Toward an Android Static Analysis Approach for Data Protection
- URL: http://arxiv.org/abs/2402.07889v1
- Date: Mon, 12 Feb 2024 18:52:39 GMT
- Title: Toward an Android Static Analysis Approach for Data Protection
- Authors: Mugdha Khedkar and Eric Bodden
- Abstract summary: This paper motivates the need to explain data protection in Android apps.
The data analysis will recognize personal data sources in the source code.
App developers can then address key questions about data manipulation and data manipulation derived data.
- Score: 7.785051236155595
- License: http://creativecommons.org/licenses/by/4.0/
- Abstract: Android applications collecting data from users must protect it according to
the current legal frameworks. Such data protection has become even more
important since the European Union rolled out the General Data Protection
Regulation (GDPR). Since app developers are not legal experts, they find it
difficult to write privacy-aware source code. Moreover, they have limited tool
support to reason about data protection throughout their app development
process.
This paper motivates the need for a static analysis approach to diagnose and
explain data protection in Android apps. The analysis will recognize personal
data sources in the source code, and aims to further examine the data flow
originating from these sources. App developers can then address key questions
about data manipulation, derived data, and the presence of technical measures.
Despite challenges, we explore to what extent one can realize this analysis
through static taint analysis, a common method for identifying security
vulnerabilities. This is a first step towards designing a tool-based approach
that aids app developers and assessors in ensuring data protection in Android
apps, based on automated static program analysis.
Related papers
- DATABench: Evaluating Dataset Auditing in Deep Learning from an Adversarial Perspective [59.66984417026933]
We introduce a novel taxonomy, classifying existing methods based on their reliance on internal features (IF) (inherent to the data) versus external features (EF) (artificially introduced for auditing)<n>We formulate two primary attack types: evasion attacks, designed to conceal the use of a dataset, and forgery attacks, intending to falsely implicate an unused dataset.<n>Building on the understanding of existing methods and attack objectives, we further propose systematic attack strategies: decoupling, removal, and detection for evasion; adversarial example-based methods for forgery.<n>Our benchmark, DATABench, comprises 17 evasion attacks, 5 forgery attacks, and 9
arXiv Detail & Related papers (2025-07-08T03:07:15Z) - Differentially Private Synthetic Data Release for Topics API Outputs [63.79476766779742]
We focus on one Privacy-Preserving Ads API: the Topics API, part of Google Chrome's Privacy Sandbox.<n>We generate a differentially-private dataset that closely matches the re-identification risk properties of the real Topics API data.<n>We hope this will enable external researchers to analyze the API in-depth and replicate prior and future work on a realistic large-scale dataset.
arXiv Detail & Related papers (2025-06-30T13:46:57Z) - A Survey on Model Extraction Attacks and Defenses for Large Language Models [55.60375624503877]
Model extraction attacks pose significant security threats to deployed language models.<n>This survey provides a comprehensive taxonomy of extraction attacks and defenses, categorizing attacks into functionality extraction, training data extraction, and prompt-targeted attacks.<n>We examine defense mechanisms organized into model protection, data privacy protection, and prompt-targeted strategies, evaluating their effectiveness across different deployment scenarios.
arXiv Detail & Related papers (2025-06-26T22:02:01Z) - Visualizing Privacy-Relevant Data Flows in Android Applications [5.367301239087641]
SliceViz is a tool that analyzes an Android app by slicing all privacy-relevant data sources detected in source code on the back-end.
We conducted a user study with 12 participants demonstrating that SliceViz effectively aids developers in identifying privacy-relevant properties in Android apps.
arXiv Detail & Related papers (2025-03-20T18:47:02Z) - Protecting Privacy in Software Logs: What Should Be Anonymized? [12.980238412281471]
Presence of sensitive information in software logs poses significant privacy concerns.<n>This study offers a comprehensive analysis of privacy in software logs from multiple perspectives.<n>Our findings shed light on various perspectives of log privacy and reveal industry challenges.
arXiv Detail & Related papers (2024-09-17T16:12:23Z) - A Large-Scale Privacy Assessment of Android Third-Party SDKs [17.245330733308375]
Third-party Software Development Kits (SDKs) are widely adopted in Android app development.
