[{"type":"conference","status":"public","_id":"52235","user_id":"88024","department":[{"_id":"76"}],"file_date_updated":"2024-03-03T14:39:08Z","has_accepted_license":"1","citation":{"chicago":"Khedkar, Mugdha, and Eric Bodden. “Toward an Android Static Analysis Approach for Data Protection.” In <i>Proceedings of the IEEE/ACM 11th International Conference on Mobile Software Engineering and Systems (MOBILESoft ’24). Association for Computing Machinery, New York, NY, USA, 65–68.</i>, 2024. <a href=\"https://doi.org/10.1145/3647632.3651389\">https://doi.org/10.1145/3647632.3651389</a>.","ieee":"M. Khedkar and E. Bodden, “Toward an Android Static Analysis Approach for Data Protection,” presented at the 11th International Conference on Mobile Software Engineering and Systems 2024, Lisbon, Portugal, 2024, doi: <a href=\"https://doi.org/10.1145/3647632.3651389\">10.1145/3647632.3651389</a>.","ama":"Khedkar M, Bodden E. Toward an Android Static Analysis Approach for Data Protection. In: <i>Proceedings of the IEEE/ACM 11th International Conference on Mobile Software Engineering and Systems (MOBILESoft ’24). Association for Computing Machinery, New York, NY, USA, 65–68.</i> ; 2024. doi:<a href=\"https://doi.org/10.1145/3647632.3651389\">10.1145/3647632.3651389</a>","mla":"Khedkar, Mugdha, and Eric Bodden. “Toward an Android Static Analysis Approach for Data Protection.” <i>Proceedings of the IEEE/ACM 11th International Conference on Mobile Software Engineering and Systems (MOBILESoft ’24). Association for Computing Machinery, New York, NY, USA, 65–68.</i>, 2024, doi:<a href=\"https://doi.org/10.1145/3647632.3651389\">10.1145/3647632.3651389</a>.","bibtex":"@inproceedings{Khedkar_Bodden_2024, title={Toward an Android Static Analysis Approach for Data Protection}, DOI={<a href=\"https://doi.org/10.1145/3647632.3651389\">10.1145/3647632.3651389</a>}, booktitle={Proceedings of the IEEE/ACM 11th International Conference on Mobile Software Engineering and Systems (MOBILESoft ’24). Association for Computing Machinery, New York, NY, USA, 65–68.}, author={Khedkar, Mugdha and Bodden, Eric}, year={2024} }","short":"M. Khedkar, E. Bodden, in: Proceedings of the IEEE/ACM 11th International Conference on Mobile Software Engineering and Systems (MOBILESoft ’24). Association for Computing Machinery, New York, NY, USA, 65–68., 2024.","apa":"Khedkar, M., &#38; Bodden, E. (2024). Toward an Android Static Analysis Approach for Data Protection. <i>Proceedings of the IEEE/ACM 11th International Conference on Mobile Software Engineering and Systems (MOBILESoft ’24). Association for Computing Machinery, New York, NY, USA, 65–68.</i> 11th International Conference on Mobile Software Engineering and Systems 2024, Lisbon, Portugal. <a href=\"https://doi.org/10.1145/3647632.3651389\">https://doi.org/10.1145/3647632.3651389</a>"},"date_updated":"2026-03-04T08:11:48Z","author":[{"first_name":"Mugdha","full_name":"Khedkar, Mugdha","id":"88024","last_name":"Khedkar"},{"full_name":"Bodden, Eric","id":"59256","orcid":"0000-0003-3470-3647","last_name":"Bodden","first_name":"Eric"}],"doi":"10.1145/3647632.3651389","conference":{"end_date":"2024-04-15","location":"Lisbon, Portugal","name":"11th International Conference on Mobile Software Engineering and Systems 2024","start_date":"2024-04-14"},"publication":"Proceedings of the IEEE/ACM 11th International Conference on Mobile Software Engineering and Systems (MOBILESoft '24). Association for Computing Machinery, New York, NY, USA, 65–68.","abstract":[{"text":"Android applications collecting data from users must protect it according to the current legal frameworks. Such data protection has become even more important since the European Union rolled out the General Data Protection Regulation (GDPR). Since app developers are not legal experts, they find it difficult to write privacy-aware source code. Moreover, they have limited tool support to reason about data protection throughout their app development process.