---
_id: '63834'
abstract:
- lang: eng
text: "Abstract\r\n \r\n Many
Android apps collect data from users, and the European Union’s General Data Protection
Regulation (GDPR) mandates clear disclosures of such data collection. However,
apps often use third-party code, complicating accurate disclosures. This paper
investigates how accurately current Android apps fulfill these requirements. In
this work, we present a multi-layered definition of privacy-related data to correctly
report data collection in Android apps. We further create a dataset of privacy-sensitive
data classes that may be used as input by an Android app. This dataset takes into
account data collected both through the user interface and system APIs. Based
on this, we implement a semi-automated prototype that detects and labels privacy-related
data collected by a given Android app. We manually examine the data safety sections
of 70 Android apps to observe how data collection is reported, identifying instances
of over- and under-reporting. We compare our prototype’s results with the data
safety sections of 20 apps revealing reporting discrepancies. Using the results
from two Messaging and Social Media apps (Signal and Instagram), we discuss how
app developers under-report and over-report data collection, respectively, and
identify inaccurately reported data categories. A broader study of 7,500 Android
apps reveals that apps most frequently collect data that can\r\n partially
identify\r\n users. Although system APIs consistently
collect large amounts of privacy-related data, user interfaces exhibit some more
diverse data collection patterns. A more focused study on various domains of apps
reveals that the largest fraction of apps collecting personal data belong to the
domain of\r\n Messaging and Social Media\r\n
\ . Our findings show that location is collected frequently
by apps, specially from the\r\n E-commerce and
Shopping\r\n domain. However, it is often under-reported
in app data safety sections. Our results highlight the need for greater consistency
in privacy-aware app development and reporting practices.\r\n "
article_number: '45'
author:
- first_name: Mugdha
full_name: Khedkar, Mugdha
id: '88024'
last_name: Khedkar
- first_name: Ambuj
full_name: Kumar Mondal, Ambuj
last_name: Kumar Mondal
- first_name: Eric
full_name: Bodden, Eric
id: '59256'
last_name: Bodden
orcid: 0000-0003-3470-3647
citation:
ama: Khedkar M, Kumar Mondal A, Bodden E. A study of privacy-related data collected
by Android apps. Automated Software Engineering. 2026;33(2). doi:10.1007/s10515-025-00589-3
apa: Khedkar, M., Kumar Mondal, A., & Bodden, E. (2026). A study of privacy-related
data collected by Android apps. Automated Software Engineering, 33(2),
Article 45. https://doi.org/10.1007/s10515-025-00589-3
bibtex: '@article{Khedkar_Kumar Mondal_Bodden_2026, title={A study of privacy-related
data collected by Android apps}, volume={33}, DOI={10.1007/s10515-025-00589-3},
number={245}, journal={Automated Software Engineering}, publisher={Springer Science
and Business Media LLC}, author={Khedkar, Mugdha and Kumar Mondal, Ambuj and Bodden,
Eric}, year={2026} }'
chicago: Khedkar, Mugdha, Ambuj Kumar Mondal, and Eric Bodden. “A Study of Privacy-Related
Data Collected by Android Apps.” Automated Software Engineering 33, no.
2 (2026). https://doi.org/10.1007/s10515-025-00589-3.
ieee: 'M. Khedkar, A. Kumar Mondal, and E. Bodden, “A study of privacy-related data
collected by Android apps,” Automated Software Engineering, vol. 33, no.
2, Art. no. 45, 2026, doi: 10.1007/s10515-025-00589-3.'
mla: Khedkar, Mugdha, et al. “A Study of Privacy-Related Data Collected by Android
Apps.” Automated Software Engineering, vol. 33, no. 2, 45, Springer Science
and Business Media LLC, 2026, doi:10.1007/s10515-025-00589-3.
short: M. Khedkar, A. Kumar Mondal, E. Bodden, Automated Software Engineering 33
(2026).
date_created: 2026-02-02T12:36:22Z
date_updated: 2026-02-11T18:33:12Z
ddc:
- '006'
department:
- _id: '76'
doi: 10.1007/s10515-025-00589-3
file:
- access_level: closed
content_type: application/pdf
creator: khedkarm
date_created: 2026-02-11T18:32:52Z
date_updated: 2026-02-11T18:32:52Z
file_id: '64127'
file_name: s10515-025-00589-3-1.pdf
file_size: 3363479
relation: main_file
success: 1
file_date_updated: 2026-02-11T18:32:52Z
has_accepted_license: '1'
intvolume: ' 33'
issue: '2'
language:
- iso: eng
publication: Automated Software Engineering
publication_identifier:
issn:
- 0928-8910
- 1573-7535
publication_status: published
publisher: Springer Science and Business Media LLC
status: public
title: A study of privacy-related data collected by Android apps
type: journal_article
user_id: '88024'
volume: 33
year: '2026'
...
