitle = {{2023 IEEE/ACM 45th International Conference on Software Engineering: Companion Proceedings (ICSE-Companion), Melbourne, Australia, 2023, pp. 197-199}}, keywords = {{static analysis, data protection and privacy, GDPR compliance}}, title = {{{Static Analysis for Android GDPR Compliance Assurance}}}, doi = {{10.1109/ICSE-Companion58688.2023.00054}}, year = {{2023}}, }