\r\nThis paper motivates the need for a static analysis approach to diagnose and explain data protection in Android apps. The analysis will recognize personal data sources in the source code, and aims to further examine the data flow originating from these sources. App developers can then address key questions about data manipulation, derived data, and the presence of technical measures. Despite challenges, we explore to what extent one can realize this analysis through static taint analysis, a common method for identifying security vulnerabilities. This is a first step towards designing a tool-based approach that aids app developers and assessors in ensuring data protection in Android apps, based on automated static program analysis. ","lang":"eng"}],"file":[{"date_created":"2024-03-03T14:39:08Z","creator":"khedkarm","date_updated":"2024-03-03T14:39:08Z","access_level":"closed","file_id":"52236","file_name":"2402.07889v1.pdf","file_size":530812,"content_type":"application/pdf","relation":"main_file","success":1}],"external_id":{"arxiv":["2402.07889"]},"ddc":["006"],"keyword":["static program analysis","data protection and privacy","GDPR compliance"],"language":[{"iso":"eng"}],"year":"2024","date_created":"2024-03-03T14:37:53Z","title":"Toward an Android Static Analysis Approach for Data Protection"},{"file_date_updated":"2020-02-06T17:09:45Z","department":[{"_id":"77"}],"user_id":"477","_id":"15838","project":[{"_id":"1","name":"SFB 901"},{"name":"SFB 901 - Project Area B","_id":"3"},{"name":"SFB 901 - Subproject B4","_id":"12"}],"status":"public","type":"conference","doi":"10.1109/asew.2019.00019","author":[{"full_name":"Pauck, Felix","id":"22398","last_name":"Pauck","first_name":"Felix"},{"full_name":"Zhang, Shikun","last_name":"Zhang","first_name":"Shikun"}],"date_updated":"2022-01-06T06:52:38Z","citation":{"ama":"Pauck F, Zhang S. Android App Merging for Benchmark Speed-Up and Analysis Lift-Up. In: <i>2019 34th IEEE/ACM International Conference on Automated Software Engineering Workshop (ASEW)</i>. ; 2019. doi:<a href=\"https://doi.org/10.1109/asew.2019.00019\">10.1109/asew.2019.00019</a>","ieee":"F. Pauck and S. Zhang, “Android App Merging for Benchmark Speed-Up and Analysis Lift-Up,” in <i>2019 34th IEEE/ACM International Conference on Automated Software Engineering Workshop (ASEW)</i>, 2019.","chicago":"Pauck, Felix, and Shikun Zhang. “Android App Merging for Benchmark Speed-Up and Analysis Lift-Up.” In <i>2019 34th IEEE/ACM International Conference on Automated Software Engineering Workshop (ASEW)</i>, 2019. <a href=\"https://doi.org/10.1109/asew.2019.00019\">https://doi.org/10.1109/asew.2019.00019</a>.","apa":"Pauck, F., &#38; Zhang, S. (2019). Android App Merging for Benchmark Speed-Up and Analysis Lift-Up. In <i>2019 34th IEEE/ACM International Conference on Automated Software Engineering Workshop (ASEW)</i>. <a href=\"https://doi.org/10.1109/asew.2019.00019\">https://doi.org/10.1109/asew.2019.00019</a>","bibtex":"@inproceedings{Pauck_Zhang_2019, title={Android App Merging for Benchmark Speed-Up and Analysis Lift-Up}, DOI={<a href=\"https://doi.org/10.1109/asew.2019.00019\">10.1109/asew.2019.00019</a>}, booktitle={2019 34th IEEE/ACM International Conference on Automated Software Engineering Workshop (ASEW)}, author={Pauck, Felix and Zhang, Shikun}, year={2019} }","short":"F. Pauck, S. Zhang, in: 2019 34th IEEE/ACM International Conference on Automated Software Engineering Workshop (ASEW), 2019.","mla":"Pauck, Felix, and Shikun Zhang. “Android App Merging for Benchmark Speed-Up and Analysis Lift-Up.” <i>2019 34th IEEE/ACM International Conference on Automated Software Engineering Workshop (ASEW)</i>, 2019, doi:<a href=\"https://doi.org/10.1109/asew.2019.00019\">10.1109/asew.2019.00019</a>."