---
_id: '52235'
abstract:
- lang: eng
  text: "Android applications collecting data from users must protect it according
    to the current legal frameworks. Such data protection has become even more important
    since the European Union rolled out the General Data Protection Regulation (GDPR).
    Since app developers are not legal experts, they find it difficult to write privacy-aware
    source code. Moreover, they have limited tool support to reason about data protection
    throughout their app development process.\r\nThis paper motivates the need for
    a static analysis approach to diagnose and explain data protection in Android
    apps. The analysis will recognize personal data sources in the source code, and
    aims to further examine the data flow originating from these sources. App developers
    can then address key questions about data manipulation, derived data, and the
    presence of technical measures. Despite challenges, we explore to what extent
    one can realize this analysis through static taint analysis, a common method for
    identifying security vulnerabilities. This is a first step towards designing a
    tool-based approach that aids app developers and assessors in ensuring data protection
    in Android apps, based on automated static program analysis. "
author:
- first_name: Mugdha
  full_name: Khedkar, Mugdha
  id: '88024'
  last_name: Khedkar
- first_name: Eric
  full_name: Bodden, Eric
  id: '59256'
  last_name: Bodden
  orcid: 0000-0003-3470-3647
citation:
  ama: 'Khedkar M, Bodden E. Toward an Android Static Analysis Approach for Data Protection.
    In: <i>Proceedings of the IEEE/ACM 11th International Conference on Mobile Software
    Engineering and Systems (MOBILESoft ’24). Association for Computing Machinery,
    New York, NY, USA, 65–68.</i> ; 2024. doi:<a href="https://doi.org/10.1145/3647632.3651389">10.1145/3647632.3651389</a>'
  apa: Khedkar, M., &#38; Bodden, E. (2024). Toward an Android Static Analysis Approach
    for Data Protection. <i>Proceedings of the IEEE/ACM 11th International Conference
    on Mobile Software Engineering and Systems (MOBILESoft ’24). Association for Computing
    Machinery, New York, NY, USA, 65–68.</i> 11th International Conference on Mobile
    Software Engineering and Systems 2024, Lisbon, Portugal. <a href="https://doi.org/10.1145/3647632.3651389">https://doi.org/10.1145/3647632.3651389</a>
  bibtex: '@inproceedings{Khedkar_Bodden_2024, title={Toward an Android Static Analysis
    Approach for Data Protection}, DOI={<a href="https://doi.org/10.1145/3647632.3651389">10.1145/3647632.3651389</a>},
    booktitle={Proceedings of the IEEE/ACM 11th International Conference on Mobile
    Software Engineering and Systems (MOBILESoft ’24). Association for Computing Machinery,
    New York, NY, USA, 65–68.}, author={Khedkar, Mugdha and Bodden, Eric}, year={2024}
    }'
  chicago: Khedkar, Mugdha, and Eric Bodden. “Toward an Android Static Analysis Approach
    for Data Protection.” In <i>Proceedings of the IEEE/ACM 11th International Conference
    on Mobile Software Engineering and Systems (MOBILESoft ’24). Association for Computing
    Machinery, New York, NY, USA, 65–68.</i>, 2024. <a href="https://doi.org/10.1145/3647632.3651389">https://doi.org/10.1145/3647632.3651389</a>.
  ieee: 'M. Khedkar and E. Bodden, “Toward an Android Static Analysis Approach for
    Data Protection,” presented at the 11th International Conference on Mobile Software
    Engineering and Systems 2024, Lisbon, Portugal, 2024, doi: <a href="https://doi.org/10.1145/3647632.3651389">10.1145/3647632.3651389</a>.'
  mla: Khedkar, Mugdha, and Eric Bodden. “Toward an Android Static Analysis Approach
    for Data Protection.” <i>Proceedings of the IEEE/ACM 11th International Conference
    on Mobile Software Engineering and Systems (MOBILESoft ’24). Association for Computing
    Machinery, New York, NY, USA, 65–68.</i>, 2024, doi:<a href="https://doi.org/10.1145/3647632.3651389">10.1145/3647632.3651389</a>.
  short: 'M. Khedkar, E. Bodden, in: Proceedings of the IEEE/ACM 11th International
    Conference on Mobile Software Engineering and Systems (MOBILESoft ’24). Association
    for Computing Machinery, New York, NY, USA, 65–68., 2024.'
conference:
  end_date: 2024-04-15
  location: Lisbon, Portugal
  name: 11th International Conference on Mobile Software Engineering and Systems 2024
  start_date: 2024-04-14
date_created: 2024-03-03T14:37:53Z
date_updated: 2026-03-04T08:11:48Z
ddc:
- '006'
department:
- _id: '76'
doi: 10.1145/3647632.3651389
external_id:
  arxiv:
  - '2402.07889'
file:
- access_level: closed
  content_type: application/pdf
  creator: khedkarm
  date_created: 2024-03-03T14:39:08Z
  date_updated: 2024-03-03T14:39:08Z
  file_id: '52236'
  file_name: 2402.07889v1.pdf
  file_size: 530812
  relation: main_file
  success: 1
file_date_updated: 2024-03-03T14:39:08Z
has_accepted_license: '1'
keyword:
- static program analysis
- data protection and privacy
- GDPR compliance
language:
- iso: eng
publication: Proceedings of the IEEE/ACM 11th International Conference on Mobile Software
  Engineering and Systems (MOBILESoft '24). Association for Computing Machinery, New
  York, NY, USA, 65–68.
status: public
title: Toward an Android Static Analysis Approach for Data Protection
type: conference
user_id: '88024'
year: '2024'
...