{"publication":"Proceedings of the 9th International Conference on Mobile Software Engineering and Systems","language":[{"iso":"eng"}],"keyword":["static program analysis","data protection and privacy","GDPR compliance"],"type":"conference","citation":{"ama":"Khedkar M, Bodden E. Toward an Android Static Analysis Approach for Data Protection. In: Proceedings of the 9th International Conference on Mobile Software Engineering and Systems. ; 2024.","ieee":"M. Khedkar and E. Bodden, “Toward an Android Static Analysis Approach for Data Protection,” presented at the 9th International Conference on Mobile Software Engineering and Systems 2024, Lisbon, Portugal, 2024.","bibtex":"@inproceedings{Khedkar_Bodden_2024, title={Toward an Android Static Analysis Approach for Data Protection}, booktitle={Proceedings of the 9th International Conference on Mobile Software Engineering and Systems}, author={Khedkar, Mugdha and Bodden, Eric}, year={2024} }","short":"M. Khedkar, E. Bodden, in: Proceedings of the 9th International Conference on Mobile Software Engineering and Systems, 2024.","apa":"Khedkar, M., & Bodden, E. (2024). Toward an Android Static Analysis Approach for Data Protection. Proceedings of the 9th International Conference on Mobile Software Engineering and Systems. 9th International Conference on Mobile Software Engineering and Systems 2024, Lisbon, Portugal.","chicago":"Khedkar, Mugdha, and Eric Bodden. “Toward an Android Static Analysis Approach for Data Protection.” In Proceedings of the 9th International Conference on Mobile Software Engineering and Systems, 2024.","mla":"Khedkar, Mugdha, and Eric Bodden. “Toward an Android Static Analysis Approach for Data Protection.” Proceedings of the 9th International Conference on Mobile Software Engineering and Systems, 2024."},"ddc":["006"],"year":"2024","user_id":"88024","_id":"52235","status":"public","conference":{"location":"Lisbon, Portugal","end_date":"2024-04-15","name":"9th International Conference on Mobile Software Engineering and Systems 2024","start_date":"2024-04-14"},"abstract":[{"lang":"eng","text":"Android applications collecting data from users must protect it according to the current legal frameworks. Such data protection has become even more important since the European Union rolled out the General Data Protection Regulation (GDPR). Since app developers are not legal experts, they find it difficult to write privacy-aware source code. Moreover, they have limited tool support to reason about data protection throughout their app development process.\r\nThis paper motivates the need for a static analysis approach to diagnose and explain data protection in Android apps. The analysis will recognize personal data sources in the source code, and aims to further examine the data flow originating from these sources. App developers can then address key questions about data manipulation, derived data, and the presence of technical measures. Despite challenges, we explore to what extent one can realize this analysis through static taint analysis, a common method for identifying security vulnerabilities. This is a first step towards designing a tool-based approach that aids app developers and assessors in ensuring data protection in Android apps, based on automated static program analysis. "}],"title":"Toward an Android Static Analysis Approach for Data Protection","date_updated":"2024-03-06T13:00:38Z","file":[{"success":1,"file_id":"52236","access_level":"closed","content_type":"application/pdf","date_created":"2024-03-03T14:39:08Z","date_updated":"2024-03-03T14:39:08Z","file_name":"2402.07889v1.pdf","file_size":530812,"relation":"main_file","creator":"khedkarm"}],"department":[{"_id":"76"}],"has_accepted_license":"1","author":[{"first_name":"Mugdha","id":"88024","last_name":"Khedkar","full_name":"Khedkar, Mugdha"},{"first_name":"Eric","id":"59256","full_name":"Bodden, Eric","last_name":"Bodden","orcid":"0000-0003-3470-3647"}],"date_created":"2024-03-03T14:37:53Z","external_id":{"arxiv":["2402.07889"]},"file_date_updated":"2024-03-03T14:39:08Z"}