Please note: This PhD defence will take place online.
Parjanya Vyas, PhD candidate
David R. Cheriton School of Computer Science
Supervisors: Professors N. Asokan, Yousra Aafer
Android’s open-source design and extensive customization have fueled its dominance across smartphones, automotive systems, wearables, and other domains. This flexibility, however, introduces serious security challenges, particularly in the enforcement of AC. Prior research has investigated inconsistencies within the framework, across layers, and across Android versions, yet important gaps remain—especially in detecting Original Equipment Manufacturer (OEM)-introduced data-driven customizations, replicated APIs, and domain-specific adaptations (e.g., automotive) that are difficult to capture with existing techniques.
This dissertation investigates how Android contextual features can be systematically leveraged to uncover AC vulnerabilities that evade prior analyses. I present four main contributions:
- Bluebird — a probabilistic inference framework that derives AC requirements from application-side sensitivity indicators (UI cues and app-side AC). By fusing NLP- driven signals with static analysis, Bluebird identifies APIs whose protections do not match implied sensitivity. Applied to 14 ROMs, Bluebird flagged 391 likely under-protected private APIs.
- Ariadne — a static-analysis based technique built around a novel AC dependency graph abstraction that models explicit and inferred AC relationships among framework data holders. Ariadne detects inconsistencies introduced by data-driven vendor customizations that traditional tools miss. Evaluated on AOSP and vendor ROMs, it discovered 30 unique inconsistencies and enabled 13 proof-of-concept exploits.
- RepFinder — a large-scale measurement pipeline that identifies duplicated or “Replica” APIs created via copy-paste editing and evaluates their AC enforcement. Analyzing 342 ROMs from 10 vendors, RepFinder found replication to be widespread (≈141 Replicas/ROM on average) and that a significant fraction (∼37% on average) of Replicas are under-protected.
- AutoAcRaptor — a domain-specific static analysis framework for Android Automotive OS (AAOS) that identifies automotive entry points and evaluates both AC and feature-check enforcement. Applied to 10 AAOS ROMs, AutoAcRaptor reported an average of 23 auto feature and AC anomalies per ROM; several vendor-acknowledged issues demonstrate practical impact.
Collectively, these contributions show that Android contextual features—from app-side sensitivity indicators to framework data holders and domain-specific service registrations—can be systematically harnessed to reveal overlooked AC vulnerabilities. They also demonstrate that techniques for identifying framework customization-induced vulnerabilities can be adapted to emerging Android-based domains such as AAOS by accounting for platform-specific differences.
Beyond these immediate contributions, this work opens two broader research directions. First, the contextual features explored in this work may not be exhaustive. Future research should aim to identify additional contextual signals—potentially through automated discovery—and explore an integration framework that makes it easy to incorporate new analyses into a unified solution. Second, the adaptation of these techniques to other Android-based platforms remains an open challenge. While AutoAcRaptor demonstrates feasibility for Android Automotive, other platforms such as Android TV, Wear OS, and Android XR present unique differences that require dedicated investigation to determine how well these methods generalize and what extensions are needed.