Reliable Software Security for Mobile Devices

Lab Course - 6 CP (4 SWS)
Prof. Dr. Heiko Mantel
Yuri Gil Dantas
Tobias Hamann
Tuesdays, 09:50-11:30 in S1|03/123
(exception: No lab session on April 10)
in TUCAN, course id 20-00-0799-pr
Preparation Meeting:
April 16, 16:15-17:55 in S2|02 A313


All materials, including the assignment sheets, will be available in Moodle.


Apps running on Android smartphones have access to various kinds of private information of their users, e.g., contacts, appointments, and location. To protect such information, the Android operating system provides a mechanism for restricting access to it: the Android permission system. An app may only access a protected source of private information if it was granted the appropriate permission. However, the user has no control on how private information is propagated by an app after it has been accessed legitimately. In fact, it has been observed that many apps abuse information entrusted to them by leaking it, e.g., to the Internet.

In response to this problem, we are developing Cassandra at MAIS. Cassandra aims at increasing the transparency of how apps use private information and, thus, supporting users in protecting their privacy. The primary goal of Cassandra is that no private data or other secret information is leaked by running an app.

In this lab we will implement a simplified variant of Cassandra's technology.

In this lab course, we implement a realistic tool that will allow us to reliably detect leakage of private information on Android smartphones. The lab will cover the following topics:
  • introduction to Android and to the development of Android apps,
  • possible privacy threats due to the execution of apps,
  • detection of possible information leaks using information-flow analysis techniques,
  • static security analysis,
  • proof-carrying code,
  • extension of an existing framework for analyzing the security of apps,
  • policy languages for security.

Learning Objectives

After successfully participating in this course you will know basic concepts of Android like its permission system. You will understand security problems that can arise from executing apps and understand how such problems can be identified by information-flow analysis techniques. You will be capable of developing apps independently and of evaluating the information flows caused by running these apps against privacy requirements. You will be able to develop extensions of an existing security infrastructure and to successfully integrate them.


Knowledge of Computer Science equivalent to the first four semesters in the Computer Science Bachelor program, in particular programming skills in Java and ability to understand formal calculi.

Last modified on 29 March 2018.

A A A | Print | Imprint | Sitemap | Contact
zum Seitenanfang