---
_id: '52235'
abstract:
- lang: eng
text: "Android applications collecting data from users must protect it according
to the current legal frameworks. Such data protection has become even more important
since the European Union rolled out the General Data Protection Regulation (GDPR).
Since app developers are not legal experts, they find it difficult to write privacy-aware
source code. Moreover, they have limited tool support to reason about data protection
throughout their app development process.\r\nThis paper motivates the need for
a static analysis approach to diagnose and explain data protection in Android
apps. The analysis will recognize personal data sources in the source code, and
aims to further examine the data flow originating from these sources. App developers
can then address key questions about data manipulation, derived data, and the
presence of technical measures. Despite challenges, we explore to what extent
one can realize this analysis through static taint analysis, a common method for
identifying security vulnerabilities. This is a first step towards designing a
tool-based approach that aids app developers and assessors in ensuring data protection
in Android apps, based on automated static program analysis. "
author:
- first_name: Mugdha
full_name: Khedkar, Mugdha
id: '88024'
last_name: Khedkar
- first_name: Eric
full_name: Bodden, Eric
id: '59256'
last_name: Bodden
orcid: 0000-0003-3470-3647
citation:
ama: 'Khedkar M, Bodden E. Toward an Android Static Analysis Approach for Data Protection.
In: Proceedings of the IEEE/ACM 11th International Conference on Mobile Software
Engineering and Systems (MOBILESoft ’24). Association for Computing Machinery,
New York, NY, USA, 65–68. ; 2024. doi:10.1145/3647632.3651389'
apa: Khedkar, M., & Bodden, E. (2024). Toward an Android Static Analysis Approach
for Data Protection. Proceedings of the IEEE/ACM 11th International Conference
on Mobile Software Engineering and Systems (MOBILESoft ’24). Association for Computing
Machinery, New York, NY, USA, 65–68. 11th International Conference on Mobile
Software Engineering and Systems 2024, Lisbon, Portugal. https://doi.org/10.1145/3647632.3651389
bibtex: '@inproceedings{Khedkar_Bodden_2024, title={Toward an Android Static Analysis
Approach for Data Protection}, DOI={10.1145/3647632.3651389},
booktitle={Proceedings of the IEEE/ACM 11th International Conference on Mobile
Software Engineering and Systems (MOBILESoft ’24). Association for Computing Machinery,
New York, NY, USA, 65–68.}, author={Khedkar, Mugdha and Bodden, Eric}, year={2024}
}'
chicago: Khedkar, Mugdha, and Eric Bodden. “Toward an Android Static Analysis Approach
for Data Protection.” In Proceedings of the IEEE/ACM 11th International Conference
on Mobile Software Engineering and Systems (MOBILESoft ’24). Association for Computing
Machinery, New York, NY, USA, 65–68., 2024. https://doi.org/10.1145/3647632.3651389.
ieee: 'M. Khedkar and E. Bodden, “Toward an Android Static Analysis Approach for
Data Protection,” presented at the 11th International Conference on Mobile Software
Engineering and Systems 2024, Lisbon, Portugal, 2024, doi: 10.1145/3647632.3651389.'
mla: Khedkar, Mugdha, and Eric Bodden. “Toward an Android Static Analysis Approach
for Data Protection.” Proceedings of the IEEE/ACM 11th International Conference
on Mobile Software Engineering and Systems (MOBILESoft ’24). Association for Computing
Machinery, New York, NY, USA, 65–68., 2024, doi:10.1145/3647632.3651389.
short: 'M. Khedkar, E. Bodden, in: Proceedings of the IEEE/ACM 11th International
Conference on Mobile Software Engineering and Systems (MOBILESoft ’24). Association
for Computing Machinery, New York, NY, USA, 65–68., 2024.'