---
_id: '64823'
abstract:
- lang: eng
text: "Current legal frameworks enforce that Android developers accurately report
the data their apps collect. However, large codebases can make this reporting
challenging. This paper employs an empirical approach to understand developers'
experience with Google Play Store's Data Safety Section (DSS) form.\r\n\r\nWe
first survey 41 Android developers to understand how they categorize privacy-related
data into DSS categories and how confident they feel when completing the DSS form.
To gain a broader and more detailed view of the challenges developers encounter
during the process, we complement the survey with an analysis of 172 online developer
discussions, capturing the perspectives of 642 additional developers. Together,
these two data sources represent insights from 683 developers.\r\n\r\nOur findings
reveal that developers often manually classify the privacy-related data their
apps collect into the data categories defined by Google-or, in some cases, omit
classification entirely-and rely heavily on existing online resources when completing
the form. Moreover, developers are generally confident in recognizing the data
their apps collect, yet they lack confidence in translating this knowledge into
DSS-compliant disclosures. Key challenges include issues in identifying privacy-relevant
data to complete the form, limited understanding of the form, and concerns about
app rejection due to discrepancies with Google's privacy requirements.\r\nThese
results underscore the need for clearer guidance and more accessible tooling to
support developers in meeting privacy-aware reporting obligations. "
author:
- first_name: Mugdha
full_name: Khedkar, Mugdha
id: '88024'
last_name: Khedkar
- first_name: Michael
full_name: Schlichtig, Michael
id: '32312'
last_name: Schlichtig
orcid: 0000-0001-6600-6171
- first_name: Mohamed Aboubakr Mohamed
full_name: Soliman, Mohamed Aboubakr Mohamed
id: '102489'
last_name: Soliman
- first_name: Eric
full_name: Bodden, Eric
id: '59256'
last_name: Bodden
orcid: 0000-0003-3470-3647
citation:
ama: 'Khedkar M, Schlichtig M, Soliman MAM, Bodden E. Challenges in Android Data
Disclosure: An Empirical Study. In: Proceedings of the IEEE/ACM 13th International
Conference on Mobile Software Engineering and Systems (MOBILESoft ’26). Association
for Computing Machinery, New York, NY, USA, 65–68. ; 2026.'
apa: 'Khedkar, M., Schlichtig, M., Soliman, M. A. M., & Bodden, E. (2026). Challenges
in Android Data Disclosure: An Empirical Study. Proceedings of the IEEE/ACM
13th International Conference on Mobile Software Engineering and Systems (MOBILESoft
’26). Association for Computing Machinery, New York, NY, USA, 65–68. 13th
International Conference on Mobile Software Engineering and Systems 2024, Rio
de Janeiro, Brazil.'
bibtex: '@inproceedings{Khedkar_Schlichtig_Soliman_Bodden_2026, title={Challenges
in Android Data Disclosure: An Empirical Study.}, booktitle={Proceedings of the
IEEE/ACM 13th International Conference on Mobile Software Engineering and Systems
(MOBILESoft ’26). Association for Computing Machinery, New York, NY, USA, 65–68.},
author={Khedkar, Mugdha and Schlichtig, Michael and Soliman, Mohamed Aboubakr
Mohamed and Bodden, Eric}, year={2026} }'
chicago: 'Khedkar, Mugdha, Michael Schlichtig, Mohamed Aboubakr Mohamed Soliman,
and Eric Bodden. “Challenges in Android Data Disclosure: An Empirical Study.”
In Proceedings of the IEEE/ACM 13th International Conference on Mobile Software
Engineering and Systems (MOBILESoft ’26). Association for Computing Machinery,
New York, NY, USA, 65–68., 2026.'
ieee: 'M. Khedkar, M. Schlichtig, M. A. M. Soliman, and E. Bodden, “Challenges in
Android Data Disclosure: An Empirical Study.,” presented at the 13th International
Conference on Mobile Software Engineering and Systems 2024, Rio de Janeiro, Brazil,
2026.'
mla: 'Khedkar, Mugdha, et al. “Challenges in Android Data Disclosure: An Empirical
Study.” Proceedings of the IEEE/ACM 13th International Conference on Mobile
Software Engineering and Systems (MOBILESoft ’26). Association for Computing Machinery,
New York, NY, USA, 65–68., 2026.'
short: 'M. Khedkar, M. Schlichtig, M.A.M. Soliman, E. Bodden, in: Proceedings of
the IEEE/ACM 13th International Conference on Mobile Software Engineering and
Systems (MOBILESoft ’26). Association for Computing Machinery, New York, NY, USA,
65–68., 2026.'
conference:
end_date: 2026-04-18
location: Rio de Janeiro, Brazil
name: 13th International Conference on Mobile Software Engineering and Systems 2024
start_date: 2026-04-12
date_created: 2026-03-04T08:10:43Z
date_updated: 2026-03-13T12:10:10Z
department:
- _id: '76'
external_id:
arxiv:
- '2601.20459'
keyword:
- static analysis
- data collection
- data protection
- privacy-aware reporting
language:
- iso: eng
publication: Proceedings of the IEEE/ACM 13th International Conference on Mobile Software
Engineering and Systems (MOBILESoft '26). Association for Computing Machinery, New
York, NY, USA, 65–68.
status: public
title: 'Challenges in Android Data Disclosure: An Empirical Study.'
type: conference
user_id: '88024'
year: '2026'
...
