Understanding and measuring privacy violations in Android apps

Increasing data collection and tracking of consumers by today’s online services is becoming a major problem for individuals’ rights. It raises a serious question about whether such data collection can be legally justified under legislation around the globe. Unfortunately, the community lacks insight into such violations in the mobile ecosystem. In this dissertation, we approach these problems by presenting a line of work that provides a comprehensive understanding of privacy violations in Android apps in the wild and automatically measures such violations at scale. First, we build an automated tool that detects unexpected data access based on user perception when interacting with the apps’ user interface. Subsequently, we perform a large-scale study on Android apps to understand how prevalent violations of GDPR’s explicit consent requirement are in the wild. Finally, until now, no study has systematically analyzed the currently implemented consent notices and whether they conform to GDPR in mobile apps. Therefore, we propose a mostly automated and scalable approach to identify the current practices of implemented consent notices. We then develop an automatic tool that detects data sent out to the Internet with different consent conditions. Our result shows the urgent need for more transparent user interface designs to better inform users of data access and call for new tools to support app developers in this endeavor.Die zunehmende Datenerfassung und Verfolgung von Konsumenten durch die heutigen Online-Dienste wird zu einem großen Problem für individuelle Rechte. Es wirft eine ernsthafte Frage auf, ob eine solche Datenerfassung nach der weltweiten Gesetzgebung juristisch begründet werden kann. Leider hat die Gemeinschaft keinen Einblick in diese Verstöße im mobilen Ökosystem. In dieser Dissertation nähern wir uns diesen Problemen, indem wir eine Arbeitslinie vorstellen, die ein umfassendes Verständnis von Datenschutzverletzungen in Android- Apps in der Praxis bietet und solche Verstöße automatisch misst. Zunächst entwickeln wir ein automatisiertes Tool, das unvorhergesehene Datenzugriffe basierend auf der Nutzung der Benutzeroberfläche von Apps erkennt. Danach führen wir eine umfangreiche Studie zu Android-Apps durch, um zu verstehen, wie häufig Verstöße gegen die ausdrückliche Zustimmung der GDPR vorkommen. Schließlich hat bis jetzt keine Studie systematisch die gegenwärtig implementierten Zustimmungen und deren Übereinstimmung mit der GDPR in mobilen Apps analysiert. Daher schlagen wir einen meist automatisierten und skalierbaren Ansatz vor, um die aktuellen Praktiken von Zustimmungen zu identifizieren. Danach entwickeln wir ein Tool, das Daten erkennt, die mit unterschiedlichen Zustimmungsbedingungen ins Internet gesendet werden. Unser Ergebnis zeigt den dringenden Bedarf an einer transparenteren Gestaltung von Benutzeroberflächen, um die Nutzer besser über den Datenzugriff zu informieren, und wir fordern neue Tools, die App-Entwickler bei diesem Unterfangen unterstützen. ii

Integrated cost management system for delivering construction projects

Cost management forms a major discipline in delivering construction projects of different sizes and complexity. Traditional cost management systems are mostly based on principles enacted several decades ago. A notable feature of these traditional cost management systems is that key information required for critical decisions is usually produced too late, and is often too aggregated and configured in a form that is not amenable to the requirements for current project management practice. Other problems associated with traditional cost systems relate to inadequacies in estimating and cost control processes and particularly the lack of integration of cost management across the whole project. The lack of integration means measurements provided by traditional cost systems do not sufficiently align with the goals and objectives set for the project. To address these inherent weaknesses in the current practice of cost management, a number of studies have argued for an integrated alternative that better responds to the information demand and decision making need to be developed. The thesis presents the development of a solution to such an integrated cost management system. The developed solution addresses the gaps of the traditional option by integrating the stages making up the whole life cycle of the project to enable professionals gain an appreciation of the ramifications of any early decisions made. The investigation conducted to support the development of the integrated cost management system and the applied model addresses user requirements and determination of the system boundary conditions for efficacious use by key decision makers. The new cost management system developed achieves a linkage of the planning and control stages into one, with a continuous stream of cost management information in both stages. The integration ensures that cost information is more relevant to the circumstances of the modern project manager