However, our findings are also relevant to end-users worldwide, as we generate privacy reports for software products that have substantial audiences both within the US and outside of it. One area that we hope to explore in the future is compliance with GDPR in the EU.
In prior work to re-engineer Android’s permission system, we built a framework for the dynamic analysis of mobile apps. This approach allows us to examine how apps and libraries use sensitive data sources on the device. By combining this capability with bespoke network monitoring tools, we have the most sophisticated view of when sensitive data is accessed and where it gets sent. AppCensus integrates those tools as an end-to-end testbed offering analytics-as-a-service: we accept a mobile app binary as input, automatically run it in a test environment monitored by our tools, perform a broad exploration via simulated user input, and generate reports of relevant app privacy behaviors. The results of this automated and reproducible analysis can be structured in a database and are made available at our public-facing website, https://appcensus.mobi. We propose enhancements to greatly expand the scale of our monitoring and to help developers ensure their apps respect user privacy.