This convenience raises substantial concerns about unauthorized access to users' privacy-sensitive information.
Our study offers a targeted analysis of user privacy protection among Android third-party SDKs.
arXiv Detail & Related papers (2024-09-16T15:44:43Z) - Collection, usage and privacy of mobility data in the enterprise and public administrations [55.2480439325792]
Security measures such as anonymization are needed to protect individuals' privacy.
Within our study, we conducted expert interviews to gain insights into practices in the field.
We survey privacy-enhancing methods in use, which generally do not comply with state-of-the-art standards of differential privacy.
arXiv Detail & Related papers (2024-07-04T08:29:27Z) - Security Approaches for Data Provenance in the Internet of Things: A Systematic Literature Review [0.0]
Internet of Things systems are vulnerable to security attacks.
Data provenance offers a way to record the origin, history, and handling of data to address these vulnerabilities.
arXiv Detail & Related papers (2024-07-03T19:25:36Z) - Securing Data Platforms: Strategic Masking Techniques for Privacy and
Security for B2B Enterprise Data [0.0]
Business-to-business (B2B) enterprises are increasingly constructing data platforms.
It has become critical to design these data platforms with mechanisms that inherently support data privacy and security.
Data masking stands out as a vital feature of data platform architecture.
arXiv Detail & Related papers (2023-12-06T05:04:37Z) - PrivacyMind: Large Language Models Can Be Contextual Privacy Protection Learners [81.571305826793]
We introduce Contextual Privacy Protection Language Models (PrivacyMind)
Our work offers a theoretical analysis for model design and benchmarks various techniques.
In particular, instruction tuning with both positive and negative examples stands out as a promising method.
arXiv Detail & Related papers (2023-10-03T22:37:01Z) - Towards Generalizable Data Protection With Transferable Unlearnable
Examples [50.628011208660645]
We present a novel, generalizable data protection method by generating transferable unlearnable examples.
To the best of our knowledge, this is the first solution that examines data privacy from the perspective of data distribution.
arXiv Detail & Related papers (2023-05-18T04:17:01Z) - No Free Lunch in "Privacy for Free: How does Dataset Condensation Help
Privacy" [75.98836424725437]
New methods designed to preserve data privacy require careful scrutiny.
Failure to preserve privacy is hard to detect, and yet can lead to catastrophic results when a system implementing a privacy-preserving'' method is attacked.
arXiv Detail & Related papers (2022-09-29T17:50:23Z) - Black-box Dataset Ownership Verification via Backdoor Watermarking [67.69308278379957]
We formulate the protection of released datasets as verifying whether they are adopted for training a (suspicious) third-party model.
We propose to embed external patterns via backdoor watermarking for the ownership verification to protect them.
Specifically, we exploit poison-only backdoor attacks ($e.g.$, BadNets) for dataset watermarking and design a hypothesis-test-guided method for dataset verification.
arXiv Detail & Related papers (2022-08-04T05:32:20Z) - An Example of Privacy and Data Protection Best Practices for Biometrics
Data Processing in Border Control: Lesson Learned from SMILE [0.9442139459221784]
Misuse of data, compromising the privacy of individuals and/or authorized processing of data may be irreversible.
This is partly due to the lack of methods and guidance for the integration of data protection and privacy by design in the system development process.
We present an example of privacy and data protection best practices to provide more guidance for data controllers and developers.
arXiv Detail & Related papers (2022-01-10T15:34:43Z) - Android Security using NLP Techniques: A Review [1.218340575383456]
Android is among the most targeted platform by attackers.
Traditional solutions based on static and dynamic analysis have been evolving.
This study aims to explore possible research directions for future studies by presenting state-of-the-art in this domain.
arXiv Detail & Related papers (2021-07-07T08:33:00Z) - Explainable Patterns: Going from Findings to Insights to Support Data
Analytics Democratization [60.18814584837969]
We present Explainable Patterns (ExPatt), a new framework to support lay users in exploring and creating data storytellings.
ExPatt automatically generates plausible explanations for observed or selected findings using an external (textual) source of information.
arXiv Detail & Related papers (2021-01-19T16:13:44Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.