The Strategic Cybersecurity Project “App-PI (App Privacy Impact): An ecosystem for the evaluation of the impact of apps for mobile devices on the privacy and security of their users”, is carried out under a collaboration agreement between the University of Valladolid and the S.M.E. Nacional Institute of Cybersecurity from Spain M.P., S.A. for the promotion of strategic Cybersecurity projects in Spain, within the framework of the Recovery, Transformation and Resilience Plan Funds, financed by the European Union (Next Generation).
In addition to UVa and INCIBE, the Department of Computer Science of the School of Computer Engineering of Valladolid is involved and David Sanz, technical director for privacy at the University of Valladolid, is also participating.
The project arose from the accumulated experience of the research group’s coordinator, Mercedes Martínez González, as she has been researching privacy engineering for several years and has offered training to TIC professionals at the LexDatum conferences they have been organizing since 2005. According to this, they observed that there were opportunities to provide tools to help better understand and manage privacy and security when using mobile applications.
The study uses the ApkFalcon tool to assess the app’s impact on privacy, concluding with a score that reflects that impact. In addition, it discusses the implications of certain permissions with respect to privacy and security of user data, such as access to location, contacts, and multimedia files on the device, or information related to Google services.
The project in which UVa is working has a development period of two years and aims to be a support tool for developers of mobile applications and professionals, as it can help them to evaluate their own developments and detect possible excesses in the access to users’ personal data. In addition, the project will include a repository of quality data on app security and privacy, a collection of metadata (data describing the properties of apps) that will allow users to check the degree of intrusion of the app they are about to install on their device.