During the VallaTech Summit 2025 (DevFest Valladolid), held at the School of Computer Engineering at the University of Valladolid, members of the Privacy Engineering Research Group (IngPriv) gave a practical workshop entitled “Dissect your Android apps and assess their impact on your privacy.”
The session was led by Pablo Abel Criado Lozano, Alejandro Pérez de la Fuente, and Javier Rodríguez Aparicio, who introduced attendees to the essential techniques for auditing mobile apps from a technical, ethical, and privacy-oriented perspective.
The objective of the workshop was to train developers, auditors, and cybersecurity professionals to analyze Android applications without the need for root access or emulators, using reproducible procedures accessible from any operating system.
During the session, participants learned how to:
- ✅Download, extract, decompile, and analyze APK files step by step.
- ✅Identify sensitive permissions, embedded trackers, and potentially intrusive data processing patterns.
- ✅Detect discrepancies between the technical behavior of the application and its privacy policy using NLP and artificial intelligence techniques.
- ✅Apply privacy-by-design principles to assess an app’s compliance with privacy and security standards.
- ✅Use APK Falcon, the advanced analysis tool developed as part of the App-PI Project, as well as the App-PIMD repository, which allows you to objectively estimate the impact on privacy using the PIM metric.
The workshop focused not only on demonstrating reverse engineering and static analysis techniques, but also on transforming technical findings into understandable and justifiable conclusions, facilitating informed decision-making in privacy audits.
If you would like to watch part of the session, you can access the video available on our YouTube channel: