Mobile Security

Sven Bugiel

News

LUH Students: Please check your QIS entries

Written on 28.03.25 by Sven Bugiel

Dear LUH students,

The exam results are finally entered into the QIS. Since the transfer involved some manual work, please double-check that your grade in QIS is as expected and that no error occurred during the transfer between CMS and QIS. Please contact me if there is a deviation.

Thanks!
Sven

Correct Backup Exam Date

Written on 21.03.25 by Sven Bugiel

Correction to the last news: the backup exam is of course on Thursday, 27.03.2025, between 10:00–12:00 in GHH in E2.2. NOT Friday. 

UdS Students: Backup Exam info

Written on 21.03.25 by Sven Bugiel

Dear participants from UdS,

All UdS students registered in LSF/HISPOS have been assigned a seat for the backup exam on Friday, 27.03.2025, between 10:00–12:00 in GHH in E2.2.

Please check the CMS for your assigned seat. If you can't register in LSF (e.g., Erasmus, non-CS department, etc.) but… Read more

Dear participants from UdS,

All UdS students registered in LSF/HISPOS have been assigned a seat for the backup exam on Friday, 27.03.2025, between 10:00–12:00 in GHH in E2.2.

Please check the CMS for your assigned seat. If you can't register in LSF (e.g., Erasmus, non-CS department, etc.) but intend to attend the exam, please contact me ASAP so I can assign you a seat.

Recap for Re-Exam

Written on 21.03.25 by Sven Bugiel

We added a 40-minute recap lecture to the "2 Lecture notes" section of the course materials, in which I explained again some lecture content that we noticed was frequently misunderstood in the end-term exam.

LUH Grades in CMS

Written on 17.03.25 by Sven Bugiel

The exam results at LUH are now in the CMS. The exam inspection will take place on Friday, Mar 21, 13:00–16:00 online via the BigBlueButton from Stud.Ip of LUH. Please book your slot via the corresponding link under the "Organizational" section of the course materials. A link to the call will posted… Read more

The exam results at LUH are now in the CMS. The exam inspection will take place on Friday, Mar 21, 13:00–16:00 online via the BigBlueButton from Stud.Ip of LUH. Please book your slot via the corresponding link under the "Organizational" section of the course materials. A link to the call will posted in the next days.

UdS Grades in LSF

Written on 17.03.25 by Sven Bugiel

Saving the grades in LSF last week did not work. They are saved now, and you can register now for the re-exam.

UdS Exam Results in CMS

Written on 11.03.25 by Sven Bugiel

Dear all, 

The results of the end-term exam at UdS are now in the CMS. (@LUH Students: we prioritized the UdS exam correction to give them enough time to sign up for the backup exam; your results come later this week)

If you participated in the UdS exam, ensure you have points listed in the… Read more

Dear all, 

The results of the end-term exam at UdS are now in the CMS. (@LUH Students: we prioritized the UdS exam correction to give them enough time to sign up for the backup exam; your results come later this week)

If you participated in the UdS exam, ensure you have points listed in the CMS.

For UdS students, we offer the exam inspection next Monday, March 17, between 13.00 and 16.00 in room 0.07 at CISPA. Please book your slot via the Doodle link in the "Organizational" section of the course materials in CMS. Only book your slot if you intend to show up.

We'll enter the current results in the LSF tomorrow, so you can sign up for the backup exam if you wish.

Exam @ UdS on Feb 28

Written on 24.02.25 by Sven Bugiel

Dear all, the end-term exam at Saarland University will take place this Friday, Feb 28, between 10 and 12 in Günter-Hotz-Hörsaal (GHH) in E2.2. The exam starts sharp at 10:00, so be there early enough to take your seat.

Due to the high number of registrations, we assigned every student who… Read more

Dear all, the end-term exam at Saarland University will take place this Friday, Feb 28, between 10 and 12 in Günter-Hotz-Hörsaal (GHH) in E2.2. The exam starts sharp at 10:00, so be there early enough to take your seat.