conference:
end_date: 2024-04-15
location: Lisbon, Portugal
name: 11th International Conference on Mobile Software Engineering and Systems 2024
start_date: 2024-04-14
date_created: 2024-03-03T14:37:53Z
date_updated: 2026-03-04T08:11:48Z
ddc:
- '006'
department:
- _id: '76'
doi: 10.1145/3647632.3651389
external_id:
arxiv:
- '2402.07889'
file:
- access_level: closed
content_type: application/pdf
creator: khedkarm
date_created: 2024-03-03T14:39:08Z
date_updated: 2024-03-03T14:39:08Z
file_id: '52236'
file_name: 2402.07889v1.pdf
file_size: 530812
relation: main_file
success: 1
file_date_updated: 2024-03-03T14:39:08Z
has_accepted_license: '1'
keyword:
- static program analysis
- data protection and privacy
- GDPR compliance
language:
- iso: eng
publication: Proceedings of the IEEE/ACM 11th International Conference on Mobile Software
Engineering and Systems (MOBILESoft '24). Association for Computing Machinery, New
York, NY, USA, 65–68.
status: public
title: Toward an Android Static Analysis Approach for Data Protection
type: conference
user_id: '88024'
year: '2024'
...
---
_id: '15838'
abstract:
- lang: eng
text: In the field of software analysis a trade-off between scalability and accuracy
always exists. In this respect, Android app analysis is no exception, in particular,
analyzing large or many apps can be challenging. Dealing with many small apps
is a typical challenge when facing micro-benchmarks such as DROIDBENCH or ICC-BENCH.
These particular benchmarks are not only used for the evaluation of novel tools
but also in continuous integration pipelines of existing mature tools to maintain
and guarantee a certain quality-level. Considering this latter usage it becomes
very important to be able to achieve benchmark results as fast as possible. Hence,
benchmarks have to be optimized for this purpose. One approach to do so is app
merging. We implemented the Android Merge Tool (AMT) following this approach and
show that its novel aspects can be used to produce scaled up and accurate benchmarks.
For such benchmarks Android app analysis tools do not suffer from the scalability-accuracy
trade-off anymore. We show this throughout detailed experiments on DROIDBENCH
employing three different analysis tools (AMANDROID, ICCTA, FLOWDROID). Benchmark
execution times are largely reduced without losing benchmark accuracy. Moreover,
we argue why AMT is an advantageous successor of the state-of-the-art app merging
tool (APKCOMBINER) in analysis lift-up scenarios.
author:
- first_name: Felix
full_name: Pauck, Felix
id: '22398'
last_name: Pauck
- first_name: Shikun
full_name: Zhang, Shikun
last_name: Zhang
citation:
ama: 'Pauck F, Zhang S. Android App Merging for Benchmark Speed-Up and Analysis
Lift-Up. In: 2019 34th IEEE/ACM International Conference on Automated Software
Engineering Workshop (ASEW). ; 2019. doi:10.1109/asew.2019.00019'
apa: Pauck, F., & Zhang, S. (2019). Android App Merging for Benchmark Speed-Up
and Analysis Lift-Up. In 2019 34th IEEE/ACM International Conference on Automated
Software Engineering Workshop (ASEW). https://doi.org/10.1109/asew.2019.00019
bibtex: '@inproceedings{Pauck_Zhang_2019, title={Android App Merging for Benchmark
Speed-Up and Analysis Lift-Up}, DOI={10.1109/asew.2019.00019},
booktitle={2019 34th IEEE/ACM International Conference on Automated Software Engineering
Workshop (ASEW)}, author={Pauck, Felix and Zhang, Shikun}, year={2019} }'
chicago: Pauck, Felix, and Shikun Zhang. “Android App Merging for Benchmark Speed-Up
and Analysis Lift-Up.” In 2019 34th IEEE/ACM International Conference on Automated
Software Engineering Workshop (ASEW), 2019. https://doi.org/10.1109/asew.2019.00019.
ieee: F. Pauck and S. Zhang, “Android App Merging for Benchmark Speed-Up and Analysis
Lift-Up,” in 2019 34th IEEE/ACM International Conference on Automated Software
Engineering Workshop (ASEW), 2019.
mla: Pauck, Felix, and Shikun Zhang. “Android App Merging for Benchmark Speed-Up
and Analysis Lift-Up.” 2019 34th IEEE/ACM International Conference on Automated
Software Engineering Workshop (ASEW), 2019, doi:10.1109/asew.2019.00019.
