Many Android applications collect data from users. When they do, they must protect this collected data according to the current legal frameworks. Such data protection has become even more important since the European Union rolled out the General Data Protection Regulation (GDPR). App developers have limited tool support to reason about data protection throughout their app development process. Although many Android applications state a privacy policy, privacy policy compliance checks are currently manual, expensive, and prone to error. One of the major challenges in privacy audits is the significant gap between legal privacy statements (in English text) and technical measures that Android apps use to protect their user's privacy. In this thesis, we will explore to what extent we can use static analysis to answer important questions regarding data protection. Our main goal is to design a tool based approach that aids app developers and auditors in ensuring data protection in Android applications, based on automated static program analysis.

翻译：许多Android应用从用户处收集数据。当发生数据收集时，这些应用必须根据现行法律框架对所收集的数据进行保护。自欧盟推出《通用数据保护条例》(GDPR)以来，此类数据保护变得愈发重要。应用开发者在整个应用开发过程中，缺乏足够的工具支持来进行数据保护方面的推理。尽管许多Android应用都声明了隐私政策，但隐私政策的合规性检查目前仍依赖于人工操作，成本高昂且容易出错。隐私审计面临的主要挑战之一，是法律层面的隐私声明（以英文文本呈现）与Android应用用于保护用户隐私的技术措施之间存在巨大鸿沟。在本论文中，我们将探讨利用静态分析能在多大程度上回答关于数据保护的重要问题。我们的主要目标是设计一种基于工具的方法，通过自动化静态程序分析，帮助应用开发者和审计人员确保Android应用中的数据保护。