CPSC 601.93: Mobile Security and Privacy (Winter 2021)

Announcements | General Information


General information

Instructor: Joel Reardon, ICT 642, e-mail joel.reardon [at] ucalgary [dot] ca
Lectures: TR 10:00--11:15 zoom Meeting ID: 950 0204 4822
from 2021.01.11 to 2021.04.15

Course Overview

This course does a full stack investigation on how to work with the Android Open Source Project and associated components to do security and privacy research on mobile devices. The first four lectures will combine theory and practice and focus on different layers in the Android platform. We will learn how to instrument the operating system, flash mobile phones, and do experiments to collect data. We will learn how to reverse engineer apps and examine their behaviour.

The first week of lectures will cover basics of Android: adding logging, finding components in the code, and flashing new operating systems to the phone. The second week will go futher, and introduce fundamental components such as content providers, intent broadcasting, and how managers and services interact. The third week will introduce app decompiling and how to navigate through decompiled code and run them in an instrumented environment. The fourth week will look at the Linux kernel and instrumenting aspects of it, such as the file system.

There will be exercises where finding parts of the code where things are happening get instrumented. In addition, students will search for some interesting part of the operating system to instrument and give a presentation and a how to on what they instrumented and how. We will further look at research on this topic and have seminar discussions on it in the latter part of the course.

There will also be a course project worth half of the grade. Students will pick a topic related to course's theme, for example, building an instrumentation of the Android platform and using it to collect data. The project will be delivered in two formats: (i) as a conference-style paper describing the research, (ii) as a 20-minute presentation given in the final two lectures. A non-graded project proposal will be due one month into the course to ensure that students are on track, having a focus and topic for their research project, and to give an initial template from which to expand out the final project report.

Course Evalation
link to some apps

Paper List

This list is provisionary. The students can also suggest a paper and not all these papers will be presented.
Title Presenter
An Empirical Study of Cryptographic Misuse in Android Applications Kyle
Panoptispy: Characterizing Audio and Video Exfiltration from Android Applications Allan
Android Rooting: An Arms Race between Evasion and Detection Zilin
ReCon: Revealing and Controlling PII Leaks in Mobile Network Traffic Mohammad
Obfuscation-Resilient Privacy Leak Detection for Mobile Apps Through Differential Analysis Soroush
An Analysis of Pre-installed Android Software AJ
Execute This! Analyzing Unsafe and Malicious Dynamic Code Loading in Android Applications Majid
Cloak and Dagger: From Two Permissions to Complete Control of the UI Feedback Loop Emad
Phishing attacks on modern android Joan
Why Are They Collecting My Data?: Inferring the Purposes of Network Traffic in Mobile Apps Amin
Apps Trackers Privacy and Regulators A Global Study of the Mobile Tracking Ecosystem Ali
Bug Fixes Improvements ... and Privacy Leaks
What the App is That? Deception and Countermeasures in the Android User Interface
Baredroid: Large-scale analysis of android apps on real devices
Studying TLS Usage in Android Apps
REAPER: Real-time App Analysis for Augmenting the Android Permission System

Course Admissions

The course is open to graduate students in the computer science department. Graduate students in any department at the University of Calgary are welcome to attend with consent of the instructor, and will be expected to be able to read and understand published research papers on the topic. Undergraduate students at the University of Calgary are also welcome to attend with consent of the instructor and the same expectations as graduate students. These admissions will be space permitting with priority given first to graduate students in the department of Computer Science and second to those with high GPAs.

Last updated: