On Saturday, 4 October, Javier García González, a student at the School of Computer Engineering at the University of Valladolid, presented a paper entitled Your apps may be insecure and indiscreet with your data. Would you know how to detect it? at the Navaja Negra Conference.
This presentation is based on his TFG project, ‘ApkAudit: App for auditing an Android app using the App-PIMD repository’, developed within the lines of research of the Privacy Engineering Research Group (IngPriv).
The presentation, which he shared with Amador Aparicio de la Fuente, aroused great interest among those attending this renowned cybersecurity forum.
ApkAudit is an application designed to analyse the behaviour of Android apps from a privacy and security perspective.
Its main features include:
- ✅ Analysis of permissions requested by applications.
- ✅ Detection of trackers and potential malware through integration with VirusTotal.
- ✅ Assessment of privacy policies, comparing what apps claim to do with what they actually do.
- ✅ Natural language processing (NLP) to identify discrepancies between Google Play’s data security section and the actual behaviour of apps.
The development of ApkAudit is a significant contribution to Privacy-Enhancing Technologies (PETs), bringing accessible and useful tools to both users and developers. APKAudit connects to the App-PIMD repository to obtain data that it uses in its analyses. It also applies the Privacy Impact Metric (PIM) in its calculations, which measures the impact on privacy of an app, also using data available in App-PIM. For more information on App-PIMD, see references at the end of the text [Reference 1] and [Reference 2], and for more information on PIM and the ecosystem in which all these tools interact, see [Reference 3].
In the following video, you can see an excerpt from Javier García González and Amador Aparicio de la Fuente presentation at the Navaja Negra Conference, where they demonstrate live how ApkAudit works and its main practical applications.
[Referencia 1] Pérez-Fuente, Alejandro; Martínez-González, M. Mercedes; Aparicio, Amador and Moro, Quiliano Isaac. Un Data Warehouse para el Estudio de la Privacidad y Seguridad de Aplicaciones Móviles. Actas de las IX Jornadas Nacionales de Investigación en Ciberseguridad, JNIC 2024, Sevilla, 27 a 29 de mayo de 2024, Antonia M. Reina Quintero, Rafael Ceballos Guerrero, Ángel J. Varela Vaca (eds.), pp. 624-631. ISBN 978-84-09-62140-8 https://idus.us.es/items/508e612b-3df5-458a-98be-2d5f7c3fb7d2
[Referencia 2] Martínez-González, M.M., Pérez-Fuente, A., Aparicio, A., Criado-Lozano, P.A. (2024). Using the Metadata-Based App-PI Ecosystem to Assess the Privacy Impact of Health Apps. In: Bravo, J., Nugent, C., Cleland, I. (eds) Proceedings of the International Conference on Ubiquitous Computing and Ambient Intelligence (UCAmI 2024). UCAmI 2024. Lecture Notes in Networks and Systems, vol 1212. Springer, Cham. https://doi.org/10.1007/978-3-031-77571-0_50
[Referencia 3] M. Mercedes Martínez-González, Alejandro Pérez-Fuente, Amador Aparicio, and Pablo A. Criado-Lozano. “Using the Metadata-Based App-PI Ecosystem to Assess the Privacy Impact of Health Apps”. Proceedings of the International Conference on Ubiquitous Computing and Ambient Intelligence (UCAmI 2024). José Bravo, Chris Nugent, and Ian Cleland (eds.). Lecture Notes in Networks and Systems, vol. 1212, ISSN 2367-3370, ISBN 988-3-031-77570-3. DOI: 10.1007/978-3-031-77571-0. Springer Nature Switzerland AG 2024. pp. 522-533. URL: https://uvadoc.uva.es/handle/10324/72998