Toward an Android Static Analysis Approach for Data Protection
Android applications collecting data from users must protect it according to the current legal frameworks. Such data protection has become even more important since the European Union rolled out the General Data Protection Regulation (GDPR). Since app developers are not legal experts, they find it difficult to write privacy-aware source code. Moreover, they have limited tool support to reason about data protection throughout their app development process.
This paper motivates the need for a static analysis approach to diagnose and explain data protection in Android apps. The analysis will recognize personal data sources in the source code, and aims to further examine the data flow originating from these sources. App developers can then address key questions about data manipulation, derived data, and the presence of technical measures. Despite challenges, we explore to what extent one can realize this analysis through static taint analysis, a common method for identifying security vulnerabilities. This is a first step towards designing a tool-based approach that aids app developers and assessors in ensuring data protection in Android apps, based on automated static program analysis.
Mon 15 AprDisplayed time zone: Lisbon change
14:00 - 15:30 | |||
14:00 22mFull-paper | Detection of Inconsistencies between Guidance Pages and Actual Data Collection of Third-party SDKs in Android AppsFull Paper Research Track Hiroki Inayoshi Okayama University, Shohei Kakei Nagoya Institute of Technology, Japan, Shoichi Saito Nagoya Institute of Technology, Japan DOI Pre-print | ||
14:22 22mFull-paper | Generating Rate Features for Mobile Applications Research Track | ||
14:45 15mShort-paper | Toward an Android Static Analysis Approach for Data Protection Research Forum Track Mugdha Khedkar Heinz Nixdorf Institute at Paderborn University, Eric Bodden Heinz Nixdorf Institut, Paderborn University and Fraunhofer IEM Pre-print | ||
15:00 15mShort-paper | Are Your Android App Analyzers Still Relevant? Research Forum Track chenhaonan , Daihang Chen Beihang University, China, Yonghui Liu Monash University, Xiaoyu Sun Australian National University, Australia, Li Li Beihang University | ||
15:15 15mShort-paper | Towards Benchmarking the Coverage of Automated Testing Tools in Android against Manual Testing Research Forum Track Ferdian Thung Singapore Management University, Ivana Clairine Irsan Singapore Management University, Jiakun Liu Singapore Management University, David Lo Singapore Management University | ||