Mobile Security

Sven Bugiel

News

UdS Students: Backup Exam Results and Inspection

Written on 26.03.24 by Sven Bugiel

Dear all,

The results of the backup exam are now visible in the CMS. I will upload them to the LSF after the exam inspection.

The exam inspection will take place on April 05, 10:00–12:00, in CISPA (E9.1), room 0.07. To coordinate the inspection, please book a time slot via the link at "UdS Book… Read more

Dear all,

The results of the backup exam are now visible in the CMS. I will upload them to the LSF after the exam inspection.

The exam inspection will take place on April 05, 10:00–12:00, in CISPA (E9.1), room 0.07. To coordinate the inspection, please book a time slot via the link at "UdS Book Backup Exam Inspection Slot" in the course materials in CMS. 

Seating Plan for backup exam now visible

Written on 18.03.24 by Sven Bugiel

The seating plan for the backup exam is now visible. Please excuse the confusion; there was a misconfiguration in the access control.

UdS Students: Backup exam info

Written on 18.03.24 by Sven Bugiel

Dear participants from UdS,

All UdS students registered in LSF/HISPOS have been assigned a seat for the backup exam on Friday, 22.03.2024, between 10:00–12:00 in the E3.1 HS002 lecture hall.

Please check the CMS for your assigned seat. If you can't register in LSF (e.g., Erasmus, non-CS… Read more

Dear participants from UdS,

All UdS students registered in LSF/HISPOS have been assigned a seat for the backup exam on Friday, 22.03.2024, between 10:00–12:00 in the E3.1 HS002 lecture hall.

Please check the CMS for your assigned seat. If you can't register in LSF (e.g., Erasmus, non-CS department,...) but intend to attend the exam, please contact me ASAP to get a seat assigned.

Further, I added a 1h recap lecture to the "5 Old Exams" section of the course materials, where I explained again some lecture content that I noticed was frequently misunderstood in the endterm exam.

Exam results and inspection

Written on 04.03.24 by Sven Bugiel

Dear all,

The exam results are now in the CMS under "UdS Exams" or "LUH Exam," respectively. I will enter the grades into LSF and QIS later today.

For the exam inspection:

UdS Students: Exam inspection will be on Wednesday, Mar 06, between 15:00–17:00 in room 0.07 at CISPA E9.1. Please note… Read more

Dear all,

The exam results are now in the CMS under "UdS Exams" or "LUH Exam," respectively. I will enter the grades into LSF and QIS later today.

For the exam inspection:

UdS Students: Exam inspection will be on Wednesday, Mar 06, between 15:00–17:00 in room 0.07 at CISPA E9.1. Please note that we'll only allow four students at a time in the room.

LUH Students: Exam inspection will be online via BigBlueButton in Stud.Ip (a corresponding room should be visible there to you) on Friday, Mar 08, between 10:00–12:00. You need to book a slot for your inspection. A link for booking slots will be posted in the CMS Course Materials section today at 13:00. Please book by Thursday at the latest.

UdS Students: Exam info

Written on 19.02.24 by Sven Bugiel

Dear participants from UdS,

All UdS students registered in LSF/HISPOS have been assigned a seat for the exam on Thursday, 22.02.2024 between 10:00–12:00 in the GHH in E2.2.

Please check the CMS for your assigned seat. If you can't register in LSF (e.g., Erasmus, non-CS department,...) but intend… Read more

Dear participants from UdS,

All UdS students registered in LSF/HISPOS have been assigned a seat for the exam on Thursday, 22.02.2024 between 10:00–12:00 in the GHH in E2.2.

Please check the CMS for your assigned seat. If you can't register in LSF (e.g., Erasmus, non-CS department,...) but intend to attend the exam, please contact me ASAP to get a seat assigned.

LUH Students: Exam info

Written on 15.02.24 (last change on 19.02.24) by Sven Bugiel

Update:

Since there was no update from the LUH Dean's office, the exam will take place as planned tomorrow at 08:00 despite the ÜSTRA strike. I hope to see all that registered in QIS tomorrow at the exam!

Dear all,

Here is some information about the exam at LUH next Tuesday, Feb 20:

Update:

Since there was no update from the LUH Dean's office, the exam will take place as planned tomorrow at 08:00 despite the ÜSTRA strike. I hope to see all that registered in QIS tomorrow at the exam!

