---
_id: '52235'
abstract:
- lang: eng
  text: "Android applications collecting data from users must protect it according
    to the current legal frameworks. Such data protection has become even more important
    since the European Union rolled out the General Data Protection Regulation (GDPR).
    Since app developers are not legal experts, they find it difficult to write privacy-aware
    source code. Moreover, they have limited tool support to reason about data protection
    throughout their app development process.\r\nThis paper motivates the need for
    a static analysis approach to diagnose and explain data protection in Android
    apps. The analysis will recognize personal data sources in the source code, and
    aims to further examine the data flow originating from these sources. App developers
    can then address key questions about data manipulation, derived data, and the
    presence of technical measures. Despite challenges, we explore to what extent
    one can realize this analysis through static taint analysis, a common method for
    identifying security vulnerabilities. This is a first step towards designing a
    tool-based approach that aids app developers and assessors in ensuring data protection
    in Android apps, based on automated static program analysis. "
author:
- first_name: Mugdha
  full_name: Khedkar, Mugdha
  id: '88024'
  last_name: Khedkar
- first_name: Eric
  full_name: Bodden, Eric
  id: '59256'
  last_name: Bodden
  orcid: 0000-0003-3470-3647
citation:
  ama: 'Khedkar M, Bodden E. Toward an Android Static Analysis Approach for Data Protection.
    In: <i>Proceedings of the IEEE/ACM 11th International Conference on Mobile Software
    Engineering and Systems (MOBILESoft ’24). Association for Computing Machinery,
    New York, NY, USA, 65–68.</i> ; 2024. doi:<a href="https://doi.org/10.1145/3647632.3651389">10.1145/3647632.3651389</a>'
  apa: Khedkar, M., &#38; Bodden, E. (2024). Toward an Android Static Analysis Approach
    for Data Protection. <i>Proceedings of the IEEE/ACM 11th International Conference
    on Mobile Software Engineering and Systems (MOBILESoft ’24). Association for Computing
    Machinery, New York, NY, USA, 65–68.</i> 11th International Conference on Mobile
    Software Engineering and Systems 2024, Lisbon, Portugal. <a href="https://doi.org/10.1145/3647632.3651389">https://doi.org/10.1145/3647632.3651389</a>
  bibtex: '@inproceedings{Khedkar_Bodden_2024, title={Toward an Android Static Analysis
    Approach for Data Protection}, DOI={<a href="https://doi.org/10.1145/3647632.3651389">10.1145/3647632.3651389</a>},
    booktitle={Proceedings of the IEEE/ACM 11th International Conference on Mobile
    Software Engineering and Systems (MOBILESoft ’24). Association for Computing Machinery,
    New York, NY, USA, 65–68.}, author={Khedkar, Mugdha and Bodden, Eric}, year={2024}
    }'
  chicago: Khedkar, Mugdha, and Eric Bodden. “Toward an Android Static Analysis Approach
    for Data Protection.” In <i>Proceedings of the IEEE/ACM 11th International Conference
    on Mobile Software Engineering and Systems (MOBILESoft ’24). Association for Computing
    Machinery, New York, NY, USA, 65–68.</i>, 2024. <a href="https://doi.org/10.1145/3647632.3651389">https://doi.org/10.1145/3647632.3651389</a>.
  ieee: 'M. Khedkar and E. Bodden, “Toward an Android Static Analysis Approach for
    Data Protection,” presented at the 11th International Conference on Mobile Software
    Engineering and Systems 2024, Lisbon, Portugal, 2024, doi: <a href="https://doi.org/10.1145/3647632.3651389">10.1145/3647632.3651389</a>.'
  mla: Khedkar, Mugdha, and Eric Bodden. “Toward an Android Static Analysis Approach
    for Data Protection.” <i>Proceedings of the IEEE/ACM 11th International Conference
    on Mobile Software Engineering and Systems (MOBILESoft ’24). Association for Computing
    Machinery, New York, NY, USA, 65–68.</i>, 2024, doi:<a href="https://doi.org/10.1145/3647632.3651389">10.1145/3647632.3651389</a>.
  short: 'M. Khedkar, E. Bodden, in: Proceedings of the IEEE/ACM 11th International
    Conference on Mobile Software Engineering and Systems (MOBILESoft ’24). Association
    for Computing Machinery, New York, NY, USA, 65–68., 2024.'
conference:
  end_date: 2024-04-15
  location: Lisbon, Portugal
  name: 11th International Conference on Mobile Software Engineering and Systems 2024
  start_date: 2024-04-14
date_created: 2024-03-03T14:37:53Z
date_updated: 2026-03-04T08:11:48Z
ddc:
- '006'
department:
- _id: '76'
doi: 10.1145/3647632.3651389
external_id:
  arxiv:
  - '2402.07889'
file:
- access_level: closed
  content_type: application/pdf
  creator: khedkarm
  date_created: 2024-03-03T14:39:08Z
  date_updated: 2024-03-03T14:39:08Z
  file_id: '52236'
  file_name: 2402.07889v1.pdf
  file_size: 530812
  relation: main_file
  success: 1
file_date_updated: 2024-03-03T14:39:08Z
has_accepted_license: '1'
keyword:
- static program analysis
- data protection and privacy
- GDPR compliance
language:
- iso: eng
publication: Proceedings of the IEEE/ACM 11th International Conference on Mobile Software
  Engineering and Systems (MOBILESoft '24). Association for Computing Machinery, New
  York, NY, USA, 65–68.
status: public
title: Toward an Android Static Analysis Approach for Data Protection
type: conference
user_id: '88024'
year: '2024'
...
