What are the risks of mobile apps?


With its platform, the start-up project Queryella enables in-depth checks of mobile apps for security vulnerabilities and data protection violations and contributes to the protection of users and companies. The promising project has been funded by the Federal Ministry of Education and Research (BMBF) since the beginning of July 2021 with €0.8 million as part of the StartUpSecure initiative and is supported by the StartUpSecure I ATHENE start-up incubator.

Mobile apps support us in almost all aspects of life. In doing so, they often need access to extensive private information in order to be able to perform their services. Criminals can gain access to this data via malicious apps and use it to their advantage. But even trusted apps often extend their functionality with external code that can be risky. Research shows that advertising code in particular processes private data - often without sufficient restrictions, without the knowledge of the users and sometimes even without the knowledge of the developers. As a result, very sensitive information, such as access data or data on financial transactions, can be tapped with deceptive or no protection. The assessment of security risks is difficult even for experts, as external code is sometimes hidden.

Meta-analyses to identify risks

The Queryella platform enables mobile apps to be analysed and assessed for privacy and security compliance.The analysis platform integrates various code scanners that can perform advanced, in-depth analysis and comprehensive risk assessment of apps - even before an app is installed on a device. For this purpose, various technical approaches for detecting hidden security vulnerabilities are further developed and the different methods are combined together with existing methods from other sources through meta-analyses.

One platform, many possible applications
The analysis of apps is just the beginning: further development will concentrate on business software such as CRM systems and thus promises a wide range of possible applications.
The solution addresses several target groups at once:

It enables users to check apps even before they install them on their devices.
Companies can check apps for compliance with their company policies or data protection regulations.
Developers are made aware of vulnerabilities early on in the app development process. The easy-to-understand user interface also helps to assess the risks of mobile apps.
Research team with spin-off intentions
The creators of the solution belong to Professor Mira Mezini's research team and are leading scientists at TU Darmstadt in the fields of software development with a focus on the security of apps and cloud systems. Dr. Leonid Glanz, Dr. Lars Baumgärtner, Patrick Müller and Florian Breitfelder want to use the StartUpSecure funding from the BMBF to further develop the research solution into a marketable product in the coming months and prepare for the spin-off. For this purpose, the team will be supported by Carola Heyn-Benedikt in the area of business development.

About the StartUpSecure funding programme
The BMBF's StartUpSecure funding programme supports innovative projects in the field of IT security with financial resources for two funding phases. The aim of the first development phase (Phase I) is to expand the technical feasibility of a start-up idea and to highlight its commercial viability. The second phase (Phase II) focuses on the market launch of the product or service. Among other things, this involves working out a strategy for successfully establishing the developed product on the market. The start-up incubator StartUpSecure | ATHENE acts as a contact partner for all matters relating to the funding programme and helps with the application process, for example.

About StartUpSecure | ATHENE

The start-up incubator StartUpSecure | ATHENE at the National Research Centre for Applied Cyber Security ATHENE promotes the development of ideas in the field of cyber security throughout Germany. The team, based at the Fraunhofer Institute for Secure Information Technology SIT and the Technical University of Darmstadt, supports (potential) founders who, for example, develop innovative IT security solutions from their studies or science and would like to develop these into market-ready products. StartUpSecure | ATHENE offers a wide range of support services with specific reference to cyber security. The start-up incubator works closely with the HIGHEST innovation and start-up centre at Darmstadt University of Technology and the Digital Hub Cybersecurity, among others.

Further information on Queryella and its funded start-up project "APPassay" on the BMBF website:

show all news