---
_id: '64821'
article_number: '56'
author:
- first_name: Mugdha
full_name: Khedkar, Mugdha
id: '88024'
last_name: Khedkar
- first_name: Michael
full_name: Schlichtig, Michael
id: '32312'
last_name: Schlichtig
orcid: 0000-0001-6600-6171
- first_name: Nihad
full_name: Atakishiyev, Nihad
last_name: Atakishiyev
- first_name: Eric
full_name: Bodden, Eric
id: '59256'
last_name: Bodden
orcid: 0000-0003-3470-3647
citation:
ama: 'Khedkar M, Schlichtig M, Atakishiyev N, Bodden E. Between Law and Code: Challenges
and Opportunities for Automating Privacy Assessments. Automated Software Engineering
. 2026;33(2). doi:10.1007/s10515-026-00601-4'
apa: 'Khedkar, M., Schlichtig, M., Atakishiyev, N., & Bodden, E. (2026). Between
Law and Code: Challenges and Opportunities for Automating Privacy Assessments.
Automated Software Engineering , 33(2), Article 56. https://doi.org/10.1007/s10515-026-00601-4'
bibtex: '@article{Khedkar_Schlichtig_Atakishiyev_Bodden_2026, title={Between Law
and Code: Challenges and Opportunities for Automating Privacy Assessments}, volume={33},
DOI={10.1007/s10515-026-00601-4},
number={256}, journal={Automated Software Engineering }, publisher={Springer US},
author={Khedkar, Mugdha and Schlichtig, Michael and Atakishiyev, Nihad and Bodden,
Eric}, year={2026} }'
chicago: 'Khedkar, Mugdha, Michael Schlichtig, Nihad Atakishiyev, and Eric Bodden.
“Between Law and Code: Challenges and Opportunities for Automating Privacy Assessments.”
Automated Software Engineering 33, no. 2 (2026). https://doi.org/10.1007/s10515-026-00601-4.'
ieee: 'M. Khedkar, M. Schlichtig, N. Atakishiyev, and E. Bodden, “Between Law and
Code: Challenges and Opportunities for Automating Privacy Assessments,” Automated
Software Engineering , vol. 33, no. 2, Art. no. 56, 2026, doi: 10.1007/s10515-026-00601-4.'
mla: 'Khedkar, Mugdha, et al. “Between Law and Code: Challenges and Opportunities
for Automating Privacy Assessments.” Automated Software Engineering , vol.
33, no. 2, 56, Springer US, 2026, doi:10.1007/s10515-026-00601-4.'
short: M. Khedkar, M. Schlichtig, N. Atakishiyev, E. Bodden, Automated Software
Engineering 33 (2026).
date_created: 2026-03-04T08:03:14Z
date_updated: 2026-03-13T12:10:38Z
department:
- _id: '76'
doi: 10.1007/s10515-026-00601-4
intvolume: ' 33'
issue: '2'
language:
- iso: eng
publication: 'Automated Software Engineering '
publication_identifier:
unknown:
- 1573-7535
publisher: Springer US
status: public
title: 'Between Law and Code: Challenges and Opportunities for Automating Privacy
Assessments'
type: journal_article
user_id: '88024'
volume: 33
year: '2026'
...
---
_id: '64909'
author:
- first_name: Mugdha
full_name: Khedkar, Mugdha
id: '88024'
last_name: Khedkar
- first_name: Michael
full_name: Schlichtig, Michael
id: '32312'
last_name: Schlichtig
orcid: 0000-0001-6600-6171
- first_name: Eric
full_name: Bodden, Eric
id: '59256'
last_name: Bodden
orcid: 0000-0003-3470-3647
citation:
ama: 'Khedkar M, Schlichtig M, Bodden E. Source Code-Driven GDPR Documentation:
Supporting RoPA with Assessor View. In: IEEE International Conference on Software
Analysis, Evolution and Reengineering (SANER 2026). ; 2026.'
apa: 'Khedkar, M., Schlichtig, M., & Bodden, E. (2026). Source Code-Driven GDPR
Documentation: Supporting RoPA with Assessor View. IEEE International Conference
on Software Analysis, Evolution and Reengineering (SANER 2026).'
bibtex: '@inproceedings{Khedkar_Schlichtig_Bodden_2026, title={Source Code-Driven
GDPR Documentation: Supporting RoPA with Assessor View}, booktitle={IEEE International
Conference on Software Analysis, Evolution and Reengineering (SANER 2026)}, author={Khedkar,
Mugdha and Schlichtig, Michael and Bodden, Eric}, year={2026} }'
chicago: 'Khedkar, Mugdha, Michael Schlichtig, and Eric Bodden. “Source Code-Driven
GDPR Documentation: Supporting RoPA with Assessor View.” In IEEE International
Conference on Software Analysis, Evolution and Reengineering (SANER 2026),
2026.'
ieee: 'M. Khedkar, M. Schlichtig, and E. Bodden, “Source Code-Driven GDPR Documentation:
Supporting RoPA with Assessor View,” 2026.'
mla: 'Khedkar, Mugdha, et al. “Source Code-Driven GDPR Documentation: Supporting
RoPA with Assessor View.” IEEE International Conference on Software Analysis,
Evolution and Reengineering (SANER 2026), 2026.'
short: 'M. Khedkar, M. Schlichtig, E. Bodden, in: IEEE International Conference
on Software Analysis, Evolution and Reengineering (SANER 2026), 2026.'
date_created: 2026-03-13T12:16:09Z
date_updated: 2026-03-13T12:17:01Z
department:
- _id: '76'
language:
- iso: eng
main_file_link:
- url: https://mugdhak30.github.io/assets/Preprints/RoPA_SANER2026.pdf
publication: IEEE International Conference on Software Analysis, Evolution and Reengineering
(SANER 2026)
status: public
title: 'Source Code-Driven GDPR Documentation: Supporting RoPA with Assessor View'
type: conference
user_id: '88024'
year: '2026'
...
---
_id: '65018'
abstract:
- lang: eng
text: "Android applications collecting data from users must protect it according
to the current legal frameworks. Such data protection has become even more important
since in 2018 the European Union rolled out the General Data Protection Regulation
(GDPR). Since app developers are not legal experts, they find it difficult to
integrate privacy-aware practices into source code development. Despite these
legal obligations, developers have limited tool support to reason about data protection
throughout their app development process.\r\n This paper explores the use of
static program slicing and software visualization to analyze privacy-relevant
data flows in Android apps. We introduce SliceViz, a web tool that analyzes an
Android app by slicing all privacy-relevant data sources detected in the source
code on the back-end. It then helps developers by visualizing these privacy-relevant
program slices.\r\n We conducted a user study with 12 participants demonstrating
that SliceViz effectively aids developers in identifying privacy-relevant properties
in Android apps.\r\n Our findings indicate that program slicing can be employed
to identify and reason about privacy-relevant data flows in Android applications.
With further usability improvements, developers can be better equipped to handle
privacy-sensitive information."
author:
- first_name: Mugdha
full_name: Khedkar, Mugdha
id: '88024'
last_name: Khedkar
- first_name: Michael
full_name: Schlichtig, Michael
id: '32312'
last_name: Schlichtig
orcid: 0000-0001-6600-6171
- first_name: Santhosh
full_name: Mohan, Santhosh
last_name: Mohan
- first_name: Eric
full_name: Bodden, Eric
id: '59256'
last_name: Bodden
orcid: 0000-0003-3470-3647
citation:
ama: Khedkar M, Schlichtig M, Mohan S, Bodden E. Visualizing Privacy-Relevant Data
Flows in Android Applications. arXiv:250316640. Published online 2025.
apa: Khedkar, M., Schlichtig, M., Mohan, S., & Bodden, E. (2025). Visualizing
Privacy-Relevant Data Flows in Android Applications. In arXiv:2503.16640.
bibtex: '@article{Khedkar_Schlichtig_Mohan_Bodden_2025, title={Visualizing Privacy-Relevant
Data Flows in Android Applications}, journal={arXiv:2503.16640}, author={Khedkar,
Mugdha and Schlichtig, Michael and Mohan, Santhosh and Bodden, Eric}, year={2025}
}'
chicago: Khedkar, Mugdha, Michael Schlichtig, Santhosh Mohan, and Eric Bodden. “Visualizing
Privacy-Relevant Data Flows in Android Applications.” ArXiv:2503.16640,
2025.
ieee: M. Khedkar, M. Schlichtig, S. Mohan, and E. Bodden, “Visualizing Privacy-Relevant
Data Flows in Android Applications,” arXiv:2503.16640. 2025.
mla: Khedkar, Mugdha, et al. “Visualizing Privacy-Relevant Data Flows in Android
Applications.” ArXiv:2503.16640, 2025.
short: M. Khedkar, M. Schlichtig, S. Mohan, E. Bodden, ArXiv:2503.16640 (2025).
date_created: 2026-03-16T17:39:12Z
date_updated: 2026-03-16T17:40:56Z
department:
- _id: '76'
external_id:
arxiv:
- '2503.16640'
language:
- iso: eng
publication: arXiv:2503.16640
status: public
title: Visualizing Privacy-Relevant Data Flows in Android Applications
type: preprint
user_id: '32312'
year: '2025'
...
