Mobile Security Sven Bugiel

Sorry, but the limit for this course is reached (40 students)!
You cannot register for this course anymore.


Currently, no news are available

About the course

This advanced lecture deals with different, fundamental aspects of mobile operating systems and application security, with a strong focus on the popular, open-source Android OS and its ecosystem. In general, the awareness and understanding of the students for security and privacy problems in this area are increased. The students learn to tackle current security and privacy issues on smartphones from the perspectives of different security principals in the smartphone ecosystem: end-users, app developers, market operators, system vendors, third parties (like companies).

Central questions of this course are:

  • What is the threat model from the different principals' perspectives?
  • How are the fundamental design patterns of secure systems and security best practices realized in the design of smartphone operating systems? And how does the multi-layered software stack (i.e., middleware on top of the OS) influence this design?
  • How are hardware security primitives, such as Trusted Execution Environments, and trusted computing concepts integrated into those designs?
  • What are the techniques and solutions market operators have at hand to improve the overall ecosystem's hygiene?
  • Which problems and solutions did security research in this area identify in the past half-decade?
  • Which techniques have been developed to empower the end-users to protect their privacy?

The lectures are accompanied by exercises to reinforce the theoretical concepts and to provide an environment for hands-on experience for mobile security on the Android platform. Additionally, a short course project should give hands-on experience in extending Android's security architecture with a simple custom mechanism for access control enforcement.

Where and when

The lectures will take place every Friday from 10:00 – 12:00 starting from October 22, 2021.

Note: Physical presence will not be required and lecture recordings will be provided (via Youtube). Whether the lecture takes place physically or as a "flipped classroom" is yet to be determined.


There are no formal requirements for participation. Students who want to participate in the course should

  • have worked with a smartphone before (e.g., own an Android-based phone, iPhone, etc.)
  • be familiar with programming in Java (and C/C++)
  • should be comfortable with working with Linux

Actual programming experience on Android or at the OS level is not a prerequisite, but definitively an advantage.

Background in security is also an advantage (e.g., prior participation in the Foundations of Cybersecurity lecture or Security core lecture). However, the necessary knowledge on system design, access control, and network security will be provided in this lecture to put Android's design choices better into context.

Requirements for obtaining credit points (Scheinvergabe)

For passing the course, you need the following minimum amount of points:

  • 50% of the points from the final exam.

For admission to the exam, you need:

  • at least 50% of the points from the exercises.

The final grade is based purely on your exam results.

The end-term exam will take place TBD

The backup exam will take place TBD


Register for the course here in the CISPA CMS. Registration is open since September 01, 2021. Once you are registered here, don't forget to register in the LSF for the exam.

Please note that the number of students for this course is limited to 40!

Privacy Policy | Legal Notice
If you encounter technical problems, please contact Sven Bugiel