{"id":"https://openalex.org/W4416962117","doi":"https://doi.org/10.1109/pst65910.2025.11268827","title":"A Modeling and Static Analysis Approach for the Verification of Privacy and Safety Properties in Kotlin Android Apps","display_name":"A Modeling and Static Analysis Approach for the Verification of Privacy and Safety Properties in Kotlin Android Apps","publication_year":2025,"publication_date":"2025-08-26","ids":{"openalex":"https://openalex.org/W4416962117","doi":"https://doi.org/10.1109/pst65910.2025.11268827"},"language":null,"primary_location":{"id":"doi:10.1109/pst65910.2025.11268827","is_oa":false,"landing_page_url":"https://doi.org/10.1109/pst65910.2025.11268827","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2025 22nd Annual International Conference on Privacy, Security, and Trust (PST)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5054239201","display_name":"Bara\u2019 Nazzal","orcid":"https://orcid.org/0000-0001-8051-7517"},"institutions":[{"id":"https://openalex.org/I204722609","display_name":"Queen's University","ror":"https://ror.org/02y72wh86","country_code":"CA","type":"education","lineage":["https://openalex.org/I204722609"]}],"countries":["CA"],"is_corresponding":true,"raw_author_name":"Bara\u2019 Nazzal","raw_affiliation_strings":["Queen&#x2019;s University,School of Computing,Kingston,Canada"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Queen&#x2019;s University,School of Computing,Kingston,Canada","institution_ids":["https://openalex.org/I204722609"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5035833427","display_name":"Manar H. Alalfi","orcid":"https://orcid.org/0000-0003-4968-4127"},"institutions":[{"id":"https://openalex.org/I530967","display_name":"Toronto Metropolitan University","ror":"https://ror.org/05g13zd79","country_code":"CA","type":"education","lineage":["https://openalex.org/I530967"]}],"countries":["CA"],"is_corresponding":false,"raw_author_name":"Manar H. Alalfi","raw_affiliation_strings":["Toronto Metropolitan University,Department of Computer Science,Toronto,Canada"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Toronto Metropolitan University,Department of Computer Science,Toronto,Canada","institution_ids":["https://openalex.org/I530967"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5111905373","display_name":"James R. Cordy","orcid":null},"institutions":[{"id":"https://openalex.org/I204722609","display_name":"Queen's University","ror":"https://ror.org/02y72wh86","country_code":"CA","type":"education","lineage":["https://openalex.org/I204722609"]}],"countries":["CA"],"is_corresponding":false,"raw_author_name":"James R. Cordy","raw_affiliation_strings":["Queen&#x2019;s University,School of Computing,Kingston,Canada"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Queen&#x2019;s University,School of Computing,Kingston,Canada","institution_ids":["https://openalex.org/I204722609"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5054239201"],"corresponding_institution_ids":["https://openalex.org/I204722609"],"apc_list":null,"apc_paid":null,"fwci":0.0,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":{"value":0.4330576,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":"1","last_page":"6"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9020000100135803,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9020000100135803,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.051600001752376556,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10743","display_name":"Software Testing and Debugging Techniques","score":0.006300000008195639,"subfield":{"id":"https://openalex.org/subfields/1712","display_name":"Software"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/static-analysis","display_name":"Static analysis","score":0.7045999765396118},{"id":"https://openalex.org/keywords/android","display_name":"Android (operating system)","score":0.5956000089645386},{"id":"https://openalex.org/keywords/plug-in","display_name":"Plug-in","score":0.5246999859809875},{"id":"https://openalex.org/keywords/set","display_name":"Set (abstract data type)","score":0.4528000056743622},{"id":"https://openalex.org/keywords/security-analysis","display_name":"Security analysis","score":0.44609999656677246},{"id":"https://openalex.org/keywords/mobile-device","display_name":"Mobile device","score":0.32519999146461487},{"id":"https://openalex.org/keywords/mobile-apps","display_name":"Mobile apps","score":0.32199999690055847}],"concepts":[{"id":"https://openalex.org/C97686452","wikidata":"https://www.wikidata.org/wiki/Q7604153","display_name":"Static analysis","level":2,"score":0.7045999765396118},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.6890000104904175},{"id":"https://openalex.org/C557433098","wikidata":"https://www.wikidata.org/wiki/Q94","display_name":"Android (operating system)","level":2,"score":0.5956000089645386},{"id":"https://openalex.org/C4924752","wikidata":"https://www.wikidata.org/wiki/Q184148","display_name":"Plug-in","level":2,"score":0.5246999859809875},{"id":"https://openalex.org/C177264268","wikidata":"https://www.wikidata.org/wiki/Q1514741","display_name":"Set (abstract data type)","level":2,"score":0.4528000056743622},{"id":"https://openalex.org/C38369872","wikidata":"https://www.wikidata.org/wiki/Q7445009","display_name":"Security analysis","level":2,"score":0.44609999656677246},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.34929999709129333},{"id":"https://openalex.org/C186967261","wikidata":"https://www.wikidata.org/wiki/Q5082128","display_name":"Mobile device","level":2,"score":0.32519999146461487},{"id":"https://openalex.org/C2988145974","wikidata":"https://www.wikidata.org/wiki/Q620615","display_name":"Mobile apps","level":2,"score":0.32199999690055847},{"id":"https://openalex.org/C123201435","wikidata":"https://www.wikidata.org/wiki/Q456632","display_name":"Information privacy","level":2,"score":0.3043000102043152},{"id":"https://openalex.org/C125620115","wikidata":"https://www.wikidata.org/wiki/Q845249","display_name":"Logging","level":2,"score":0.3005000054836273},{"id":"https://openalex.org/C2777407602","wikidata":"https://www.wikidata.org/wiki/Q1888932","display_name":"Mandatory access control","level":4,"score":0.29809999465942383},{"id":"https://openalex.org/C132835097","wikidata":"https://www.wikidata.org/wiki/Q7663745","display_name":"System safety","level":2,"score":0.28760001063346863},{"id":"https://openalex.org/C3020250448","wikidata":"https://www.wikidata.org/wiki/Q620615","display_name":"Smartphone application","level":2,"score":0.28619998693466187},{"id":"https://openalex.org/C527821871","wikidata":"https://www.wikidata.org/wiki/Q228502","display_name":"Access control","level":2,"score":0.2703999876976013},{"id":"https://openalex.org/C140547941","wikidata":"https://www.wikidata.org/wiki/Q7797194","display_name":"Threat model","level":2,"score":0.2606000006198883},{"id":"https://openalex.org/C546215728","wikidata":"https://www.wikidata.org/wiki/Q39531","display_name":"Bluetooth","level":3,"score":0.2567000091075897}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/pst65910.2025.11268827","is_oa":false,"landing_page_url":"https://doi.org/10.1109/pst65910.2025.11268827","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2025 22nd Annual International Conference on Privacy, Security, and Trust (PST)","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":8,"referenced_works":["https://openalex.org/W2174721749","https://openalex.org/W2343325785","https://openalex.org/W2794237666","https://openalex.org/W2989568668","https://openalex.org/W3091398449","https://openalex.org/W3185728547","https://openalex.org/W4315836472","https://openalex.org/W4402571249"],"related_works":[],"abstract_inverted_index":{"The":[0,103,146],"safety":[1,27,68,97,156,172],"and":[2,17,28,62,69,76,87,92,190],"privacy":[3,111],"of":[4,15,37,96,114],"medical":[5],"devices":[6,25],"is":[7,31,182],"critical,":[8],"as":[9,41],"they":[10],"directly":[11],"affect":[12],"the":[13,35,94,162,187,196],"health":[14],"users":[16],"handle":[18],"sensitive":[19,136],"personal":[20],"data.":[21],"Ensuring":[22],"that":[23,82,133,150,166,181],"these":[24],"meet":[26],"security":[29,70],"standards":[30],"essential,":[32],"especially":[33],"with":[34,138],"rise":[36],"do-it-yourself":[38],"solutions":[39],"such":[40],"open-source":[42],"artificial":[43],"pancreas":[44],"systems":[45],"(APSs)":[46],"for":[47,79,110],"insulin":[48],"delivery.":[49],"In":[50],"this":[51],"work,":[52],"we":[53],"study":[54],"AndroidAPS,":[55],"an":[56,64],"APS":[57],"controller":[58],"written":[59],"in":[60,195],"Kotlin,":[61],"propose":[63],"approach":[65],"to":[66,108,143,161,170],"detect":[67],"issues.":[71],"We":[72,99,164],"develop":[73],"a":[74,84],"modeling":[75],"analysis":[77],"framework":[78],"Kotlin":[80],"applications":[81],"extracts":[83],"structural":[85],"model":[86],"supports":[88],"detecting":[89],"logging":[90,106],"vulnerabilities":[91],"ensuring":[93],"application":[95],"constraints.":[98],"conduct":[100],"two":[101],"experiments.":[102],"first":[104],"examines":[105],"behavior":[107],"check":[109],"risks.":[112],"Out":[113],"$\\mathbf{3,":[115],"0":[116],"5":[117],"9":[118],"~":[119],"l":[120],"o":[121],"g":[122,123],"i":[124],"n":[125],"g}$":[126],"instances,":[127],"our":[128],"tool":[129],"identified":[130],"48":[131],"sinks":[132],"received":[134],"144":[135],"flows,":[137],"$68":[139],"\\%$":[140],"precision":[141],"due":[142],"coarse-grained":[144],"flagging.":[145],"second":[147],"experiment":[148],"verifies":[149],"calculation-related":[151,179],"values":[152],"are":[153],"validated":[154,185,193],"against":[155],"constraints":[157],"before":[158],"being":[159],"set":[160],"profile.":[163],"show":[165],"AndroidAPS":[167],"generally":[168],"adheres":[169],"its":[171],"design":[173],"properties,":[174],"but":[175],"it":[176],"has":[177],"one":[178],"value":[180],"not":[183],"explicitly":[184],"at":[186],"plugin":[188],"level":[189],"only":[191],"partially":[192],"earlier":[194],"flow.":[197]},"counts_by_year":[],"updated_date":"2026-05-05T08:41:31.759640","created_date":"2025-12-03T00:00:00"}