Static Analysis for Android GDPR Compliance Assurance

Abstract: Android applications collecting data from users must protect it according to the current legal frameworks. This need for data protection has become even more crucial with the introduction of the General Data Protection Act (GDPR) by the European Union. While many Android applications state a privacy policy, privacy assessments are manual and thus very costly and error prone. A major challenge lies in bridging the gap between legal privacy statements (written in natural language) and the technical measures implemented within apps.
In this talk, I will discuss how static program analysis can help address key data protection challenges and support GDPR-compliant documentation. Our goal is to develop automated, static analysis-based approaches that improve understanding and enhance collaboration between app developers, privacy professionals, and legal experts, ultimately ensuring stronger data protection in Android applications.

Bio: Mugdha Khedkar is a final-year PhD student in the Secure Software Engineering Group at Paderborn University, Germany, where she works with Prof. Dr. Eric Bodden. Her research interests include an intersection of program analysis, data protection, and empirical software engineering. She earned her Master’s degree in Computer Science from the Chennai Mathematical Institute, India. Outside academia, she enjoys traveling and writing, and brings these interests together in her travel blog.