Semester of Graduation

Fall 2025

Degree

Master of Science (MS)

Department

Computer Science and Engineering

Document Type

Thesis

Abstract

With the exponential growth in mobile applications, protecting user privacy has become even more crucial. Android applications are often known for collecting, storing, and sharing sensitive user information such as contacts, location, camera, and microphone data—often without the user’s clear consent or awareness—raising significant privacy risks and exposure. In the context of privacy assessment, dataflow analysis is particularly valuable for identifying data usage and potential leaks. Traditionally, this type of analysis has relied on formal methods, heuristics, and rule-based matching. However, these techniques are often complex to implement and prone to errors, such as taint explosion for large programs. Moreover, most existing Android dataflow analysis methods depend heavily on pre- defined list of sinks, limiting their flexibility and scalability. To address the limitations of these existing techniques, we propose AndroByte, an AI-driven privacy analysis tool that leverages LLM reasoning on bytecode summarization to dynamically generate accurate and explainable dataflow call graphs from static code analysis. AndroByte achieves a significant Fβ-Score of 89% in generating dynamic dataflow call graphs on the fly, outperforming the effectiveness of traditional tools like FlowDroid and Amandroid in leak detection without relying on predefined propagation rules or sink lists. Moreover, AndroByte’s iterative bytecode summarization provides comprehensive and explainable insights into dataflow and leak detection, achieving high, quantifiable scores based on the G-Eval metric.

Date

10-18-2025

Committee Chair

Ali-Gombe, Aisha

Additional Files
Thesis_Approval.pdf (219 kB)
Student Approval Forms
Download

Available for download on Monday, November 30, 2026

Thesis_Approval.pdf (219 kB)

Included in

Cybersecurity Commons

Share

COinS