@inproceedings{52235,
  abstract     = {{Android applications collecting data from users must protect it according to the current legal frameworks. Such data protection has become even more important since the European Union rolled out the General Data Protection Regulation (GDPR). Since app developers are not legal experts, they find it difficult to write privacy-aware source code. Moreover, they have limited tool support to reason about data protection throughout their app development process.
This paper motivates the need for a static analysis approach to diagnose and explain data protection in Android apps. The analysis will recognize personal data sources in the source code, and aims to further examine the data flow originating from these sources. App developers can then address key questions about data manipulation, derived data, and the presence of technical measures. Despite challenges, we explore to what extent one can realize this analysis through static taint analysis, a common method for identifying security vulnerabilities. This is a first step towards designing a tool-based approach that aids app developers and assessors in ensuring data protection in Android apps, based on automated static program analysis. }},
  author       = {{Khedkar, Mugdha and Bodden, Eric}},
  booktitle    = {{Proceedings of the IEEE/ACM 11th International Conference on Mobile Software Engineering and Systems (MOBILESoft '24). Association for Computing Machinery, New York, NY, USA, 65–68.}},
  keywords     = {{static program analysis, data protection and privacy, GDPR compliance}},
  location     = {{Lisbon, Portugal}},
  title        = {{{Toward an Android Static Analysis Approach for Data Protection}}},
  doi          = {{10.1145/3647632.3651389}},
  year         = {{2024}},
}

@inproceedings{15838,
  abstract     = {{In the field of software analysis a trade-off between scalability and accuracy always exists. In this respect, Android app analysis is no exception, in particular, analyzing large or many apps can be challenging. Dealing with many small apps is a typical challenge when facing micro-benchmarks such as DROIDBENCH or ICC-BENCH. These particular benchmarks are not only used for the evaluation of novel tools but also in continuous integration pipelines of existing mature tools to maintain and guarantee a certain quality-level. Considering this latter usage it becomes very important to be able to achieve benchmark results as fast as possible. Hence, benchmarks have to be optimized for this purpose. One approach to do so is app merging. We implemented the Android Merge Tool (AMT) following this approach and show that its novel aspects can be used to produce scaled up and accurate benchmarks. For such benchmarks Android app analysis tools do not suffer from the scalability-accuracy trade-off anymore. We show this throughout detailed experiments on DROIDBENCH employing three different analysis tools (AMANDROID, ICCTA, FLOWDROID). Benchmark execution times are largely reduced without losing benchmark accuracy. Moreover, we argue why AMT is an advantageous successor of the state-of-the-art app merging tool (APKCOMBINER) in analysis lift-up scenarios.}},
  author       = {{Pauck, Felix and Zhang, Shikun}},
  booktitle    = {{2019 34th IEEE/ACM International Conference on Automated Software Engineering Workshop (ASEW)}},
  isbn         = {{9781728141367}},
  keywords     = {{Program Analysis, Android App Analysis, Taint Analysis, App Merging, Benchmark}},
  title        = {{{Android App Merging for Benchmark Speed-Up and Analysis Lift-Up}}},
  doi          = {{10.1109/asew.2019.00019}},
  year         = {{2019}},
}

@article{20543,
  author       = {{Nguyen Quang Do, Lisa and Krüger, Stefan and Hill, Patrick and Ali, Karim and Bodden, Eric}},
  issn         = {{2326-3881}},
  journal      = {{IEEE Transactions on Software Engineering}},
  keywords     = {{Debugging, Static analysis, Tools, Computer bugs, Standards, Writing, Encoding, Testing and Debugging, Program analysis, Development tools, Integrated environments, Graphical environments, Usability testing}},
  pages        = {{1--1}},
  title        = {{{Debugging Static Analysis}}},
  doi          = {{10.1109/TSE.2018.2868349}},
  year         = {{2018}},
}

@inproceedings{20547,
  author       = {{Nguyen Quang Do, Lisa and Bodden, Eric}},
  booktitle    = {{Proceedings of the 2018 26th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering}},
  isbn         = {{978-1-4503-5573-5}},
  keywords     = {{Gamification, Integrated Environments, Program analysis}},
  pages        = {{714--718}},
  publisher    = {{ACM}},
  title        = {{{Gamifying Static Analysis}}},
  doi          = {{10.1145/3236024.3264830}},
  year         = {{2018}},
}