---
_id: '52235'
abstract:
- lang: eng
text: "Android applications collecting data from users must protect it according
to the current legal frameworks. Such data protection has become even more important
since the European Union rolled out the General Data Protection Regulation (GDPR).
Since app developers are not legal experts, they find it difficult to write privacy-aware
source code. Moreover, they have limited tool support to reason about data protection
throughout their app development process.\r\nThis paper motivates the need for
a static analysis approach to diagnose and explain data protection in Android
apps. The analysis will recognize personal data sources in the source code, and
aims to further examine the data flow originating from these sources. App developers
can then address key questions about data manipulation, derived data, and the
presence of technical measures. Despite challenges, we explore to what extent
one can realize this analysis through static taint analysis, a common method for
identifying security vulnerabilities. This is a first step towards designing a
tool-based approach that aids app developers and assessors in ensuring data protection
in Android apps, based on automated static program analysis. "
author:
- first_name: Mugdha
full_name: Khedkar, Mugdha
id: '88024'
last_name: Khedkar
- first_name: Eric
full_name: Bodden, Eric
id: '59256'
last_name: Bodden
orcid: 0000-0003-3470-3647
citation:
ama: 'Khedkar M, Bodden E. Toward an Android Static Analysis Approach for Data Protection.
In: Proceedings of the IEEE/ACM 11th International Conference on Mobile Software
Engineering and Systems (MOBILESoft ’24). Association for Computing Machinery,
New York, NY, USA, 65–68. ; 2024. doi:10.1145/3647632.3651389'
apa: Khedkar, M., & Bodden, E. (2024). Toward an Android Static Analysis Approach
for Data Protection. Proceedings of the IEEE/ACM 11th International Conference
on Mobile Software Engineering and Systems (MOBILESoft ’24). Association for Computing
Machinery, New York, NY, USA, 65–68. 11th International Conference on Mobile
Software Engineering and Systems 2024, Lisbon, Portugal. https://doi.org/10.1145/3647632.3651389
bibtex: '@inproceedings{Khedkar_Bodden_2024, title={Toward an Android Static Analysis
Approach for Data Protection}, DOI={10.1145/3647632.3651389},
booktitle={Proceedings of the IEEE/ACM 11th International Conference on Mobile
Software Engineering and Systems (MOBILESoft ’24). Association for Computing Machinery,
New York, NY, USA, 65–68.}, author={Khedkar, Mugdha and Bodden, Eric}, year={2024}
}'
chicago: Khedkar, Mugdha, and Eric Bodden. “Toward an Android Static Analysis Approach
for Data Protection.” In Proceedings of the IEEE/ACM 11th International Conference
on Mobile Software Engineering and Systems (MOBILESoft ’24). Association for Computing
Machinery, New York, NY, USA, 65–68., 2024. https://doi.org/10.1145/3647632.3651389.
ieee: 'M. Khedkar and E. Bodden, “Toward an Android Static Analysis Approach for
Data Protection,” presented at the 11th International Conference on Mobile Software
Engineering and Systems 2024, Lisbon, Portugal, 2024, doi: 10.1145/3647632.3651389.'
mla: Khedkar, Mugdha, and Eric Bodden. “Toward an Android Static Analysis Approach
for Data Protection.” Proceedings of the IEEE/ACM 11th International Conference
on Mobile Software Engineering and Systems (MOBILESoft ’24). Association for Computing
Machinery, New York, NY, USA, 65–68., 2024, doi:10.1145/3647632.3651389.
short: 'M. Khedkar, E. Bodden, in: Proceedings of the IEEE/ACM 11th International
Conference on Mobile Software Engineering and Systems (MOBILESoft ’24). Association
for Computing Machinery, New York, NY, USA, 65–68., 2024.'
conference:
end_date: 2024-04-15
location: Lisbon, Portugal
name: 11th International Conference on Mobile Software Engineering and Systems 2024
start_date: 2024-04-14
date_created: 2024-03-03T14:37:53Z
date_updated: 2026-03-04T08:11:48Z
ddc:
- '006'
department:
- _id: '76'
doi: 10.1145/3647632.3651389
external_id:
arxiv:
- '2402.07889'
file:
- access_level: closed
content_type: application/pdf
creator: khedkarm
date_created: 2024-03-03T14:39:08Z
date_updated: 2024-03-03T14:39:08Z
file_id: '52236'
file_name: 2402.07889v1.pdf
file_size: 530812
relation: main_file
success: 1
file_date_updated: 2024-03-03T14:39:08Z
has_accepted_license: '1'
keyword:
- static program analysis
- data protection and privacy
- GDPR compliance
language:
- iso: eng
publication: Proceedings of the IEEE/ACM 11th International Conference on Mobile Software
Engineering and Systems (MOBILESoft '24). Association for Computing Machinery, New
York, NY, USA, 65–68.
status: public
title: Toward an Android Static Analysis Approach for Data Protection
type: conference
user_id: '88024'
year: '2024'
...
