Mobile Security

Sven Bugiel

News

Midterm test passing grade changed; midterm test solution and old exams available on CMS

Written on 05.12.25 by Sven Bugiel

After reviewing the results for individual questions and considering other feedback, we decided to change the passing grade to 24 correctly answered questions. This passing grade has been updated in both Moodle and StudIP-ILIAS.

The solution for the midterm test (including the sources from the… Read more

After reviewing the results for individual questions and considering other feedback, we decided to change the passing grade to 24 correctly answered questions. This passing grade has been updated in both Moodle and StudIP-ILIAS.

The solution for the midterm test (including the sources from the lecture slides, exercises, etc.) is available on CMS (Materials -> Old Exams). In the same section, two old final exams are available for review. For LUH students, please note that these exams are from UdS (120min).

During the next flipped classroom, I will present some statistics about the midterm (duration, number of answered questions, etc.).

Midterm test results visible

Written on 05.12.25 by Sven Bugiel

The results should now be visible in Moodle and StudIP-ILIAS.

Midterm test and instructions visible

Written on 01.12.25 (last change on 01.12.25) by Sven Bugiel

The midterm test is now visible in Moodle (UdS) and StudIP-ILIAS (LUH). Please ensure that you can see it and are already familiar with the test instructions before the test begins. You find the instructions in the test entry on Moodle or by clicking on the test in StudIP-ILIAS.

Again, please refer… Read more

The midterm test is now visible in Moodle (UdS) and StudIP-ILIAS (LUH). Please ensure that you can see it and are already familiar with the test instructions before the test begins. You find the instructions in the test entry on Moodle or by clicking on the test in StudIP-ILIAS.

Again, please refer to the instructions for each system (Moodle, StudIP-ILIAS) in the Organizational section of the course materials on CMS to ensure that the necessary workflows (e.g., enrollment on Moodle for UdS students) are set up correctly for you. You can use the Test Quiz to confirm this.

The most crucial information about the midterm test from the instructions:

  • The test consists of 40 multiple-choice questions, and you need to answer 25 correctly to pass.

  • The questions are based on the lecture content available so far (including lecture slides, flipped classroom slides and quizzes, and exercises except for Exercise 6 "UI Deception"). The style and level of the questions are very similar to the flipped classroom quizzes.

  • You have 20 minutes to answer questions.

  • When the allotted 20 minutes expire, or the quiz automatically closes at 10:40, you cannot submit any further answers. Therefore, you should start by 10:20 to utilize the full 20 minutes.

  • You have one attempt to pass the test.

  • Every participant will get the same set of questions, but the order of the questions is randomized for each participant.

We offer an ongoing Zoom call during the midterm test in case of any issues that may arise. The link will be added to Moodle and StudIP-ILIAS shortly before the test begins.

Test quiz on Moodle and StudIP-ILIAS

Written on 24.11.25 by Sven Bugiel

Dear all,
In preparation for the online midterm test on Dec 5, we created a test quiz in Moodle (UdS) and StudIP-ILIAS (LUH). We added instructions for each system in the Organizational section of the course's materials on CMS. Please ensure that these workflows (e.g., enrollment on Moodle for UdS… Read more

Dear all,
In preparation for the online midterm test on Dec 5, we created a test quiz in Moodle (UdS) and StudIP-ILIAS (LUH). We added instructions for each system in the Organizational section of the course's materials on CMS. Please ensure that these workflows (e.g., enrollment on Moodle for UdS students) work for you and that you were able to complete the test quiz. The midterm test will follow the same procedure.

Action item for UdS students: If you intend to take the midterm test, you must enroll in the course on Moodle!

For TUD students who intend to take the midterm test, please contact me separately via email.

Next Flipped Classroom on Nov 21 purely online

Written on 14.11.25 by Sven Bugiel

As announced in the flipped classroom today, the FC on November 21 will be held entirely online via Zoom, with no physical presence possible.

UdS Exam dates fixed

Written on 30.10.25 by Sven Bugiel

Dear UdS Students,
The exam dates have finally been fixed:

End-term exam: 27.02.2026 from 10:00–12:00 in GHH in E2.2
Backup-term exam: 02.04.2026 from 10:00–12:00 in GHH in E2.2

 

Delayed 5th lecture now online

Written on 28.10.25 by Sven Bugiel

The recordings for the 5th lecture (FC on November 7) are now available on YouTube and linked in the lecture schedule on CMS.

