Research

Our work is centered around the design and implementation of static program analyses to ensure data protection in Android apps.

Lack of data privacy and protection has been a long-standing problem in the digital world, and it has gained a lot of attention since the European Union rolled out the General Data Protection Regulation (GDPR). The growing demand for privacy by design necessitates that app developers use technical measures to protect their users’ privacy. However, app developers lack legal expertise and hence find it difficult to understand how they can protect users’ data, or even which data they should protect. Loosely written privacy policies and data safety section (Google Play Store) are a good example of how app developers need tool support in reasoning about data protection.

Static analysis checks the source code thoroughly before execution, and covers all of the app’s possible execution paths. It has been extensively used to assist developers in identifying and fixing security vulnerabilities. Our approach broadens the scope of static analysis to cover user privacy and data protection. Our envisioned analysis will help app developers reason about data protection proactively, and it will also assist legal experts like Data Protection Officers in performing efficient privacy assessments.

If you are an app developer, a Data Protection Officer, or an auditor and are interested in collaborating or learning more about our work, please contact me.

We are looking for Android developers who can take this short survey and help us with our research: https://umfragen.uni-paderborn.de/index.php/785133?lang=en

Publications

• Mugdha Khedkar, Ambuj Kumar Mondal, and Eric Bodden. 2024. Do Android App Developers Accurately Report Collection of Privacy-Related Data? In Proceedings of the 39th IEEE/ACM International Conference on Automated Software Engineering Workshops (ASEW ‘24). Association for Computing Machinery, New York, NY, USA, 176–186. https://doi.org/10.1145/3691621.3694949 (Preprint)

• Mugdha Khedkar, Michael Schlichtig, and Eric Bodden. 2024. Advancing Android Privacy Assessments with Automation. In Proceedings of the 39th IEEE/ACM International Conference on Automated Software Engineering Workshops (ASEW ‘24). Association for Computing Machinery, New York, NY, USA, 218–222. https://doi.org/10.1145/3691621.3694953 (Preprint)

• Mugdha Khedkar and Eric Bodden. 2024. Toward an Android Static Analysis Approach for Data Protection. In Proceedings of the IEEE/ACM 11th International Conference on Mobile Software Engineering and Systems (MOBILESoft ‘24). Association for Computing Machinery, New York, NY, USA, 65–68. https://doi.org/10.1145/3647632.3651389 (Preprint)

• Mugdha Khedkar. 2023. Static Analysis for Android GDPR Compliance Assurance. 2023 IEEE/ACM 45th International Conference on Software Engineering: Companion Proceedings (ICSE-Companion), Melbourne, Australia, 2023, pp. 197-199. https://doi.org/10.1109/ICSE-Companion58688.2023.00054 (Preprint, Poster).

Research Interests

• Static Program Analysis
• Data Privacy and Protection
• Compiler Optimization
• Formal Verification