---
_id: '56137'
abstract:
- lang: eng
text: "Many Android applications collect data from users. The European Union's General
Data Protection Regulation (GDPR) requires vendors to faithfully disclose which
data their apps collect. This task is complicated because many apps use third-party
code for which the same information is not readily available. Hence we ask: how
accurately do current Android apps fulfill these requirements?\r\nIn this work,
we first expose a multi-layered definition of privacy-related data to correctly
report data collection in Android apps. We further create a dataset of privacy-sensitive
data classes that may be used as input by an Android app. This dataset takes into
account data collected both through the user interface and system APIs.\r\nWe
manually examine the data safety sections of 70 Android apps to observe how data
collection is reported, identifying instances of over- and under-reporting. Additionally,
we develop a prototype to statically extract and label privacy-related data collected
via app source code, user interfaces, and permissions. Comparing the prototype's
results with the data safety sections of 20 apps reveals reporting discrepancies.
Using the results from two Messaging and Social Media apps (Signal and Instagram),
we discuss how app developers under-report and over-report data collection, respectively,
and identify inaccurately reported data categories.\r\nOur results show that app
developers struggle to accurately report data collection, either due to Google's
abstract definition of collected data or insufficient existing tool support. "
author:
- first_name: Mugdha
full_name: Khedkar, Mugdha
id: '88024'
last_name: Khedkar
- first_name: Ambuj Kumar
full_name: Mondal, Ambuj Kumar
last_name: Mondal
- first_name: Eric
full_name: Bodden, Eric
id: '59256'
last_name: Bodden
orcid: 0000-0003-3470-3647
citation:
ama: 'Khedkar M, Mondal AK, Bodden E. Do Android App Developers Accurately Report
Collection of Privacy-Related Data? In: In Proceedings of the 39th IEEE/ACM
International Conference on Automated Software Engineering Workshops (ASEW ’24).
; 2024. doi:10.1145/3691621.3694949'
apa: Khedkar, M., Mondal, A. K., & Bodden, E. (2024). Do Android App Developers
Accurately Report Collection of Privacy-Related Data? In Proceedings of the
39th IEEE/ACM International Conference on Automated Software Engineering Workshops
(ASEW ’24). 39th IEEE/ACM International Conference on Automated Software Engineering
(ASE 2024), Sacramento, California. https://doi.org/10.1145/3691621.3694949
bibtex: '@inproceedings{Khedkar_Mondal_Bodden_2024, title={Do Android App Developers
Accurately Report Collection of Privacy-Related Data?}, DOI={10.1145/3691621.3694949},
booktitle={In Proceedings of the 39th IEEE/ACM International Conference on Automated
Software Engineering Workshops (ASEW ’24)}, author={Khedkar, Mugdha and Mondal,
Ambuj Kumar and Bodden, Eric}, year={2024} }'
chicago: Khedkar, Mugdha, Ambuj Kumar Mondal, and Eric Bodden. “Do Android App Developers
Accurately Report Collection of Privacy-Related Data?” In In Proceedings of
the 39th IEEE/ACM International Conference on Automated Software Engineering Workshops
(ASEW ’24), 2024. https://doi.org/10.1145/3691621.3694949.
ieee: 'M. Khedkar, A. K. Mondal, and E. Bodden, “Do Android App Developers Accurately
Report Collection of Privacy-Related Data?,” presented at the 39th IEEE/ACM International
Conference on Automated Software Engineering (ASE 2024), Sacramento, California,
2024, doi: 10.1145/3691621.3694949.'
mla: Khedkar, Mugdha, et al. “Do Android App Developers Accurately Report Collection
of Privacy-Related Data?” In Proceedings of the 39th IEEE/ACM International
Conference on Automated Software Engineering Workshops (ASEW ’24), 2024, doi:10.1145/3691621.3694949.
short: 'M. Khedkar, A.K. Mondal, E. Bodden, in: In Proceedings of the 39th IEEE/ACM
International Conference on Automated Software Engineering Workshops (ASEW ’24),
2024.'