Dear all,

Here is some information about the exam at LUH next Tuesday, Feb 20:

  • The exam starts at 08:00, so please be there on time
  • The exam sheet is in English, but you can answer in English, German, or a mixture thereof (as long as it remains legible)
  • You can bring a Duden; however, I’ll be present during the exam to help out in case of language barriers or if an exam question is unclear
  • No cheat sheet or notes
  • Writing utensils must be permanent (i.e., no lead pencil) and not red or green colored.

If there are any other questions, please use the Askbot or contact me.

PS: Sorry for the potential double posting, but my direct email bounced for several students.

Updated solution for old exams

Written on 07.02.24 by Sven Bugiel

Please note that there was an error in the answer for Question 3.1 in the sample solutions for the old exams. The incorrect answer was an artifact from an old version of that question where the root CA was pinned for any connection. A revised version with additional explanations was uploaded to the… Read more

Please note that there was an error in the answer for Question 3.1 in the sample solutions for the old exams. The incorrect answer was an artifact from an old version of that question where the root CA was pinned for any connection. A revised version with additional explanations was uploaded to the CMS. Thanks to the students who spotted this!

For UdS Students: Course Evaluation

Written on 12.01.24 by Sven Bugiel

Dear all, the course evaluations at UdS are happening until Jan 31. I shared the link to the Qualtrics in the "Organizational Matters" section of the course materials in the CMS. We would appreciate it if the UdS students could take 5 minutes to answer the survey and provide feedback for this course.

Corrected error in Solution for TLS Exercise 07

Written on 16.12.23 by Sven Bugiel

There was an error in the solution for retrieving the SHA-256 value for certificate pinning with NSC. The new uploaded version shows the correct command

Tomorrow only online classroom

Written on 16.11.23 by Sven Bugiel

This is a reminder that tomorrow's flipped classroom, unfortunately, has to take place only online via Zoom since the lecture hall is not available.

Lecture videos for Security Architecture IV online

Written on 13.11.23 by Sven Bugiel

The links to the videos were added to the lecture schedule and the slides are in the materials section. 

Advertisements in lecture videos

Written on 10.11.23 by Sven Bugiel

There were complaints about the ads in the lecture videos. I understand that ads are annoying, but I am not placing them in the videos. I am not monetizing the lecture videos. Google shows the ads if you watch the videos with a non-premium account. If the ads are too annoying for many of you, we can… Read more

There were complaints about the ads in the lecture videos. I understand that ads are annoying, but I am not placing them in the videos. I am not monetizing the lecture videos. Google shows the ads if you watch the videos with a non-premium account. If the ads are too annoying for many of you, we can consider another platform to publish the videos, though some features of YouTube, like streaming videos, chapters, etc, might be lost. If you think we should move the videos somewhere else, I would appreciate advice/wishes in an Askbot discussion.

Lecture videos for Security Architecture III online

Written on 07.11.23 by Sven Bugiel

The YouTube links to the Security Architecture III lecture are now in the lecture schedule, and the corresponding slides are in the lecture materials.

Recordings and materials of today are online

Written on 03.11.23 by Sven Bugiel

The recording of the flipped classroom is online, and the slides and the quiz are in the Materials section. The link to the recording is in the schedule. Further, I added three short videos to the Crash Course playlist on Youtube, which show how to a) request and use dangerous permission, b) use… Read more

The recording of the flipped classroom is online, and the slides and the quiz are in the Materials section. The link to the recording is in the schedule. Further, I added three short videos to the Crash Course playlist on Youtube, which show how to a) request and use dangerous permission, b) use signature permission with/without knownSigner to protect app components, and c) delegate access rights via PendingIntents.

Have a nice weekend!

Short self-assessment quiz for this week's lecture

Written on 31.10.23 by Sven Bugiel

I added a link to a short self-assessment quiz to the lecture schedule. This allows you to quickly check if you understood some of the main points from this week's lecture. It's a Google Form, but it does not require any Google account and does not collect anything besides the answers.

Lecture videos for Security Architecture II online

Written on 31.10.23 by Sven Bugiel

The YouTube links to the Security Architecture II lecture are now in the lecture schedule and the corresponding slides are in the lecture materials.

Flipped classroom link and Exercise 01 published

Written on 27.10.23 by Sven Bugiel

The link for a recording of today's flipped classroom has been added to the lecture schedule. Unfortunately, the recording during live lecture crashed and this is only a re-recording of my part. Please add the questions that you remember being asked during the lecture to Askbot. I will answer them in… Read more

The link for a recording of today's flipped classroom has been added to the lecture schedule. Unfortunately, the recording during live lecture crashed and this is only a re-recording of my part. Please add the questions that you remember being asked during the lecture to Askbot. I will answer them in Askbot, so we have at least a written collection of the Q&A of today's classroom.

