How is my private data treated by a mobile application?
In the “AndProtect” project aims to inform users of mobile applications about internal processes and the data usage of their apps, giving them detailed
quality statements about possible privacy breaching behaviors of their applications. With the help of data flow analysis the internal information flow of apps are examined and their risk level assessed. Users can have their applications analyzed so that they can decide whether to keep or uninstall them.
A special feature of the project is the combination of static and dynamic analysis. While the static analysis identifies data flows – within the application logic as well as to external entities – without its actual execution, the dynamic analysis examines the data flow at runtime within an controlled testbed. Both approaches run separately with their results being combined later on. These intensive dataflow analysis ensure that the information flow is extensively examined so that the actual application behavior is the revealed in the end. Following this, the user receives a privacy report of the examined application.
Our contribution as TU Berlin to this project is implementing the static analysis and revealing the main privacy leaks of the examined Android application. The Results of the static analysis are used as input for the dynamic analysis, which is managed and performed by our partner secuvera GmbH. Our other partner TU Chemnitz is responsible for user-centric composition of GUIs and information.