conference:
end_date: 2024-11-01
location: Sacramento, California
name: 39th IEEE/ACM International Conference on Automated Software Engineering (ASE
2024)
start_date: 2024-10-27
date_created: 2024-09-16T08:50:54Z
date_updated: 2024-11-18T13:19:51Z
ddc:
- '000'
department:
- _id: '76'
doi: 10.1145/3691621.3694949
external_id:
arxiv:
- '2409.04167'
file:
- access_level: closed
content_type: application/pdf
creator: khedkarm
date_created: 2024-09-16T08:49:42Z
date_updated: 2024-09-16T08:49:42Z
file_id: '56138'
file_name: 2409.04167v1.pdf
file_size: 1270058
relation: main_file
success: 1
file_date_updated: 2024-09-16T08:49:42Z
has_accepted_license: '1'
language:
- iso: eng
publication: In Proceedings of the 39th IEEE/ACM International Conference on Automated
Software Engineering Workshops (ASEW ’24)
status: public
title: Do Android App Developers Accurately Report Collection of Privacy-Related Data?
type: conference
user_id: '88024'
year: '2024'
...
---
_id: '56140'
abstract:
- lang: eng
text: " Android apps collecting data from users must comply with legal frameworks
to ensure data protection. This requirement has become even more important since
the implementation of the General Data Protection Regulation (GDPR) by the European
Union in 2018. Moreover, with the proposed Cyber Resilience Act on the horizon,
stakeholders will soon need to assess software against even more stringent security
and privacy standards. Effective privacy assessments require collaboration among
groups with diverse expertise to function effectively as a cohesive unit.\r\n
\ This paper motivates the need for an automated approach that enhances understanding
of data protection in Android apps and improves communication between the various
parties involved in privacy assessments. We propose the Assessor View, a tool
designed to bridge the knowledge gap between these parties, facilitating more
effective privacy assessments of Android applications. "
author:
- first_name: Mugdha
full_name: Khedkar, Mugdha
id: '88024'
last_name: Khedkar
- first_name: Michael
full_name: Schlichtig, Michael
id: '32312'
last_name: Schlichtig
orcid: 0000-0001-6600-6171
- first_name: Eric
full_name: Bodden, Eric
id: '59256'
last_name: Bodden
orcid: 0000-0003-3470-3647
citation:
ama: 'Khedkar M, Schlichtig M, Bodden E. Advancing Android Privacy Assessments with
Automation. In: In Proceedings of the 39th IEEE/ACM International Conference
on Automated Software Engineering Workshops (ASEW ’24). ; 2024. doi:10.1145/3691621.3694953'
apa: Khedkar, M., Schlichtig, M., & Bodden, E. (2024). Advancing Android Privacy
Assessments with Automation. In Proceedings of the 39th IEEE/ACM International
Conference on Automated Software Engineering Workshops (ASEW ’24). 39th IEEE/ACM
International Conference on Automated Software Engineering (ASE 2024), Sacramento,
California. https://doi.org/10.1145/3691621.3694953
bibtex: '@inproceedings{Khedkar_Schlichtig_Bodden_2024, title={Advancing Android
Privacy Assessments with Automation}, DOI={10.1145/3691621.3694953},
booktitle={In Proceedings of the 39th IEEE/ACM International Conference on Automated
Software Engineering Workshops (ASEW ’24)}, author={Khedkar, Mugdha and Schlichtig,
Michael and Bodden, Eric}, year={2024} }'
chicago: Khedkar, Mugdha, Michael Schlichtig, and Eric Bodden. “Advancing Android
Privacy Assessments with Automation.” In In Proceedings of the 39th IEEE/ACM
International Conference on Automated Software Engineering Workshops (ASEW ’24),
2024. https://doi.org/10.1145/3691621.3694953.
ieee: 'M. Khedkar, M. Schlichtig, and E. Bodden, “Advancing Android Privacy Assessments
with Automation,” presented at the 39th IEEE/ACM International Conference on Automated
Software Engineering (ASE 2024), Sacramento, California, 2024, doi: 10.1145/3691621.3694953.'
mla: Khedkar, Mugdha, et al. “Advancing Android Privacy Assessments with Automation.”
In Proceedings of the 39th IEEE/ACM International Conference on Automated Software
Engineering Workshops (ASEW ’24), 2024, doi:10.1145/3691621.3694953.
short: 'M. Khedkar, M. Schlichtig, E. Bodden, in: In Proceedings of the 39th IEEE/ACM
International Conference on Automated Software Engineering Workshops (ASEW ’24),
2024.'
conference:
end_date: 2024-11-01
location: Sacramento, California
name: 39th IEEE/ACM International Conference on Automated Software Engineering (ASE
2024)
start_date: 2024-10-27
date_created: 2024-09-16T08:55:34Z
date_updated: 2026-03-13T12:12:45Z
ddc:
- '000'
department:
- _id: '76'
doi: 10.1145/3691621.3694953
external_id:
arxiv:
- '2409.06564'
file:
- access_level: closed
content_type: application/pdf
creator: khedkarm
date_created: 2024-09-16T08:55:23Z
date_updated: 2024-09-16T08:55:23Z
file_id: '56141'
file_name: 2409.06564v1.pdf
file_size: 1207856
relation: main_file
success: 1
file_date_updated: 2024-09-16T08:55:23Z
has_accepted_license: '1'
language:
- iso: eng
publication: In Proceedings of the 39th IEEE/ACM International Conference on Automated
Software Engineering Workshops (ASEW ’24)
status: public
title: Advancing Android Privacy Assessments with Automation
type: conference
user_id: '32312'
year: '2024'
...