},"publication_identifier":{"isbn":["9781728141367"]},"has_accepted_license":"1","publication_status":"published","language":[{"iso":"eng"}],"keyword":["Program Analysis","Android App Analysis","Taint Analysis","App Merging","Benchmark"],"ddc":["004"],"file":[{"relation":"main_file","content_type":"application/pdf","access_level":"closed","file_name":"AMT_final.pdf","file_id":"15839","file_size":644517,"date_created":"2020-02-06T17:09:45Z","creator":"fpauck","date_updated":"2020-02-06T17:09:45Z"}],"abstract":[{"text":"In the field of software analysis a trade-off between scalability and accuracy always exists. In this respect, Android app analysis is no exception, in particular, analyzing large or many apps can be challenging. Dealing with many small apps is a typical challenge when facing micro-benchmarks such as DROIDBENCH or ICC-BENCH. These particular benchmarks are not only used for the evaluation of novel tools but also in continuous integration pipelines of existing mature tools to maintain and guarantee a certain quality-level. Considering this latter usage it becomes very important to be able to achieve benchmark results as fast as possible. Hence, benchmarks have to be optimized for this purpose. One approach to do so is app merging. We implemented the Android Merge Tool (AMT) following this approach and show that its novel aspects can be used to produce scaled up and accurate benchmarks. For such benchmarks Android app analysis tools do not suffer from the scalability-accuracy trade-off anymore. We show this throughout detailed experiments on DROIDBENCH employing three different analysis tools (AMANDROID, ICCTA, FLOWDROID). Benchmark execution times are largely reduced without losing benchmark accuracy. Moreover, we argue why AMT is an advantageous successor of the state-of-the-art app merging tool (APKCOMBINER) in analysis lift-up scenarios.","lang":"eng"}],"publication":"2019 34th IEEE/ACM International Conference on Automated Software Engineering Workshop (ASEW)","title":"Android App Merging for Benchmark Speed-Up and Analysis Lift-Up","date_created":"2020-02-06T17:06:51Z","year":"2019"},{"citation":{"apa":"Nguyen Quang Do, L., Krüger, S., Hill, P., Ali, K., &#38; Bodden, E. (2018). Debugging Static Analysis. <i>IEEE Transactions on Software Engineering</i>, 1–1. <a href=\"https://doi.org/10.1109/TSE.2018.2868349\">https://doi.org/10.1109/TSE.2018.2868349</a>","bibtex":"@article{Nguyen Quang Do_Krüger_Hill_Ali_Bodden_2018, title={Debugging Static Analysis}, DOI={<a href=\"https://doi.org/10.1109/TSE.2018.2868349\">10.1109/TSE.2018.2868349</a>}, journal={IEEE Transactions on Software Engineering}, author={Nguyen Quang Do, Lisa and Krüger, Stefan and Hill, Patrick and Ali, Karim and Bodden, Eric}, year={2018}, pages={1–1} }","mla":"Nguyen Quang Do, Lisa, et al. “Debugging Static Analysis.” <i>IEEE Transactions on Software Engineering</i>, 2018, pp. 1–1, doi:<a href=\"https://doi.org/10.1109/TSE.2018.2868349\">10.1109/TSE.2018.2868349</a>.","short":"L. Nguyen Quang Do, S. Krüger, P. Hill, K. Ali, E. Bodden, IEEE Transactions on Software Engineering (2018) 1–1.","ama":"Nguyen Quang Do L, Krüger S, Hill P, Ali K, Bodden E. Debugging Static Analysis. <i>IEEE Transactions on Software Engineering</i>. Published online 2018:1-1. doi:<a href=\"https://doi.org/10.1109/TSE.2018.2868349\">10.1109/TSE.2018.2868349</a>","chicago":"Nguyen Quang Do, Lisa, Stefan Krüger, Patrick Hill, Karim Ali, and Eric Bodden. “Debugging Static Analysis.” <i>IEEE Transactions on Software Engineering</i>, 2018, 1–1. <a href=\"https://doi.org/10.1109/TSE.2018.2868349\">https://doi.org/10.1109/TSE.2018.2868349</a>.","ieee":"L. Nguyen Quang Do, S. Krüger, P. Hill, K. Ali, and E. Bodden, “Debugging Static Analysis,” <i>IEEE Transactions on Software Engineering</i>, pp. 1–1, 2018, doi: <a href=\"https://doi.org/10.1109/TSE.2018.2868349\">10.1109/TSE.2018.2868349</a>."