What kind of risks are posed by mobile apps?

With its platform, the start-up project Queryella enables in-depth checks of mobile apps for security vulnerabilities and data protection violations. It contributes to the protection of users and companies. The promising project has been funded by the German Federal Ministry of Education and Research (BMBF) since July 2021 with €0.8 million as part of the StartUpSecure initiative. It is supported by the StartUpSecure | ATHENE start-up incubator.


Mobile apps support us in almost all aspects of life. In the process, they often need access to extensive private information to perform their services. Criminals can gain access to this data via malicious apps and use it to their advantage. But even trusted apps often extend their functionality with external code that can be risky. Research shows that advertising code processes private data - often without sufficient restrictions, without the users' and sometimes even without the developers' knowledge. Consequently, very sensitive information, such as access data or data on financial transactions, can be tapped with deceptive or no protection. Evaluating security risks is difficult even for experts because external code is sometimes hidden.

Meta-analyses to identify risks

The Queryella platform enables mobile apps to be analyzed and assessed for privacy and security compliance. For this, it integrates various code scanners that can perform advanced, in-depth analysis and comprehensive risk assessment of apps - even before an app is installed on a device. For this purpose, various technical approaches for detecting hidden security vulnerabilities are further developed and combined with existing methods from other sources through meta-analyses.

A platform with many possible applications

The analysis of apps is just the beginning: further development will focus on business software such as CRM systems, thus promising a wide range of possible applications. The solution addresses several target groups at once:

  • It enables users to check apps even before installing them on their devices.
  • Companies can check apps for compliance with their corporate policies or data protection regulations.
  • Developers are alerted to vulnerabilities early in the app development process. The easy-to-understand user interface also helps assess the risks of mobile apps.

A research team with founding intentions

The solution’s creators belong to Professor Mira Mezini’s research team. They are leading scientists at TU Darmstadt in software engineering with a focus on the security of apps and cloud systems. Dr. Leonid Glanz, Dr. Lars Baumgärtner, Patrick Müller, and Florian Breitfelder want to use the StartUpSecure funding from the BMBF to further develop the solution from research into a marketable product and prepare the founding of a new company in the coming months. For this purpose, the team is supported by Carola Heyn-Benedikt in business development.

About the StartUpSecure funding program

The BMBF’s StartUpSecure funding program supports innovative projects in the field of IT security with financial resources for two funding phases. The first development phase (Phase I) aims to expand the technical feasibility of a start-up idea and highlight its commercial viability. The second phase (Phase II) focuses on the market launch of the product or service. Among other things, this involves developing a strategy for successfully establishing the designed product on the market. The start-up incubator StartUpSecure | ATHENE acts as a contact for all matters relating to the funding program and helps, for example, with the application process.

About StartUpSecure | ATHENE

The start-up incubator StartUpSecure | ATHENE at the National Research Center for Applied Cybersecurity ATHENE promotes the development of ideas in cybersecurity throughout Germany. The team, based at the Fraunhofer Institute for Secure Information Technology SIT and the Technical University of Darmstadt, supports (potential) founders who, for example, want to develop innovative IT security solutions from their studies or science and develop them into market-ready products. StartUpSecure | ATHENE offers a wide range of support services with specific reference to cybersecurity. In this context, the start-up incubator works closely with the HIGHEST innovation and start-up center at Darmstadt Technical University and the Digital Hub Cybersecurity, among others.

Further information on Queryella and the funded start-up project “APPassay” on the BMBF website (in german): www.forschung-it-sicherheit-kommunikationssysteme.de/projekte/appassay