---
_id: '44146'
abstract:
- lang: eng
text: "Many Android applications collect data from users. When they do, they must\r\nprotect
this collected data according to the current legal frameworks. Such\r\ndata protection
has become even more important since the European Union rolled\r\nout the General
Data Protection Regulation (GDPR). App developers have limited\r\ntool support
to reason about data protection throughout their app development\r\nprocess. Although
many Android applications state a privacy policy, privacy\r\npolicy compliance
checks are currently manual, expensive, and prone to error.\r\nOne of the major
challenges in privacy audits is the significant gap between\r\nlegal privacy statements
(in English text) and technical measures that Android\r\napps use to protect their
user's privacy. In this thesis, we will explore to\r\nwhat extent we can use static
analysis to answer important questions regarding\r\ndata protection. Our main
goal is to design a tool based approach that aids app\r\ndevelopers and auditors
in ensuring data protection in Android applications,\r\nbased on automated static
program analysis."
author:
- first_name: Mugdha
full_name: Khedkar, Mugdha
id: '88024'
last_name: Khedkar
citation:
ama: 'Khedkar M. Static Analysis for Android GDPR Compliance Assurance. In: 2023
IEEE/ACM 45th International Conference on Software Engineering: Companion Proceedings
(ICSE-Companion), Melbourne, Australia, 2023, Pp. 197-199. doi:10.1109/ICSE-Companion58688.2023.00054'
apa: 'Khedkar, M. (n.d.). Static Analysis for Android GDPR Compliance Assurance.
2023 IEEE/ACM 45th International Conference on Software Engineering: Companion
Proceedings (ICSE-Companion), Melbourne, Australia, 2023, Pp. 197-199. https://doi.org/10.1109/ICSE-Companion58688.2023.00054'
bibtex: '@inproceedings{Khedkar, title={Static Analysis for Android GDPR Compliance
Assurance}, DOI={10.1109/ICSE-Companion58688.2023.00054},
booktitle={2023 IEEE/ACM 45th International Conference on Software Engineering:
Companion Proceedings (ICSE-Companion), Melbourne, Australia, 2023, pp. 197-199},
author={Khedkar, Mugdha} }'
chicago: 'Khedkar, Mugdha. “Static Analysis for Android GDPR Compliance Assurance.”
In 2023 IEEE/ACM 45th International Conference on Software Engineering: Companion
Proceedings (ICSE-Companion), Melbourne, Australia, 2023, Pp. 197-199, n.d.
https://doi.org/10.1109/ICSE-Companion58688.2023.00054.'
ieee: 'M. Khedkar, “Static Analysis for Android GDPR Compliance Assurance,” doi:
10.1109/ICSE-Companion58688.2023.00054.'
mla: 'Khedkar, Mugdha. “Static Analysis for Android GDPR Compliance Assurance.”
2023 IEEE/ACM 45th International Conference on Software Engineering: Companion
Proceedings (ICSE-Companion), Melbourne, Australia, 2023, Pp. 197-199, doi:10.1109/ICSE-Companion58688.2023.00054.'
short: 'M. Khedkar, in: 2023 IEEE/ACM 45th International Conference on Software
Engineering: Companion Proceedings (ICSE-Companion), Melbourne, Australia, 2023,
Pp. 197-199, n.d.'
date_created: 2023-04-24T12:14:17Z
date_updated: 2024-09-16T08:46:25Z
ddc:
- '004'
department:
- _id: '76'
doi: 10.1109/ICSE-Companion58688.2023.00054
external_id:
arxiv:
- '2303.09606'
file:
- access_level: closed
content_type: application/pdf
creator: khedkarm
date_created: 2023-04-24T12:15:27Z
date_updated: 2023-04-24T12:15:27Z
file_id: '44147'
file_name: 2023047614.pdf
file_size: 85313
relation: main_file
success: 1
file_date_updated: 2023-04-24T12:15:27Z
has_accepted_license: '1'
keyword:
- static analysis
- data protection and privacy
- GDPR compliance
language:
- iso: eng
publication: '2023 IEEE/ACM 45th International Conference on Software Engineering:
Companion Proceedings (ICSE-Companion), Melbourne, Australia, 2023, pp. 197-199'
publication_status: accepted
status: public
title: Static Analysis for Android GDPR Compliance Assurance
type: conference
user_id: '88024'
year: '2023'
...