Flipped Classroom Oct 24 CANCELED; Next FC is on Nov 07

Written on 23.10.25 by Sven Bugiel

Unfortunately, due to sick leave, the flipped classroom tomorrow, Oct 24, needs to be canceled. The new lecture video will be released at the beginning of next week. The next planned flipped classroom is on November 7.

Video and slides for kick-off are online

Written on 19.09.25 by Sven Bugiel

Dear all, We have published the video and slides for the kick-off. This should help you decide whether to join this course and clarify some issues of its modus operandi.

Best, Sven
Show all
Important notice for the registration of LUH students: The CMS only accepts matriculation numbers with 7 digits. The workaround is to just use the first 7 digits for registration.

About the course

This advanced lecture deals with different fundamental aspects of mobile operating systems and application security, focusing strongly on the popular, open-source Android OS and its ecosystem. In general, the students' awareness and understanding of security and privacy problems in this area are increased. The students learn to tackle current security and privacy issues on smartphones from the perspectives of different security principals in the smartphone ecosystem: end-users, app developers, market operators, system vendors, and third parties (like companies).

The central questions of this course are:

  • What is the threat model from the different principals' perspectives?
  • How are the fundamental design patterns of secure systems and security best practices realized in the design of smartphone operating systems? And how does the multi-layered software stack (i.e., middleware on top of the OS) influence this design?
  • How are hardware security primitives, such as Trusted Execution Environments and trusted computing concepts, integrated into those designs?
  • Which problems and solutions did security research in this area identify in the past half-decade?
  • Which techniques have been developed to empower the end-users to protect their privacy?

The lectures are accompanied by exercises to reinforce the theoretical concepts and to provide an environment for hands-on experience for mobile security on the Android platform.

See also the lecture schedule.

Where and when

Please note that this lecture is taught simultaneously at Saarland University, Technical University Dortmund, and Leibniz University Hannover. To accommodate participants from all institutions, the lecture schedule and format were adjusted to each institution's respective semester dates. Please see the details below.

The lectures will take place in the form of a flipped classroom. Lecture videos will be posted online before the class (ca. one week), and the lecture slots will be used to answer and discuss questions about the lecture content. This discussion takes place as a hybrid event with physical attendance at UdS every Friday from 10:00 – 12:00 and a Zoom meeting for online/remote attendance. Please consult the lecture schedule for video links and Zoom links.

The lectures will take place between 13.10.2025 and 30.01.2026 (i.e., the overlap in lecture periods between Saarland University, Technical University Dortmund, and Leibniz University Hannover).

Prerequisites

There are no formal requirements for participation. Students who want to participate in the course should

  • have worked with a smartphone before (e.g., own an Android-based phone, iPhone, etc.)
  • be familiar with programming in Java

Actual programming experience on Android or at the OS level is not a prerequisite, but definitely an advantage.

Background in security is also an advantage (e.g., prior participation in the Foundations of Cybersecurity lecture or Security core lecture). However, this lecture will provide the necessary knowledge of system design, access control, and network security to better contextualize Android's design choices.

Requirements for obtaining credit points (Scheinvergabe)

To pass the course, you need the following minimum number of points:

  • 50% of the points from the final exam.

The final grade is based purely on your exam results.

Important change in Winter Term 25/26: Admission to the graded exams depends on passing a midterm test, which takes place on 05.12.2025. Registration for this course closes with the midterm test!

The end-term exam will take place:

  • LUH: 24.02.2026 from 8:30–10:00 in 1101.F102
  • UDS: 27.02.2026 from 10:00–12:00 in GHH in E2.2
  • TUD: TBA

The backup exam (only UDS and TUD) will take place:

  • UDS: 02.04.2026 from 10:00–12:00 in GHH in E2.2
  • TUD: TBA

Registration

For all students

Register for the course here in the CISPA CMS. The course will be centrally managed via the CMS (e.g., announcements, course materials, askbot, etc.). Registration closes with the midterm test!

For students of Saarland University

Don't forget to register for the exam in the LSF.

For students of Leibniz University Hannover

Don't forget to register for the course and exam in the QIS.

For students of Technical University Dortmund

Don't forget to register for the course and exam in BOSS.

Privacy Policy | Legal Notice
If you encounter technical problems, please contact Sven Bugiel