1

HanGuard: SDN-driven protection of smart home WiFi devices from malicious mobile apps

A new development of smart-home systems is to use mobile apps to control IoT devices across a Home Area Network (HAN). As verified in our study, those systems tend to rely on the Wi-Fi router to authenticate other devices. This treatment exposes them …

Ghost Installer in the Shadow: Security Analysis of App Installation on Android

Android allows developers to build apps with app installation functionality themselves with minimal restriction and support like any other functionalities. Given the critical importance of app installation, the security implications of the approach …

Draco: A System for Uniform and Fine-grained Access Control for Web Code on Android

In-app embedded browsers are commonly used by app developers to display web content without having to redirect the user to heavy-weight web browsers. Just like the conventional web browsers, embedded browsers can allow the execution of web code. In …

Free for All! Assessing User Data Exposure to Advertising Libraries on Android

Many studies focused on detecting and measuring the security and privacy risks associated with the integration of advertising libraries in mobile apps. These studies consistently demonstrate the abuses of existing ad libraries. However, to fully …

What's in Your Dongle and Bank Account? Mandatory and Discretionary Protection of Android External Resources

The pervasiveness of security-critical external resources (e.g accessories, online services) poses new challenges to Android security. In prior research we revealed that given the BLUETOOTH and BLUETOOTH_ADMIN permissions, a malicious app on an …

Inside Job: Understanding and Mitigating the Threat of External Device Mis-Bonding on Android

Today’s smartphones can be armed with many types of external devices, such as medical devices and credit card readers, that enrich their functionality and enable them to be used in application domains such as healthcare and retail. This new …

Identity, location, disease and more: inferring your secrets from android public resources

The design of Android is based on a set of unprotected shared resources, including those inherited from Linux (e.g., Linux public directories). However, the dramatic development in Android applications (app for short) makes available a large amount …

Content creation by end users for location-sensitive mobile educational games

In this paper we discuss the use of social media as tools for collaboratively creating content for location-sensitive mobile educational games. One of the main challenges for the broader adoption of location-based mobile games for learning is the …