},"page":"1-1","year":"2018","publication_identifier":{"issn":["2326-3881"]},"main_file_link":[{"url":"http://www.bodden.de/pubs/tse18debugging.pdf"}],"doi":"10.1109/TSE.2018.2868349","title":"Debugging Static Analysis","date_created":"2020-11-30T09:32:12Z","author":[{"last_name":"Nguyen Quang Do","full_name":"Nguyen Quang Do, Lisa","first_name":"Lisa"},{"full_name":"Krüger, Stefan","last_name":"Krüger","first_name":"Stefan"},{"first_name":"Patrick","last_name":"Hill","full_name":"Hill, Patrick"},{"last_name":"Ali","full_name":"Ali, Karim","first_name":"Karim"},{"full_name":"Bodden, Eric","id":"59256","last_name":"Bodden","orcid":"0000-0003-3470-3647","first_name":"Eric"}],"date_updated":"2022-01-06T06:54:29Z","status":"public","type":"journal_article","publication":"IEEE Transactions on Software Engineering","language":[{"iso":"eng"}],"keyword":["Debugging","Static analysis","Tools","Computer bugs","Standards","Writing","Encoding","Testing and Debugging","Program analysis","Development tools","Integrated environments","Graphical environments","Usability testing"],"user_id":"5786","department":[{"_id":"76"}],"_id":"20543"},{"language":[{"iso":"eng"}],"keyword":["Gamification","Integrated Environments","Program analysis"],"series_title":"ESEC/FSE 2018","user_id":"5786","department":[{"_id":"76"}],"_id":"20547","status":"public","type":"conference","publication":"Proceedings of the 2018 26th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering","main_file_link":[{"url":"http://www.bodden.de/pubs/db18gamifying.pdf"}],"doi":"10.1145/3236024.3264830","title":"Gamifying Static Analysis","author":[{"first_name":"Lisa","last_name":"Nguyen Quang Do","full_name":"Nguyen Quang Do, Lisa"},{"full_name":"Bodden, Eric","id":"59256","orcid":"0000-0003-3470-3647","last_name":"Bodden","first_name":"Eric"}],"date_created":"2020-11-30T09:37:35Z","publisher":"ACM","date_updated":"2022-01-06T06:54:29Z","citation":{"chicago":"Nguyen Quang Do, Lisa, and Eric Bodden. “Gamifying Static Analysis.” In <i>Proceedings of the 2018 26th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering</i>, 714–18. ESEC/FSE 2018. New York, NY, USA: ACM, 2018. <a href=\"https://doi.org/10.1145/3236024.3264830\">https://doi.org/10.1145/3236024.3264830</a>.","ieee":"L. Nguyen Quang Do and E. Bodden, “Gamifying Static Analysis,” in <i>Proceedings of the 2018 26th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering</i>, 2018, pp. 714–718, doi: <a href=\"https://doi.org/10.1145/3236024.3264830\">10.1145/3236024.3264830</a>.","ama":"Nguyen Quang Do L, Bodden E. Gamifying Static Analysis. In: <i>Proceedings of the 2018 26th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering</i>. ESEC/FSE 2018. ACM; 2018:714-718. doi:<a href=\"https://doi.org/10.1145/3236024.3264830\">10.1145/3236024.3264830</a>","apa":"Nguyen Quang Do, L., &#38; Bodden, E. (2018). Gamifying Static Analysis. <i>Proceedings of the 2018 26th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering</i>, 714–718. <a href=\"https://doi.org/10.1145/3236024.3264830\">https://doi.org/10.1145/3236024.3264830</a>","short":"L. Nguyen Quang Do, E. Bodden, in: Proceedings of the 2018 26th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering, ACM, New York, NY, USA, 2018, pp. 714–718.","bibtex":"@inproceedings{Nguyen Quang Do_Bodden_2018, place={New York, NY, USA}, series={ESEC/FSE 2018}, title={Gamifying Static Analysis}, DOI={<a href=\"https://doi.org/10.1145/3236024.3264830\">10.1145/3236024.3264830</a>}, booktitle={Proceedings of the 2018 26th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering}, publisher={ACM}, author={Nguyen Quang Do, Lisa and Bodden, Eric}, year={2018}, pages={714–718}, collection={ESEC/FSE 2018} }","mla":"Nguyen Quang Do, Lisa, and Eric Bodden. “Gamifying Static Analysis.” <i>Proceedings of the 2018 26th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering</i>, ACM, 2018, pp. 714–18, doi:<a href=\"https://doi.org/10.1145/3236024.3264830\">10.1145/3236024.3264830</a>."},"page":"714-718","place":"New York, NY, USA","year":"2018","publication_identifier":{"isbn":["978-1-4503-5573-5"]}}]