Confidentiality for Android apps: Specification and verification

Sarah Ereth 1 , Steffen Lortz 1  und Matthias Perner 1
  • 1 TU Darmstadt


The functionality of modern smartphones can easily be enriched by a huge number of available apps. Studies have shown that many of these apps leak private information of their users to third parties. In this article, we demonstrate how a user can ensure that the apps he installs keep his private information confidential. By means of a concrete example, we show how an informal confidentiality requirement can be formalized in the specification language RIFL and how this requirement can be verified in the app store Cassandra using the RSCP security analyser. In particular, we demonstrate how Cassandra integrates the information-flow analysis by the RSCP security analyser into the installation process of an app from the perspective of a user.

Artikel kaufen
Erhalten sie sofort unbegrenzten Zugriff auf den Artikel.
Haben Sie den Zugang bereits erworben? Melden Sie sich bitte an.

Zugriff über Ihre Institution

Zeitschrift + Hefte