Visualizing Privacy-Relevant Data Flows in Android Applications

• URL: http://arxiv.org/abs/2503.16640v1
• Date: Thu, 20 Mar 2025 18:47:02 GMT
• Title: Visualizing Privacy-Relevant Data Flows in Android Applications
• Authors: Mugdha Khedkar, Michael Schlichtig, Santhosh Mohan, Eric Bodden,
• Abstract summary: SliceViz is a tool that analyzes an Android app by slicing all privacy-relevant data sources detected in source code on the back-end.<n>We conducted a user study with 12 participants demonstrating that SliceViz effectively aids developers in identifying privacy-relevant properties in Android apps.
• Score: 5.367301239087641
• License: http://creativecommons.org/licenses/by/4.0/
• Abstract: Android applications collecting data from users must protect it according to the current legal frameworks. Such data protection has become even more important since in 2018 the European Union rolled out the General Data Protection Regulation (GDPR). Since app developers are not legal experts, they find it difficult to integrate privacy-aware practices into source code development. Despite these legal obligations, developers have limited tool support to reason about data protection throughout their app development process. This paper explores the use of static program slicing and software visualization to analyze privacy-relevant data flows in Android apps. We introduce SliceViz, a web tool that analyzes an Android app by slicing all privacy-relevant data sources detected in the source code on the back-end. It then helps developers by visualizing these privacy-relevant program slices. We conducted a user study with 12 participants demonstrating that SliceViz effectively aids developers in identifying privacy-relevant properties in Android apps. Our findings indicate that program slicing can be employed to identify and reason about privacy-relevant data flows in Android applications. With further usability improvements, developers can be better equipped to handle privacy-sensitive information.

Related papers

• A Large-Scale Privacy Assessment of Android Third-Party SDKs [17.245330733308375]
  Third-party Software Development Kits (SDKs) are widely adopted in Android app development. This convenience raises substantial concerns about unauthorized access to users' privacy-sensitive information. Our study offers a targeted analysis of user privacy protection among Android third-party SDKs.
  arXiv  Detail & Related papers  (2024-09-16T15:44:43Z)
• Do Android App Developers Accurately Report Collection of Privacy-Related Data? [5.863391019411233]
  European Union's General Protection Regulation requires vendors to faithfully disclose their apps collect data. Many Android apps use third-party code for same information is not readily available. We first expose a multi-layered definition of privacy-related data correctly report collection in Android apps. We then create a dataset of privacy-sensitive data classes that may be used as input by an Android app.
  arXiv  Detail & Related papers  (2024-09-06T10:05:45Z)
• The Good and The Bad: Exploring Privacy Issues in Retrieval-Augmented Generation (RAG) [56.67603627046346]
  Retrieval-augmented generation (RAG) is a powerful technique to facilitate language model with proprietary and private data. In this work, we conduct empirical studies with novel attack methods, which demonstrate the vulnerability of RAG systems on leaking the private retrieval database.
  arXiv  Detail & Related papers  (2024-02-23T18:35:15Z)
• Toward an Android Static Analysis Approach for Data Protection [7.785051236155595]
  This paper motivates the need to explain data protection in Android apps. The data analysis will recognize personal data sources in the source code. App developers can then address key questions about data manipulation and data manipulation derived data.
  arXiv  Detail & Related papers  (2024-02-12T18:52:39Z)
• PrivacyMind: Large Language Models Can Be Contextual Privacy Protection Learners [81.571305826793]
  We introduce Contextual Privacy Protection Language Models (PrivacyMind) Our work offers a theoretical analysis for model design and benchmarks various techniques. In particular, instruction tuning with both positive and negative examples stands out as a promising method.
  arXiv  Detail & Related papers  (2023-10-03T22:37:01Z)
• The Overview of Privacy Labels and their Compatibility with Privacy Policies [24.871967983289117]
  Privacy nutrition labels provide a way to understand an app's key data practices without reading the long and hard-to-read privacy policies. Apple and Google have implemented mandates requiring app developers to fill privacy nutrition labels highlighting their privacy practices.
  arXiv  Detail & Related papers  (2023-03-14T20:10:28Z)
• Privacy Explanations - A Means to End-User Trust [64.7066037969487]
  We looked into how explainability might help to tackle this problem. We created privacy explanations that aim to help to clarify to end users why and for what purposes specific data is required. Our findings reveal that privacy explanations can be an important step towards increasing trust in software systems.
  arXiv  Detail & Related papers  (2022-10-18T09:30:37Z)
• Black-box Dataset Ownership Verification via Backdoor Watermarking [67.69308278379957]
  We formulate the protection of released datasets as verifying whether they are adopted for training a (suspicious) third-party model. We propose to embed external patterns via backdoor watermarking for the ownership verification to protect them. Specifically, we exploit poison-only backdoor attacks ($e.g.$, BadNets) for dataset watermarking and design a hypothesis-test-guided method for dataset verification.
  arXiv  Detail & Related papers  (2022-08-04T05:32:20Z)
• Analysis of Longitudinal Changes in Privacy Behavior of Android Applications [79.71330613821037]
  In this paper, we examine the trends in how Android apps have changed over time with respect to privacy. We examine the adoption of HTTPS, whether apps scan the device for other installed apps, the use of permissions for privacy-sensitive data, and the use of unique identifiers. We find that privacy-related behavior has improved with time as apps continue to receive updates, and that the third-party libraries used by apps are responsible for more issues with privacy.
  arXiv  Detail & Related papers  (2021-12-28T16:21:31Z)
• Mind the GAP: Security & Privacy Risks of Contact Tracing Apps [75.7995398006171]
  Google and Apple have jointly provided an API for exposure notification in order to implement decentralized contract tracing apps using Bluetooth Low Energy. We demonstrate that in real-world scenarios the GAP design is vulnerable to (i) profiling and possibly de-anonymizing persons, and (ii) relay-based wormhole attacks that basically can generate fake contacts.
  arXiv  Detail & Related papers  (2020-06-10T16:05:05Z)
• TIPRDC: Task-Independent Privacy-Respecting Data Crowdsourcing Framework for Deep Learning with Anonymized Intermediate Representations [49.20701800683092]
  We present TIPRDC, a task-independent privacy-respecting data crowdsourcing framework with anonymized intermediate representation. The goal of this framework is to learn a feature extractor that can hide the privacy information from the intermediate representations; while maximally retaining the original information embedded in the raw data for the data collector to accomplish unknown learning tasks.
  arXiv  Detail & Related papers  (2020-05-23T06:21:26Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.