Everyday services of society increasingly rely on mobile applications, resulting in a conflicting situation between the possibility of participation on the one side and user privacy and digital freedom on the other. In order to protect users' rights to informational self-determination, regulatory approaches for the collection and processing of personal data have been developed, such as the EU's GDPR. However, inspecting the compliance of mobile apps with privacy regulations remains difficult. Thus, in order to enable end users and enforcement bodies to verify and enforce data protection compliance, we propose mopri, a conceptual framework designed for analyzing the behavior of mobile apps through a comprehensive, adaptable, and user-centered approach. Recognizing the gaps in existing frameworks, mopri serves as a foundation for integrating various analysis tools into a streamlined, modular pipeline that employs static and dynamic analysis methods. Building on this concept, a prototype has been developed which effectively extracts permissions and tracking libraries while employing robust methods for dynamic traffic recording and decryption. Additionally, it incorporates result enrichment and reporting features that enhance the clarity and usability of the analysis outcomes. The prototype showcases the feasibility of a holistic and modular approach to privacy analysis, emphasizing the importance of continuous adaptation to the evolving challenges presented by the mobile app ecosystem.
翻译:社会日常服务日益依赖移动应用程序,这导致参与可能性与用户隐私及数字自由之间形成矛盾局面。为保护用户信息自决权,已制定个人数据收集与处理的相关监管方案,例如欧盟《通用数据保护条例》(GDPR)。然而,检测移动应用对隐私法规的合规性仍存在困难。为此,我们提出mopri概念框架,旨在通过全面、可适应用户中心的分析方法,使终端用户与执法机构能够验证并执行数据保护合规性。该框架认识到现有体系的不足,可作为集成多种分析工具的基础平台,构建采用静态与动态分析方法的模块化流水线。基于此概念开发的原理系统能有效提取权限与追踪库,同时运用稳健的动态流量记录与解密方法。系统还集成结果增强与报告功能,显著提升分析结果的清晰度与可用性。该原型验证了整体模块化隐私分析方法的可行性,并强调持续适应移动应用生态系统中不断演变挑战的重要性。