MOBILESoft 2024
Mon 15 Apr 2024 Lisbon, Portugal
co-located with ICSE 2024
Mon 15 Apr 2024 14:45 - 15:00 at Carlos Paredes - Quality Assurance

Android applications collecting data from users must protect it according to the current legal frameworks. Such data protection has become even more important since the European Union rolled out the General Data Protection Regulation (GDPR). Since app developers are not legal experts, they find it difficult to write privacy-aware source code. Moreover, they have limited tool support to reason about data protection throughout their app development process.

This paper motivates the need for a static analysis approach to diagnose and explain data protection in Android apps. The analysis will recognize personal data sources in the source code, and aims to further examine the data flow originating from these sources. App developers can then address key questions about data manipulation, derived data, and the presence of technical measures. Despite challenges, we explore to what extent one can realize this analysis through static taint analysis, a common method for identifying security vulnerabilities. This is a first step towards designing a tool-based approach that aids app developers and assessors in ensuring data protection in Android apps, based on automated static program analysis.

Mon 15 Apr

Displayed time zone: Lisbon change

14:00 - 15:30
14:00
22m
Full-paper
Detection of Inconsistencies between Guidance Pages and Actual Data Collection of Third-party SDKs in Android AppsFull Paper
Research Track
Hiroki Inayoshi Okayama University, Shohei Kakei Nagoya Institute of Technology, Japan, Shoichi Saito Nagoya Institute of Technology, Japan
DOI Pre-print
14:22
22m
Full-paper
Generating Rate Features for Mobile ApplicationsBest Presentation AwardFull Paper
Research Track
Shristi Shrestha Louisiana State University, Anas "Nash" Mahmoud Louisiana State University
14:45
15m
Short-paper
Toward an Android Static Analysis Approach for Data Protection
Research Forum Track
Mugdha Khedkar Heinz Nixdorf Institute at Paderborn University, Eric Bodden Heinz Nixdorf Institut, Paderborn University and Fraunhofer IEM
Pre-print
15:00
15m
Short-paper
Are Your Android App Analyzers Still Relevant?
Research Forum Track
chenhaonan , Daihang Chen Beihang University, China, Yonghui Liu Monash University, Xiaoyu Sun Australian National University, Australia, Li Li Beihang University
15:15
15m
Short-paper
Towards Benchmarking the Coverage of Automated Testing Tools in Android against Manual Testing
Research Forum Track
Ferdian Thung Singapore Management University, Ivana Clairine Irsan Singapore Management University, Jiakun Liu Singapore Management University, David Lo Singapore Management University