AppCensus AppSearch analyzes free publicly-available Android apps and reports the private and personally identifying information that different apps access and share with other parties over the Internet. We collect our results using a technique called dynamic analysis. This means that we actually run each of the apps on real mobile phones in our testing laboratory. We install the app, grant the requested permissions, and proceed to use the app for a period of time. While we are using an app, we collect as much data about what the app is doing on the phone and what data it sends over the Internet. We collect this data with a bespoke version of the Android operating system and network monitoring tools that together observe what personal data is being accessed by an app and then with whom that app shares it.

By exhaustively testing each app, our results reflect the actual behaviour of the apps when they are used. When we report that an app sent the phone's serial number to an advertising network, this is not a possibility of something the app may do, but rather actual app behaviour that we observed in our laboratory. Despite that, we may not actually detect all transmissions of private data: while we can be fairly certain of what we do find, it may be incomplete (i.e., it is possible that the app did not engage in certain behaviors during the testing period, but otherwise might if played for longer or under different circumstances).

AppCensus, Inc. is the fusion of multiple research projects focused on mobile privacy and security. The following publications describe the technology behind AppCensus:

AppCensus started as a collaboration between the following groups:

Berkeley Laboratory for Usable and Experimental Security

Website / More Information

ICSI Usable Security & Privacy Group

Website / More Information

The Haystack Project

Website / More Information