Due to the high number of registrations, we assigned every student who registered in LSF (or via email for Erasmus/PhD students) a fixed seat. You can find your assigned seat in your CMS account. If you registered for the exam, please check that you are marked as registered in your CMS account and have been assigned a seat. If you are not marked as registered or don't have a seat but think you registered, contact us ASAP.

Again, please note that the exam is closed-book and closed-notes.

Exam @ LUH on Feb 25

Written on 20.02.25 by Sven Bugiel

Dear LUH students, the exam in Hannover will take place on Tuesday, Feb 25 next week. Please be at 1101.F102 around 8:00. The exam will start at 08:15.

Again, please note that the exam is closed-book and closed-notes.

See you next week in Hannover.

Correction to Final_2122_1_Solution

Written on 31.01.25 by Sven Bugiel

Please note that there was a correction to Answer 3.1 in Final_2122_1_Solution. The new PDF is now online.

Course Evaluation

Written on 18.01.25 by Sven Bugiel

Dear all,

Course evaluations are currently taking place at Saarland University. Thank you if you already answered the survey during the last flipped classroom. Otherwise, we would ask for your feedback via the link posted under "1 Organisational" in the course materials. The link is valid until Jan… Read more

Dear all,

Course evaluations are currently taking place at Saarland University. Thank you if you already answered the survey during the last flipped classroom. Otherwise, we would ask for your feedback via the link posted under "1 Organisational" in the course materials. The link is valid until Jan 26. Thank you for taking the time!

Cheers,
Sven

Delayed content from last week now online

Written on 09.12.24 by Sven Bugiel

The delayed lecture videos and slides are now online and linked in the lecture schedule/course materials. I also linked a video about the practical task of Exercise 06 on UI Deception in the lecture schedule.

No flipped classroom tomorrow

Written on 05.12.24 by Sven Bugiel

Dear all,

Due to sickness the flipped classroom tomorrow (06.12.) cannot take place. I will try to upload a video about the exercise solution by the beginning of next week. Also, the release of the new lecture video will likely be delayed until Monday or Tuesday next week.

Best,
Sven

Update to Exercise 6 sheet

Written on 03.12.24 by Sven Bugiel

Task 2 of Exercise 6 was updated since a few pieces of information were missing from the sheet.

Change in Lecture Schedule for Nov 01 to Nov 15

Written on 27.10.24 by Sven Bugiel

Dear all,

Please notice a change in the Lecture Schedule:

  • The Flipped Classroom on 08.11. will be offered, and the topic is 05 Security Architecture III: Role of Binder IPC and Solution to Exercise 02 (i.e., please watch the lecture videos released last Friday until then)
  • This coming week… Read more

Dear all,

Please notice a change in the Lecture Schedule:

  • The Flipped Classroom on 08.11. will be offered, and the topic is 05 Security Architecture III: Role of Binder IPC and Solution to Exercise 02 (i.e., please watch the lecture videos released last Friday until then)
  • This coming week (01.11.), due to the public holiday, no new lecture video and exercise will be released, and no Flipped Classroom will take place
  • The lecture on 06 Security Architecture IV: Mandatory Access Control and Exercise 03 will be discussed in the Flipped Classroom on 15.11.

See you again on Nov 08. Enjoy the long weekend and Halloween.
Sven

Today's material and new lecture and exercise online

Written on 25.10.24 by Sven Bugiel

As usual, in the material section and the lecture schedule.

Flipped classroom, lecture, and exercise published

Written on 18.10.24 by Sven Bugiel

The material for today's flipped classroom, the link to its recording, and the lecture video for next week are now online in the CMS. The first exercise sheet is also online.

You can find the video links in the Lecture Schedule and the PDFs under Materials.

Exam dates confirmed

Written on 16.10.24 by Sven Bugiel

The exam dates have been confirmed:

The end-term exam will take place:

  • LUH: 25.02.2025 from 8:00–10:00 in 1101.F102,
  • UDS: 28.02.2025 from 10:00–12:00 in GHH in E2.2

The backup exam (ONLY UDS) will take place: 27.03.2025 from 10:00–12:00 in GHH in E2.2

First lectures online

Written on 13.10.24 by Sven Bugiel

Dear all,

The lecture material for the first lectures is online. Please note that the first week is very dense in content, but it will relax more in the next weeks. This first week contains the Kick-off lecture, a lecture and crash course on Android Basics (in case you haven't worked yet with… Read more

Dear all,

The lecture material for the first lectures is online. Please note that the first week is very dense in content, but it will relax more in the next weeks. This first week contains the Kick-off lecture, a lecture and crash course on Android Basics (in case you haven't worked yet with Android apps), and the first lecture on Android's security architecture.

