Catalog Description

Cybercriminals are increasingly targeting mobile platforms, especially those running Android Operating System. This course will introduce common framework and application vulnerabilities exploited by malicious parties and will examine security mechanisms employed by Android platform to defend against the threat - major topics include access control, framework and application security models. The course will further explore recent applications of program analysis techniques aiming to improve Android Security.


  • Name: Yousra Aafer
  • Email: yaafer AT uwaterloo DOT ca
  • Office: DC 3522
  • Office hours: Walk in when door is open or by appointment
  • Location and Time: DC 2568, Wed 01:30PM-4:20PM

Course Requirements

The expectations for all CS 858 students are the following:
  1. Participate: Students are expected to attend every class and actively take part of the classroom discussions.
  2. Read Literature: Assigned papers should be read before each class.
  3. Write Weekly Critiques: Each Student is required to write a peer-review critique (at least 400 words) for all the papers, before the papers are presented in class. A review must include the following aspects: (1) Summary of the problem and how the paper tackles the problem, (2) Details of positive points, (3) Details of negative points or any improvement you can suggest, and (4) list of questions you would like to discuss in class.
  4. Present Literature: Each student is responsible to present two papers in the class for about 20 minutes and lead the discussion. More details about paper presentation expections will be discussed in the introductory section.
  5. Term Project: Students are expected to conduct a research project in security (not necessarly in mobile security), with the major deliverable being a conference-style paper at the end of the semester. Project topics should be discussed outside of class with the professor within the first 3 weeks of class. Projects can be done individually or by groups of two. More details will be discussed in the first class as part of the introductory material.

Paper Selection

Use this signup sheet to select which paper to present (first come first serve). Use your UW email to access it.


Component Weight
Paper Presentations 20%
Classroom Participation 15%
Weekly Critique 25%
Final Project 40% (10% for the Progress Report, 10% for Project Presentation, 20% for Project Artifact)

Policy for Late Submissions

Late submissions within 72 hours will be graded with 15% penalty for each day. Late submissions beyond 72 hours will not be graded. Exceptions may only be granted case by case with strong evidence presented.


Date Topics Lecture Notes Announcement
01/08 Admin Details, Syllabus and Overview
01/15 Framework Access Control:
Extraction and Evaluation
Axplorer: On Demystifying the Android Application Framework: Re-Visiting Android Permission Specification Analysis. (Security'16)
Michael Backes, Sven Bugiel, Erik Derr, Patrick McDaniel, Damien Octeau, and Sebastian Weisgerber.

Precise Android API Protection Mapping Derivation and Reasoning. (CCS'18)
Yousra Aafer, Guanhong Tao, Jianjun Huang, Xiangyu Zhang, and Ninghui Li.

Resolving the Predicament of Android Custom Permissions. (NDSS'18)
Guliz Seray Tuncay, Soteris Demetriou, Karan Ganju, Carl A. Gunter.

01/22 Framework Access Control:
Kratos: Discovering Inconsistent Security Policy Enforcement in the Android Framework. (NDSS'16)
Y. Shao, J. Ott, Q. A. Chen, Z. Qian, and Z.M. Mao.

Invetter: Locating Insecure Input Validations in Android Services. (CCS'18)
Lei Zhang, Zhemin Yang, Yuyu He, Zhenyu Zhang, Zhiyun Qian, Geng Hong, Yuan Zhang, and Min Yang.

50 Ways to Leak Your Data: An Exploration of Apps’ Circumvention of the Android Permissions System. (Security'19)
Joel Reardon, Álvaro Feal, Primal Wijesekera, Amit Elazari Bar On, Narseo Vallina-Rodriguez, and Serge Egelman.

01/29 Mobile App Vulnerabilities:
Customization and Automization Hazards

Project Proposals Due.
Hare Hunting in the Wild Android: A Study on the Threat of Hanging Attribute References. (CCS'15)
Yousra Aafer, Nan Zhang, Zhongwen Zhang, Xiao Zhang, Kai Chen, XiaoFeng Wang, Xiaoyong Zhou, Wenliang Du, and Michael Grace.

The Rise of the Citizen Developer: Assessing the Security Impact of Online App Generators. (Oakland'18)
Marten Oltrogge‡, Erik Derr‡, Christian Stranksy‡, Yasemin Acar, Sascha Fahl, Christian Rossow‡, Giancarlo Pellegrino‡, Sven Bugiel‡ and Michael Backes‡.

Total Recall: Persistence of Passwords in Android. (NDSS'19)
Jaeho Lee, Ang Chen and Dan S. Wallach.

