Confidentiality for Android apps: Specification and verification

Sarah Ereth 1 , Steffen Lortz 1 ,  and Matthias Perner 1
  • 1 TU Darmstadt

Abstract

The functionality of modern smartphones can easily be enriched by a huge number of available apps. Studies have shown that many of these apps leak private information of their users to third parties. In this article, we demonstrate how a user can ensure that the apps he installs keep his private information confidential. By means of a concrete example, we show how an informal confidentiality requirement can be formalized in the specification language RIFL and how this requirement can be verified in the app store Cassandra using the RSCP security analyser. In particular, we demonstrate how Cassandra integrates the information-flow analysis by the RSCP security analyser into the installation process of an app from the perspective of a user.

Purchase article
Get instant unlimited access to the article.
$42.00
Log in
Already have access? Please log in.


or
Log in with your institution

Journal + Issues

it - Information Technology is a strictly peer-reviewed scientific journal. It is the oldest German journal in the field of information technology. Today, the major aim of it - Information Technology is highlighting issues on ongoing newsworthy areas in information technology and informatics and their application. It aims at presenting the topics with a holistic view.

Search