---
_id: '44146'
abstract:
- lang: eng
  text: "Many Android applications collect data from users. When they do, they must\r\nprotect
    this collected data according to the current legal frameworks. Such\r\ndata protection
    has become even more important since the European Union rolled\r\nout the General
    Data Protection Regulation (GDPR). App developers have limited\r\ntool support
    to reason about data protection throughout their app development\r\nprocess. Although
    many Android applications state a privacy policy, privacy\r\npolicy compliance
    checks are currently manual, expensive, and prone to error.\r\nOne of the major
    challenges in privacy audits is the significant gap between\r\nlegal privacy statements
    (in English text) and technical measures that Android\r\napps use to protect their
    user's privacy. In this thesis, we will explore to\r\nwhat extent we can use static
    analysis to answer important questions regarding\r\ndata protection. Our main
    goal is to design a tool based approach that aids app\r\ndevelopers and auditors
    in ensuring data protection in Android applications,\r\nbased on automated static
    program analysis."
author:
- first_name: Mugdha
  full_name: Khedkar, Mugdha
  id: '88024'
  last_name: Khedkar
citation:
  ama: 'Khedkar M. Static Analysis for Android GDPR Compliance Assurance. In: <i>2023
    IEEE/ACM 45th International Conference on Software Engineering: Companion Proceedings
    (ICSE-Companion), Melbourne, Australia, 2023, Pp. 197-199</i>. doi:<a href="https://doi.org/10.1109/ICSE-Companion58688.2023.00054">10.1109/ICSE-Companion58688.2023.00054</a>'
  apa: 'Khedkar, M. (n.d.). Static Analysis for Android GDPR Compliance Assurance.
    <i>2023 IEEE/ACM 45th International Conference on Software Engineering: Companion
    Proceedings (ICSE-Companion), Melbourne, Australia, 2023, Pp. 197-199</i>. <a
    href="https://doi.org/10.1109/ICSE-Companion58688.2023.00054">https://doi.org/10.1109/ICSE-Companion58688.2023.00054</a>'
  bibtex: '@inproceedings{Khedkar, title={Static Analysis for Android GDPR Compliance
    Assurance}, DOI={<a href="https://doi.org/10.1109/ICSE-Companion58688.2023.00054">10.1109/ICSE-Companion58688.2023.00054</a>},
    booktitle={2023 IEEE/ACM 45th International Conference on Software Engineering:
    Companion Proceedings (ICSE-Companion), Melbourne, Australia, 2023, pp. 197-199},
    author={Khedkar, Mugdha} }'
  chicago: 'Khedkar, Mugdha. “Static Analysis for Android GDPR Compliance Assurance.”
    In <i>2023 IEEE/ACM 45th International Conference on Software Engineering: Companion
    Proceedings (ICSE-Companion), Melbourne, Australia, 2023, Pp. 197-199</i>, n.d.
    <a href="https://doi.org/10.1109/ICSE-Companion58688.2023.00054">https://doi.org/10.1109/ICSE-Companion58688.2023.00054</a>.'
  ieee: 'M. Khedkar, “Static Analysis for Android GDPR Compliance Assurance,” doi:
    <a href="https://doi.org/10.1109/ICSE-Companion58688.2023.00054">10.1109/ICSE-Companion58688.2023.00054</a>.'
  mla: 'Khedkar, Mugdha. “Static Analysis for Android GDPR Compliance Assurance.”
    <i>2023 IEEE/ACM 45th International Conference on Software Engineering: Companion
    Proceedings (ICSE-Companion), Melbourne, Australia, 2023, Pp. 197-199</i>, doi:<a
    href="https://doi.org/10.1109/ICSE-Companion58688.2023.00054">10.1109/ICSE-Companion58688.2023.00054</a>.'
  short: 'M. Khedkar, in: 2023 IEEE/ACM 45th International Conference on Software
    Engineering: Companion Proceedings (ICSE-Companion), Melbourne, Australia, 2023,
    Pp. 197-199, n.d.'
date_created: 2023-04-24T12:14:17Z
date_updated: 2024-09-16T08:46:25Z
ddc:
- '004'
department:
- _id: '76'
doi: 10.1109/ICSE-Companion58688.2023.00054
external_id:
  arxiv:
  - '2303.09606'
file:
- access_level: closed
  content_type: application/pdf
  creator: khedkarm
  date_created: 2023-04-24T12:15:27Z
  date_updated: 2023-04-24T12:15:27Z
  file_id: '44147'
  file_name: 2023047614.pdf
  file_size: 85313
  relation: main_file
  success: 1
file_date_updated: 2023-04-24T12:15:27Z
has_accepted_license: '1'
keyword:
- static analysis
- data protection and privacy
- GDPR compliance
language:
- iso: eng
publication: '2023 IEEE/ACM 45th International Conference on Software Engineering:
  Companion Proceedings (ICSE-Companion), Melbourne, Australia, 2023, pp. 197-199'
publication_status: accepted
status: public
title: Static Analysis for Android GDPR Compliance Assurance
type: conference
user_id: '88024'
year: '2023'
...