The PDFs for the lectures are under "Information -> Materials," and the links to the recorded lectures on YouTube are under "Information -> Lecture schedule."

See you in person or via Zoom for the first flipped classroom on Friday.

Cheers,
Sven
Show all
Important notice for the registration of LUH students: The CMS enforces a matriculation number with 7 digits. Since this isn't configurable, we suggest registering with a slightly modified matriculation number (e.g., 10001234 -> 1001234). Registration for the exam is done with the systems of the LUH where the correct matriculation number can be used.

About the course

This advanced lecture deals with different fundamental aspects of mobile operating systems and application security, focusing strongly on the popular, open-source Android OS and its ecosystem. In general, the awareness and understanding of the students for security and privacy problems in this area are increased. The students learn to tackle current security and privacy issues on smartphones from the perspectives of different security principals in the smartphone ecosystem: end-users, app developers, market operators, system vendors, and third parties (like companies).

The central questions of this course are:

  • What is the threat model from the different principals' perspectives?
  • How are the fundamental design patterns of secure systems and security best practices realized in the design of smartphone operating systems? And how does the multi-layered software stack (i.e., middleware on top of the OS) influence this design?
  • How are hardware security primitives, such as Trusted Execution Environments and trusted computing concepts, integrated into those designs?
  • Which problems and solutions did security research in this area identify in the past half-decade?
  • Which techniques have been developed to empower the end-users to protect their privacy?

The lectures are accompanied by exercises to reinforce the theoretical concepts and to provide an environment for hands-on experience for mobile security on the Android platform.

See also the lecture schedule.

Where and when

Please note that this lecture is taught simultaneously at Saarland University and Leibniz University Hannover. To accommodate participants from both institutions, the lecture schedule and format were adjusted to the respective semester dates of each institution. Please see the details below.

The lectures will take place in the form of a flipped classroom. Lecture videos will be posted online before the class (ca. one week), and the lecture slots will be used to answer and discuss questions about the lecture content. This discussion takes place as a hybrid event with physical attendance at UdS every Friday from 10:00 – 12:00 and a Zoom meeting for online/remote attendance. Please consult the lecture schedule for video links and Zoom links.

The lectures will take place between 18.10.2024 and 31.01.2025 (i.e., the overlap in lecture periods between Saarland University and Leibniz University Hannover).

Prerequisites

There are no formal requirements for participation. Students who want to participate in the course should

  • have worked with a smartphone before (e.g., own an Android-based phone, iPhone, etc.)
  • be familiar with programming in Java

Actual programming experience on Android or at the OS level is not a prerequisite but definitively an advantage.

Background in security is also an advantage (e.g., prior participation in the Foundations of Cybersecurity lecture or Security core lecture). However, the necessary knowledge of system design, access control, and network security will be provided in this lecture to put Android's design choices better into context.

Requirements for obtaining credit points (Scheinvergabe)

To pass the course, you need the following minimum amount of points:

  • 50% of the points from the final exam.

The final grade is based purely on your exam results.

The end-term exam will take place:

  • LUH: 25.02.2025 from 8:00–10:00 in 1101.F102,
  • UDS: 28.02.2025 from 10:00–12:00 in GHH in E2.2

The backup exam (ONLY UDS) will take place: 27.03.2025 from 10:00–12:00 in GHH in E2.2

Registration

For all students

Register for the course here in the CISPA CMS. Registration will open on October 01, 2024.

For students of Saarland University

Don't forget to register in the LSF for the exam.

For students of Leibniz University Hannover

Don't forget to register in the QIS for the course and exam.

Privacy Policy | Legal Notice
If you encounter technical problems, please contact Sven Bugiel