Dynamic Analysis of Mobile Applications
Category: Mobile security
Location: any
Contact:
Bernhard Tellenbach
Our mobile phone is a central element in our everyday professional and private lives. It should therefore meet particularly high standards of security and privacy. However, for a device that consists of hardware and software parts from many different manufacturers, it requires a lot of trust that they all act with good intentions and have development and testing processes that lead to highly secure and privacy preserving solutions. To avoid having to blindly trust the manufacturers, various approaches have been developed to analyze the hardware and software of these devices in terms of security and privacy. In this work, we focus on approaches that are based on the dynamic analysis of mobile applications.
With dynamic analysis, to discover vulnerabilities or behavior that is potentially harming the security and privacy of a device, the respective code must be (virtually) executed. Hence, one wants to execute (cover) as much of an application’s code (and behavior) as possible. Unfortunately, there are several challenges that make this a difficult problem. The first one is related to behavior triggered by input from humans. To trigger it, one needs to generate realistic human interactions consisting of touch gestures, text input, and other forms of input. Another challenge is the interaction of the app with underlying system events, like battery state changes, interruptions by calls or notifications, and hardware sensor inputs. All of these might impact the behavior of the app and can occur at virtually any time during its execution. Finally, also other aspects like network errors and network quality can be relevant to what behavoir (or code) is executed.
Objectives
The objective of this student project is to investigate, compare, test and improve methods to maximize coverage. Since there are many different aspects of the problem, each student project will focus on selected aspects only.
One of these aspects or sub-problems is triggering as much of the network-level behavior of an app as possible. Another one is focussing on triggering behavior where simple “click-monkey” approaches fail - behavior that is preceeded by a complicated sequence of user interactions and inputs. The former is for example critical for identifying behavior that might be problematic from a privacy point of view. The later for efficient discovery of vulnerabilities hidden behind complicated user interactions using fuzzing.
Requirements
- Strong interest in mobile application security
- Knowledge of networks, internet protocols and emulation/virtualization
- Very good knowledge in at least one Programming language (C, Java, Python,…)
- Experience in security testing, especially fuzzing, is a plus
- Mindset to learn the additional skills