Algorithms for detecting leftover account information and extracting android programming rules

Abstract

Mobile apps are ubiquitous nowadays. The average smartphone user these days has between 60 and 90 apps on their device. While using a mobile application, it has access to users’ private information, and it can be a serious concern for the end users if the application leaks or manipulates users’ data and also if the programmer violates some important programming rules while developing android applications. This dissertation focuses on some challenges under the umbrella of android applications conceptual framework, in areas such as users’ privacy and security, programming rules to follow while developing android applications. In particular, the fundamental obstacle is the “leftover” account data retained on the server after account deletion where the data is manipulated and kept on the app’s backend servers which can be a significant privacy violation. This dissertation addresses the problem of leftover account information and proposes a novel, reverse-engineering approach to infer leftover data from app–server communication and also analyzes the distributed nature of account management in android applications employing static analysis, dynamic analysis, and natural language processing techniques. Moreover, when developing Android apps, programs follow implicit programming rules that are too tedious to be documented by programmers. Defects can be introduced easily when these constraints are violated by programmers hence it is highly beneficial to have automatic tools to extract such constraints. This dissertation also focuses on a method called AR-Extractor (Android Rules Extractor) to automatically extract programming constraints from Android developer documents using natural language processing techniques.