A Study of Selected Issues in Android Security

Open Access
Ren, Chuangang
Graduate Program:
Computer Science and Engineering
Doctor of Philosophy
Document Type:
Date of Defense:
May 27, 2016
Committee Members:
  • Sencun Zhu, Dissertation Advisor
  • Peng Liu, Committee Chair
  • Sencun Zhu, Committee Member
  • Wang-Chien Lee, Committee Member
  • Minghui Zhu, Outside Member
  • Android
  • Computer Security
  • Android Security
Mobile devices such as smartphones have become an integral part of society today, shaping people’s daily life, changing the landscape of how business operate and how industries are powered today. However, the unprecedented popularity of mobile devices introduces a concerning side effect, an dramatically increasing number of security threats is posing serious risks to the security of mobile systems and the applications. Notably, one of the most successful mobile systems, Android, has exposed a plethora of vulnerabilities which are actively exploited by a large number of potentially harmful apps (malware, adwares, risk-wares, etc.), most of which are distributed in under-scrutinized third-party Android markets. Mitigating the security threats to Android is non-trivial. There has been considerable efforts in securing Android to achieve the following two complimentary goals: (1) Market-scale detection and identification of problematic apps in an efficient manner, and (2) discovery, analysis of the Android system vulnerabilities, and defense measures against the enabled attacks. In this dissertation, we propose techniques and approaches to solve specific problems in the above two aspects respectively, providing the step stones towards finally achieving these two goals. Specifically, we first present a novel software watermarking scheme, namely Droidmarking, that can efficiently and effectively impede the prevalent software plagiarism (a.k.a app repackaging) problem in the Android markets. Second, we systematically study and propose a new prevalent Android system vulnerability, which, once exploited by an attacker, can lead to serious security breaches of integrity, confidentiality and availability of the graphic user interface (GUI) on an Android device. Finally, we devise a comprehensive and practical solution to protect the GUI sub-system in Android. The defense is able to defeat all know GUI attacks while preserving the original user experience of Android. We plan to further explore Android system and app security towards a more secure ecosystem for Android.