Erik Derr

Erik Derr

PhD Student @CISPA



I am a Ph.D. student in Computer Science at CISPA / Saarland University and a member of the IS&C Group. My advisor is Michael Backes. My research interests particularly focus, but are not limited to, code analysis, mobile security (in particular on Android), and security/privacy on IoT devices.


R-Droid constitutes a novel slice-optimization approach to leverage static analysis of Android applications. Building on top of precise application lifecycle models, we employ a slicing-based analysis to generate data-dependent statements for arbitrary points of interest in an application. As a result of our optimization, the produced slices are, on average, 49% smaller than standard slices, thus facilitating code understanding and result validation by security analysts. Moreover, by re-targeting strings, our approach enables automatic assessments for a larger number of use-cases than prior work.

On a large-scale data-leak analysis on a set of 22,700 Android apps from Google Play, R-Droid managed to identify a significantly larger set of potential privacy-violating information flows than previous work, including 2,157 sensitive flows of password-flagged UI widgets in 256 distinct apps.

In contrast to the Android application layer, Android's application framework's internals and their influence on the platform security and user privacy are still largely a black box for us. In this paper, we establish a static runtime model of the application framework in order to study its internals and provide the first high-level classification of the framework's protected resources. We thereby uncover design patterns that differ highly from the runtime model at the application layer.

We demonstrate the benefits of our insights for security-focused analysis of the framework by re-visiting the important use-case of mapping Android permissions to framework/SDK API methods. We, in particular, present a novel mapping based on our findings that significantly· improves on prior results in this area that were established based on insufficient knowledge about the framework's internals. Moreover, we introduce the concept of permission locality to show that although framework services follow the principle of separation of duty, the accompanying permission checks to guard sensitive operations violate it.

Find permission mappings and other data on

Third-party libraries on Android have been shown to be security and privacy hazards by adding security vulnerabilities to their host apps or by misusing inherited access rights. Correctly attributing improper app behavior either to app or library developer code or isolating library code from their host apps would be highly desirable to mitigate these problems, but is impeded by the absence of a third-party library detection that is effective and reliable in spite of obfuscated code.

We propose LibScout, a library detection technique that is resilient against common code obfuscations and that is capable of pinpointing the exact library version used in apps. Libraries are detected with profiles from a comprehensive library database that we generated from the original library SDKs. We apply our technique to the top apps on Google Play and their complete histories to conduct a longitudinal study of library usage and evolution in apps.

Find more information and the source-code on



The Rise of the Citizen Developer: Assessing the Security Impact of Online App Generators
Marten Oltrogge,  Erik Derr,  Christian Stransky,  Yasemin Acar,  Sascha Fahl,  Christian Rossow,  Giancarlo Pellegrino,  Sven BugielMichael Backes
In 39th IEEE Symposium on Security and Privacy (S&P '18),
IEEE. 2018. [Acceptance rate: 11.5% (63/549)]

[Bibtex] [PDF]

The Impact of Third-party Code on Android App Security
Erik Derr
Usenix Enigma 2018,
USENIX. 2018.

[Bibtex] [Slides] [Talk]

Keep me Updated: An Empirical Study of Third-Party Library Updatability on Android
Erik Derr*,  Sven Bugiel,  Sascha Fahl,  Yasemin Acar,  Michael Backes
In 24th ACM Conference on Computer and Communications Security (CCS '17),
ACM. 2017. [Acceptance rate: 18% (151/836)]

[Bibtex] [PDF] (*lead author)

Reliable Third-Party Library Detection in Android and its Security Applications
Michael BackesSven Bugiel,  Erik Derr*.
In 23rd ACM Conference on Computer and Communications Security (CCS '16),
ACM. 2016. [Acceptance rate: 16.5% (137/831)]

[Bibtex] [PDF] (*lead author)

On Demystifying the Android Application Framework: Re-Visiting Android Permission Specification Analysis
Michael BackesSven Bugiel,  Erik Derr*,  Patrick McDanielDamien OcteauSebastian Weisgerber.
In 26th USENIX Security Symposium (SEC '16),
USENIX. 2016. [Acceptance rate: 15.6% (72/463)]

[Bibtex] [PDF] (*lead author)

R-Droid: Leveraging Android App Analysis with Static Slice Optimization
Michael BackesSven Bugiel,  Erik Derr*,  Sebastian GerlingChristian Hammer.
In 11th ACM Asia Conference on Computer and Communications Security (ASIACCS '16), ACM. 2016.

[Bibtex] [PDF] (*lead author)

Taking Android App Vetting to the Next Level with Path-sensitive Value Analysis
Michael BackesSven Bugiel,  Erik Derr,  Christian Hammer.
Technical report A/02/2014, Saarland University, April, 2014.

[Bibtex] [PDF]

Advances in Mobile Security
Sven Bugiel,  Erik Derr,  Sebastian GerlingChristian Hammer.
Lauster, Michael (Ed.): 8th Future Security - Security Research Conference, pp. 286–295, Fraunhofer Verlag, 2013 .



External reviewer

  • Computer and Communication Security (CCS)    2015
  • European Symposium on Research in Computer Security (ESORICS)    2017, 2015
  • IEEE European Symposium on Security and Privacy (Euro S&P)    2017
  • IEEE Symposium on Security and Privacy (S&P)    2019, 2017
  • International Joint Conference on Pervasive and Ubiquitous Computing (UbiComp)    2016
  • USENIX Security (SEC)   2017




  • Since Oct. 2012
    CISPA, Saarland University - PhD Student

    Research area: Mobile security

  • Aug. 2010 to Oct. 2012
    Saarland University - M.Sc.
    (with distinction)

    Master's Thesis: Verifying the Internet Access of Android Applications

  • Okt. 2005 to Aug. 2010
    Saarland University - B.Sc.

    Bachelor's Thesis: Improving token-based HTTP anomaly detection in web applications


  • Jan. 2012 to current
    Software Engineer at Backes SRT, formerly X-pire!, Saarbrücken
  • Nov. 2007 to Dez. 2011
    Software Engineer at
    Mara Systems, Saarbrücken
  • Dez. 2006 to Nov. 2007
    Software Engineer at T-Systems Enterprise Services, Saarbrücken
  • Oct. 2005 to Oct. 2006
    Software Engineer at
    ILC Prostep, Bexbach