02/05 Mobile App Vulnerabilities
Leaks and UI Vulnerabilities
Geo-locating Drivers: A Study of Sensitive Data Leakage in Ride-Hailing Services. (NDSS'19)
Qingchuan Zhao, Chaoshun Zuo, Giancarlo Pellegrino, and Zhiqiang Lin.

Phishing Attacks on Modern Android. (CCS'18)
Simone Aonzo, Alessio Merlo, Giulio Tavella, and Yanick Fratantonio.

Cloak and Dagger: From Two Permissions to Complete Control of the UI Feedback Loop. (Oakland'17)
Yanick Fratantonio, Chenxiong Qian, Simon P. Chung, and Wenke Lee.

02/12 Web/Mobile App Security Time Does Not Heal All Wounds: A Longitudinal Analysis of Security-Mechanism Support in Mobile Browsers. (NDSS'19)
Meng Luo, Pierre Laperdrix, Nima Honarmand, and Nick Nikiforakis.

Mobile Application Web API Reconnaissance: Web-to-Mobile Inconsistencies & Vulnerabilities. (Oakland'18)
Abner Mendoza and Guofei Gu.

Unleashing the Walking Dead: Understanding Cross-App Remote Infections on Mobile WebViews. (CCS'17)
Tongxin Li, Xueqiang Wang, Mingming Zha, Kai Chen, XiaoFeng Wang, Luyi Xing, Xiaolong Bai, Nan Zhang, and Xinhui Han.

02/19 No Class Spend Time on Progress Report.
02/26 No Class (Conference Travel)

Progress Report Due.
03/04 Vulnerability Vetting and Detection:
JN-SAF: Precise and Efficient NDK/JNI-aware Inter-language Static Analysis Framework for Security Vetting of Android Applications with Native Code. (CCS'18)
Fengguo Wei, Xingwei Lin, Xinming Ou, Ting Chen, and Xiaosong Zhang.

FlowCog: Context-aware Semantics Extraction and Analysis of Information Flow Leaks in Android Apps. (Security'18)
Xiang Pan, Yinzhi Cao, Xuechao Du, Boyuan He, Gan Fang, and Yan Chen.

Finding Clues for Your Secrets: Semantics-Driven, Learning-Based Privacy Discovery in Mobile Apps. (NDSS'18)
Yuhong Nan, Zhemin Yang, Xiaofeng Wang, Yuan Zhang, Donglai Zhu and Min Yang.

03/11 Security Enhancement of Android OS:
Framwork / App Layers
DroidCap: OS Support for Capability-based Permissions in Android. (NDSS'19)
Abdallah Dawoud and Sven Bugiel.

InstaGuard: Instantly Deployable Hot-patches for Vulnerable System Programs on Android. (NDSS'18)
Yaohui Chen, Yuping Li, Long Lu, Yueh-Hsun Lin, Hayawardh Vijayakumar, Zhi Wang, and Xinming Ou.

WindowGuard: Systematic Protection of GUI Security in Android. (NDSS'17)
Chuangang Ren, Peng Liu, and Sencun Zhu.

03/18 IoT Security: Evaluation SoK: Security Evaluation of Home-Based IoT Deployments. (Oakland'19)
Omar Alrawi, Chaz Lever, Manos Antonakakis, and Fabian Monrose.

Security Analysis of Emerging Smart Home Applications. (Oakland'16)
Earlence Fernandes, Jaeyeon Jung, and Atul Prakash.

Dangerous Skills: Understanding and Mitigating Security Risks of Voice-Controlled Third-Party Functions on Virtual Personal Assistant Systems. (Oakland'19)
Nan Zhang, Xianghang Mi, Xuan Feng, XiaoFeng Wang, Yuan Tian, and Feng Qian.

03/25 IoT Security: Vetting and Security Enhancement IoTFuzzer: Discovering Memory Corruptions in IoT Through App-based Fuzzing. (NDSS'17)
Jiongyi Chen, Wenrui Diao, Qingchuan Zhao, Chaoshun Zuo, Zhiqiang Lin, XiaoFeng Wang, Wing Cheong Lau, Menghan Sun, Ronghai Yang, and Kehuan Zhang.

Rethinking Access Control and Authentication for the Home Internet of Things (IoT). (Security'18)
Weijia He, Maximilian Golla, Roshni Padhi, Jordan Ofek, Markus Durmuth, Earlence Fernandes, and Blase Ur.

ContexIoT: Towards Providing Contextual Integrity to Appified IoT Platforms.(NDSS'17)
Yunhan Jack Jia, Qi Alfred Chen, Shiqi Wang, Amir Rahmati, Earlence Fernandes, Z. Morley Mao, and Atul Prakash.

04/01 Project Presentations Final Report DUE APR 8