PhD Position F/M Fine-Grained Analysis of Android Application Behavior and Identification of Involved Actors

The Inria Lille - Nord Europe research centre, created in 2008, has a staff of 360, including 305 scientists in 15 research teams. Recognised for its strong involvement in the socio-economic development of the Hauts-De-France region, the Inria Lille - Nord Europe research centre pursues a close relationship with large companies and SMEs. By promoting synergies between researchers and industrialists, Inria participates in the transfer of skills and expertise in digital technologies and provides access to the best European and international research for the benefit of innovation and companies, particularly in the region.


For more than 10 years, the Inria Lille - Nord Europe centre has been located at the heart of Lille's university and scientific ecosystem, as well as at the heart of Frenchtech, with a technology showroom based on Avenue de Bretagne in Lille, on the EuraTechnologies site of economic excellence dedicated to information and communication technologies (ICT).

Android applications are highly sophisticated programs where many activities can occur in the background. Analyzing an application may reveal the presence of third-party libraries, but it is often difficult to fully understand what they do. Only by precisely analyzing what runs on a smartphone and what leaves it can we truly understand the behavior of an application and identify the actors involved.

The main objective of this thesis is to go beyond the current state of the art to precisely understand the various system calls made by an application and its dependencies, as well as to monitor what is sent over the Internet and to whom. The first goal will be to produce a synthetic review of existing empirical studies to understand the limitations and shortcomings of current tools and to identify changes imposed by the evolution of the Android platform. Based on these initial studies, a framework will be developed to automatically explore Android applications and record network activity, which will then allow for targeted analyses of different types of applications. The outcomes of this thesis will provide tools that can be used by everyone to identify data collection issues on the Android platform and to verify whether this platform, as well as the applications on the Play Store, comply with legal regulations in different countries.

1 - Writing a literature review on current practices in Android application analysis. The doctoral student will review academic literature on the subject to identify common practices in application analysis and pinpoint weaknesses in existing approaches. The student will also assess whether these approaches remain effective with the latest version of Android, as the rapid evolution of this platform can introduce major changes to analysis methods.

2 - Development of an application exploration and analysis framework. Static analysis of applications is already a good first step for understanding an application's behavior. However, this approach has many limitations, as much of the code present in an application may not be used, and other behaviors may be hidden from static analysis techniques. The goal of this framework is to automatically explore an application in order to trigger various behaviors that users might encounter, thus enabling a better understanding of the application's behavior.

3 - Using the framework to analyze different types of applications.
Some types of applications are more sensitive, such as those intended for children. The developed framework will make it possible to determine whether applications aimed at children or sensitive audiences are subject to greater risks than applications intended for the general public.

Technical Skills and Required Level: Android mobile development and proficiency in web languages (HTML, CSS, JavaScript)

Languages : French and English

• Subsidized meals
• Partial reimbursement of public transport costs
• Leave: 7 weeks of annual leave + 10 extra days off due to RTT (statutory reduction in working hours) + possibility of exceptional leave (sick children, moving home, etc.)
• Possibility of teleworking and flexible organization of working hours
• Professional equipment available (videoconferencing, loan of computer equipment, etc.)
• Social, cultural and sports events and activities
• Access to vocational training
• Social security coverage

2200€ monthly gross salary