short: 'F. Pauck, S. Zhang, in: 2019 34th IEEE/ACM International Conference on Automated
Software Engineering Workshop (ASEW), 2019.'
date_created: 2020-02-06T17:06:51Z
date_updated: 2022-01-06T06:52:38Z
ddc:
- '004'
department:
- _id: '77'
doi: 10.1109/asew.2019.00019
file:
- access_level: closed
content_type: application/pdf
creator: fpauck
date_created: 2020-02-06T17:09:45Z
date_updated: 2020-02-06T17:09:45Z
file_id: '15839'
file_name: AMT_final.pdf
file_size: 644517
relation: main_file
file_date_updated: 2020-02-06T17:09:45Z
has_accepted_license: '1'
keyword:
- Program Analysis
- Android App Analysis
- Taint Analysis
- App Merging
- Benchmark
language:
- iso: eng
project:
- _id: '1'
name: SFB 901
- _id: '3'
name: SFB 901 - Project Area B
- _id: '12'
name: SFB 901 - Subproject B4
publication: 2019 34th IEEE/ACM International Conference on Automated Software Engineering
Workshop (ASEW)
publication_identifier:
isbn:
- '9781728141367'
publication_status: published
status: public
title: Android App Merging for Benchmark Speed-Up and Analysis Lift-Up
type: conference
user_id: '477'
year: '2019'
...
---
_id: '20543'
author:
- first_name: Lisa
full_name: Nguyen Quang Do, Lisa
last_name: Nguyen Quang Do
- first_name: Stefan
full_name: Krüger, Stefan
last_name: Krüger
- first_name: Patrick
full_name: Hill, Patrick
last_name: Hill
- first_name: Karim
full_name: Ali, Karim
last_name: Ali
- first_name: Eric
full_name: Bodden, Eric
id: '59256'
last_name: Bodden
orcid: 0000-0003-3470-3647
citation:
ama: Nguyen Quang Do L, Krüger S, Hill P, Ali K, Bodden E. Debugging Static Analysis.
IEEE Transactions on Software Engineering. Published online 2018:1-1. doi:10.1109/TSE.2018.2868349
apa: Nguyen Quang Do, L., Krüger, S., Hill, P., Ali, K., & Bodden, E. (2018).
Debugging Static Analysis. IEEE Transactions on Software Engineering, 1–1.
https://doi.org/10.1109/TSE.2018.2868349
bibtex: '@article{Nguyen Quang Do_Krüger_Hill_Ali_Bodden_2018, title={Debugging
Static Analysis}, DOI={10.1109/TSE.2018.2868349},
journal={IEEE Transactions on Software Engineering}, author={Nguyen Quang Do,
Lisa and Krüger, Stefan and Hill, Patrick and Ali, Karim and Bodden, Eric}, year={2018},
pages={1–1} }'
chicago: Nguyen Quang Do, Lisa, Stefan Krüger, Patrick Hill, Karim Ali, and Eric
Bodden. “Debugging Static Analysis.” IEEE Transactions on Software Engineering,
2018, 1–1. https://doi.org/10.1109/TSE.2018.2868349.
ieee: 'L. Nguyen Quang Do, S. Krüger, P. Hill, K. Ali, and E. Bodden, “Debugging
Static Analysis,” IEEE Transactions on Software Engineering, pp. 1–1, 2018,
doi: 10.1109/TSE.2018.2868349.'
mla: Nguyen Quang Do, Lisa, et al. “Debugging Static Analysis.” IEEE Transactions
on Software Engineering, 2018, pp. 1–1, doi:10.1109/TSE.2018.2868349.
short: L. Nguyen Quang Do, S. Krüger, P. Hill, K. Ali, E. Bodden, IEEE Transactions
on Software Engineering (2018) 1–1.
date_created: 2020-11-30T09:32:12Z
date_updated: 2022-01-06T06:54:29Z
department:
- _id: '76'
doi: 10.1109/TSE.2018.2868349
keyword:
- Debugging
- Static analysis
- Tools
- Computer bugs
- Standards
- Writing
- Encoding
- Testing and Debugging
- Program analysis
- Development tools
- Integrated environments
- Graphical environments
- Usability testing
language:
- iso: eng
main_file_link:
- url: http://www.bodden.de/pubs/tse18debugging.pdf
page: 1-1
publication: IEEE Transactions on Software Engineering
publication_identifier:
issn:
- 2326-3881
status: public
title: Debugging Static Analysis
type: journal_article
user_id: '5786'
year: '2018'
...
