User-aware privacy control via extended static-information-flow analysis

Xusheng Xiao, Nikolai Tillmann, Manuel Fahndrich, Jonathan de Halleux, Michal Moskal, Tao Xie

Research output: Contribution to journalArticlepeer-review


Applications in mobile marketplaces may leak private user information without notification. Existing mobile platforms provide little information on how applications use private user data, making it difficult for experts to validate applications and for users to grant applications access to their private data. We propose a user-aware-privacy-control approach, which reveals how private information is used inside applications. We compute static information flows and classify them as safe/unsafe based on a tamper analysis that tracks whether private data is obscured before escaping through output channels. This flow information enables platforms to provide default settings that expose private data for only safe flows, thereby preserving privacy and minimizing decisions required from users. We build our approach into TouchDevelop, an application-creation environment that allows users to write scripts on mobile devices and install scripts published by other users. We evaluate our approach by studying 546 scripts published by 194 users, and the results show that our approach effectively reduces the need to make access-granting choices to only 10.1 % (54) of all scripts. We also conduct a user survey that involves 50 TouchDevelop users to assess the effectiveness and usability of our approach. The results show that 90 % of the users consider our approach useful in protecting their privacy, and 54 % prefer our approach over other privacy-control approaches.

Original languageEnglish (US)
Pages (from-to)333-366
Number of pages34
JournalAutomated Software Engineering
Issue number3
StatePublished - Sep 22 2015


  • Information Flow Analysis
  • Mobile Application
  • Privacy Control
  • Static Analysis

ASJC Scopus subject areas

  • Software


Dive into the research topics of 'User-aware privacy control via extended static-information-flow analysis'. Together they form a unique fingerprint.

Cite this