mopri - An Analysis Framework for Unveiling Privacy Violations in Mobile Apps

• URL: http://arxiv.org/abs/2602.03671v1
• Date: Tue, 03 Feb 2026 15:52:31 GMT
• Title: mopri - An Analysis Framework for Unveiling Privacy Violations in Mobile Apps
• Authors: Cornell Ziepel, Stephan Escher, Sebastian Rehms, Stefan Köpsell,
• Abstract summary: mopri is a conceptual framework designed for analyzing the behavior of mobile apps through a comprehensive, adaptable, and user-centered approach.<n>A prototype has been developed which effectively extracts permissions and tracking libraries while employing robust methods for dynamic traffic recording and decryption.
• Score: 0.24249102011714066
• License: http://creativecommons.org/licenses/by-sa/4.0/
• Abstract: Everyday services of society increasingly rely on mobile applications, resulting in a conflicting situation between the possibility of participation on the one side and user privacy and digital freedom on the other. In order to protect users' rights to informational self-determination, regulatory approaches for the collection and processing of personal data have been developed, such as the EU's GDPR. However, inspecting the compliance of mobile apps with privacy regulations remains difficult. Thus, in order to enable end users and enforcement bodies to verify and enforce data protection compliance, we propose mopri, a conceptual framework designed for analyzing the behavior of mobile apps through a comprehensive, adaptable, and user-centered approach. Recognizing the gaps in existing frameworks, mopri serves as a foundation for integrating various analysis tools into a streamlined, modular pipeline that employs static and dynamic analysis methods. Building on this concept, a prototype has been developed which effectively extracts permissions and tracking libraries while employing robust methods for dynamic traffic recording and decryption. Additionally, it incorporates result enrichment and reporting features that enhance the clarity and usability of the analysis outcomes. The prototype showcases the feasibility of a holistic and modular approach to privacy analysis, emphasizing the importance of continuous adaptation to the evolving challenges presented by the mobile app ecosystem.

Related papers

• OS-Sentinel: Towards Safety-Enhanced Mobile GUI Agents via Hybrid Validation in Realistic Workflows [77.95511352806261]
  Computer-using agents powered by Vision-Language Models (VLMs) have demonstrated human-like capabilities in operating digital environments like mobile platforms.<n>We propose OS-Sentinel, a novel hybrid safety detection framework that combines a Formal Verifier for detecting explicit system-level violations with a Contextual Judge for assessing contextual risks and agent actions.
  arXiv  Detail & Related papers  (2025-10-28T13:22:39Z)
• Adversary-Aware Private Inference over Wireless Channels [51.93574339176914]
  AI-based sensing at wireless edge devices has the potential to significantly enhance Artificial Intelligence (AI) applications.<n>As sensitive personal data can be reconstructed by an adversary, transformation of the features are required to reduce the risk of privacy violations.<n>We propose a novel framework for privacy-preserving AI-based sensing, where devices apply transformations of extracted features before transmission to a model server.
  arXiv  Detail & Related papers  (2025-10-23T13:02:14Z)
• Bridging the Mobile Trust Gap: A Zero Trust Framework for Consumer-Facing Applications [51.56484100374058]
  This paper proposes an extended Zero Trust model designed for mobile applications operating in untrusted, user-controlled environments.<n>Using a design science methodology, the study introduced a six-pillar framework that supports runtime enforcement of trust.<n>The proposed model offers a practical and standards-aligned approach to securing mobile applications beyond pre-deployment controls.
  arXiv  Detail & Related papers  (2025-08-20T18:42:36Z)
• Unveiling Privacy Policy Complexity: An Exploratory Study Using Graph Mining, Machine Learning, and Natural Language Processing [0.13124513975412253]
  This study explores the potential of interactive graph visualizations to enhance user understanding of privacy policies.<n>We employ graph mining algorithms to identify key themes, such as User Activity and Device Information.<n>Our findings reveal that graph-based clustering improves policy content interpretability.
  arXiv  Detail & Related papers  (2025-06-30T14:55:57Z)
• DRIFT: Dynamic Rule-Based Defense with Injection Isolation for Securing LLM Agents [52.92354372596197]
  Large Language Models (LLMs) are increasingly central to agentic systems due to their strong reasoning and planning capabilities.<n>This interaction also introduces the risk of prompt injection attacks, where malicious inputs from external sources can mislead the agent's behavior.<n>We propose a Dynamic Rule-based Isolation Framework for Trustworthy agentic systems, which enforces both control and data-level constraints.
  arXiv  Detail & Related papers  (2025-06-13T05:01:09Z)
• Private Transformer Inference in MLaaS: A Survey [17.38462391595219]
  Private Transformer Inference (PTI) offers a solution by utilizing cryptographic techniques.<n>This paper reviews recent PTI advancements, highlighting state-of-the-art solutions and challenges.
  arXiv  Detail & Related papers  (2025-05-15T14:00:19Z)
• Autonomous Identity-Based Threat Segmentation in Zero Trust Architectures [4.169915659794567]
  Zero Trust Architectures (ZTA) fundamentally redefine network security by adopting a "trust nothing, verify everything" approach.<n>This research applies the proposed AI-driven, autonomous, identity-based threat segmentation in ZTA.
  arXiv  Detail & Related papers  (2025-01-10T15:35:02Z)
• PAPAYA Federated Analytics Stack: Engineering Privacy, Scalability and Practicality [5.276674920508729]
  Cross-device Federated Analytics (FA) is a distributed computation paradigm designed to answer analytics queries about and derive insights from data held locally on users' devices.<n>Despite FA's broad relevance, the applicability of existing FA systems is limited by compromised accuracy; lack of flexibility for data analytics; and an inability to scale effectively.<n>We describe our approach to combine privacy, scalability, and practicality to build and deploy a system that overcomes these limitations.
  arXiv  Detail & Related papers  (2024-12-03T10:03:12Z)
• Trustworthy AI: Securing Sensitive Data in Large Language Models [0.0]
  Large Language Models (LLMs) have transformed natural language processing (NLP) by enabling robust text generation and understanding. This paper proposes a comprehensive framework for embedding trust mechanisms into LLMs to dynamically control the disclosure of sensitive information.
  arXiv  Detail & Related papers  (2024-09-26T19:02:33Z)
• PriRoAgg: Achieving Robust Model Aggregation with Minimum Privacy Leakage for Federated Learning [49.916365792036636]
  Federated learning (FL) has recently gained significant momentum due to its potential to leverage large-scale distributed user data.<n>The transmitted model updates can potentially leak sensitive user information, and the lack of central control of the local training process leaves the global model susceptible to malicious manipulations on model updates.<n>We develop a general framework PriRoAgg, utilizing Lagrange coded computing and distributed zero-knowledge proof, to execute a wide range of robust aggregation algorithms while satisfying aggregated privacy.
  arXiv  Detail & Related papers  (2024-07-12T03:18:08Z)
• Unsupervised Model Personalization while Preserving Privacy and Scalability: An Open Problem [55.21502268698577]
  This work investigates the task of unsupervised model personalization, adapted to continually evolving, unlabeled local user images. We provide a novel Dual User-Adaptation framework (DUA) to explore the problem. This framework flexibly disentangles user-adaptation into model personalization on the server and local data regularization on the user device.
  arXiv  Detail & Related papers  (2020-03-30T09:35:12Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.