Exercise 01 has been published in the course material section, both the PDF of the exercise sheet and the APKs for the practical parts.

Lecture videos for Security Architecture I online

Written on 25.10.23 by Sven Bugiel

The YouTube links to the Security Architecture I lecture are now in the lecture schedule.

Crash course in Android App Programming

Written on 24.10.23 by Sven Bugiel

We added the link to a short YouTube playlist covering the basics of using Android Studio for App programming (Intents, BroadcastReceivers, started/bound Services). If you are new to Android app programming and intend to do the practical exercises, this should introduce you to the essentials.

Videos for Kick-off, Organizational Matters, and Motivation are online

Written on 18.10.23 by Sven Bugiel

The YouTube links to the recordings for the course Kick-off, Organizational Matters, and Motivation/Lecture content are now in the lecture schedule table in CMS. They explain how the course is structured and what to expect content-wise.
Show all
Important notice for the registration of LUH students: The CMS enforces a matriculation number with 7 digits. Since this isn't configurable, we suggest registering with a slightly modified matriculation number (e.g., 10001234 -> 1001234). Registration for the exam is done with the systems of the LUH where the correct matriculation number can be used.

About the course

This advanced lecture deals with different fundamental aspects of mobile operating systems and application security, focusing strongly on the popular, open-source Android OS and its ecosystem. In general, the awareness and understanding of the students for security and privacy problems in this area are increased. The students learn to tackle current security and privacy issues on smartphones from the perspectives of different security principals in the smartphone ecosystem: end-users, app developers, market operators, system vendors, and third parties (like companies).

The central questions of this course are:

  • What is the threat model from the different principals' perspectives?
  • How are the fundamental design patterns of secure systems and security best practices realized in the design of smartphone operating systems? And how does the multi-layered software stack (i.e., middleware on top of the OS) influence this design?
  • How are hardware security primitives, such as Trusted Execution Environments and trusted computing concepts, integrated into those designs?
  • Which problems and solutions did security research in this area identify in the past half-decade?
  • Which techniques have been developed to empower the end-users to protect their privacy?

The lectures are accompanied by exercises to reinforce the theoretical concepts and to provide an environment for hands-on experience for mobile security on the Android platform.

See also the lecture schedule.

Where and when

Please note that this lecture is taught simultaneously at Saarland University and Leibniz University Hannover this year. The lecture schedule and format were adjusted to the respective semester dates of each institution to accommodate participants from both institutions. Please see the details below.

The lectures will take place in the form of a flipped classroom. Lecture videos will be posted online before the class (ca. one week), and the lecture slots will be used to answer and discuss questions about the lecture content. This discussion takes place as a hybrid event with physical attendance at either UdS or LUH every Friday from 10:00 – 12:00. Please consult the lecture schedule for video links, where physical attendance will take place, and Zoom links for online participation.

The lectures will take place between 27.10.2023 and 26.01.2024 (i.e., the overlap in lecture periods between Saarland University and Leibniz University Hannover).

Prerequisites

There are no formal requirements for participation. Students who want to participate in the course should

  • have worked with a smartphone before (e.g., own an Android-based phone, iPhone, etc.)
  • be familiar with programming in Java

Actual programming experience on Android or at the OS level is not a prerequisite but definitively an advantage.

Background in security is also an advantage (e.g., prior participation in the Foundations of Cybersecurity lecture or Security core lecture). However, the necessary knowledge of system design, access control, and network security will be provided in this lecture to put Android's design choices better into context.

Requirements for obtaining credit points (Scheinvergabe)

To pass the course, you need the following minimum amount of points:

  • 50% of the points from the final exam.

The final grade is based purely on your exam results.

The end-term exam will take place:

  • LUH: 20.02.2024 at 08:00–10:00 in 3408.-220 (MZ1)
  • UDS: 22.02.2024 at 10:00–12:00 in the GHH in E2.2

 

The backup exam (ONLY UDS) will take place 22.03.2024 at 10:00–12:00 in HS002 in E1.3

Registration

For all students

Register for the course here in the CISPA CMS. Registration will open on October 01, 2023.

For students of Saarland University

Don't forget to register in the LSF for the exam.

For students of Leibniz University Hannover

Don't forget to register in the QIS for the course and exam.

Privacy Policy | Legal Notice
If you encounter technical problems, please contact Sven Bugiel