---
_id: '20547'
author:
- first_name: Lisa
full_name: Nguyen Quang Do, Lisa
last_name: Nguyen Quang Do
- first_name: Eric
full_name: Bodden, Eric
id: '59256'
last_name: Bodden
orcid: 0000-0003-3470-3647
citation:
ama: 'Nguyen Quang Do L, Bodden E. Gamifying Static Analysis. In: Proceedings
of the 2018 26th ACM Joint Meeting on European Software Engineering Conference
and Symposium on the Foundations of Software Engineering. ESEC/FSE 2018. ACM;
2018:714-718. doi:10.1145/3236024.3264830'
apa: Nguyen Quang Do, L., & Bodden, E. (2018). Gamifying Static Analysis. Proceedings
of the 2018 26th ACM Joint Meeting on European Software Engineering Conference
and Symposium on the Foundations of Software Engineering, 714–718. https://doi.org/10.1145/3236024.3264830
bibtex: '@inproceedings{Nguyen Quang Do_Bodden_2018, place={New York, NY, USA},
series={ESEC/FSE 2018}, title={Gamifying Static Analysis}, DOI={10.1145/3236024.3264830},
booktitle={Proceedings of the 2018 26th ACM Joint Meeting on European Software
Engineering Conference and Symposium on the Foundations of Software Engineering},
publisher={ACM}, author={Nguyen Quang Do, Lisa and Bodden, Eric}, year={2018},
pages={714–718}, collection={ESEC/FSE 2018} }'
chicago: 'Nguyen Quang Do, Lisa, and Eric Bodden. “Gamifying Static Analysis.” In
Proceedings of the 2018 26th ACM Joint Meeting on European Software Engineering
Conference and Symposium on the Foundations of Software Engineering, 714–18.
ESEC/FSE 2018. New York, NY, USA: ACM, 2018. https://doi.org/10.1145/3236024.3264830.'
ieee: 'L. Nguyen Quang Do and E. Bodden, “Gamifying Static Analysis,” in Proceedings
of the 2018 26th ACM Joint Meeting on European Software Engineering Conference
and Symposium on the Foundations of Software Engineering, 2018, pp. 714–718,
doi: 10.1145/3236024.3264830.'
mla: Nguyen Quang Do, Lisa, and Eric Bodden. “Gamifying Static Analysis.” Proceedings
of the 2018 26th ACM Joint Meeting on European Software Engineering Conference
and Symposium on the Foundations of Software Engineering, ACM, 2018, pp. 714–18,
doi:10.1145/3236024.3264830.
short: 'L. Nguyen Quang Do, E. Bodden, in: Proceedings of the 2018 26th ACM Joint
Meeting on European Software Engineering Conference and Symposium on the Foundations
of Software Engineering, ACM, New York, NY, USA, 2018, pp. 714–718.'
date_created: 2020-11-30T09:37:35Z
date_updated: 2022-01-06T06:54:29Z
department:
- _id: '76'
doi: 10.1145/3236024.3264830
keyword:
- Gamification
- Integrated Environments
- Program analysis
language:
- iso: eng
main_file_link:
- url: http://www.bodden.de/pubs/db18gamifying.pdf
page: 714-718
place: New York, NY, USA
publication: Proceedings of the 2018 26th ACM Joint Meeting on European Software Engineering
Conference and Symposium on the Foundations of Software Engineering
publication_identifier:
isbn:
- 978-1-4503-5573-5
publisher: ACM
series_title: ESEC/FSE 2018
status: public
title: Gamifying Static Analysis
type: conference
user_id: '5786'
year: '2018'
...