/Teaching/Mobile Security/Assignments/Task 2 – Suggested Topics
Task 2 – Suggested Topics
Each of the following topics can be done in groups of max. 3 people. If none of these topics sounds appealing to you, propose your own idea and we can see if it fits into the ensemble. All listed projects can also be worked on independently by max. 2 groups per project.
Important note: Obviously, the subsequent list provides only a very short abstract of every project. In case something sounds appealing but you do not fully understand what the topic is about, do not hesitate to come to me after the lecture and I will gladly explain it! Also, if you are uncertain how to proceed, please just ask me after the lecture and do not wait until the last week before the deadline!
Hint: For all projects where Android applications have to be reverse-engineered, please use jadx, Apktool or something equivalent. These tools greatly simplify the job.
Topics
| Working Title | Description |
|---|---|
| Analysis of Google Device Migration | When setting up a new Android device, Google offers a tool for migrating data from an old Android or iOS device to the new Android device. While such a feature incentivises more frequent device upgrades, it poses interesting privacy challenges. In this project, your task is to reverse-engineer the migration implementation with a focus on security and privacy. You will likely have to set up a rooted Android phone or emulator instance, and use Frida to trace method calls inside Google Play service. You will also use JADX to decompile relevant parts of Google Play services. The result of this project is a detailed report of your findings. In particular, it should answer what lower-level transfer technology is used, how pairing is accomplished, whether transmitted data is encrypted, and how the encryption keys are negotiated/derived. |
| Assigned: Knezevic, Stjepanovic | |
| Assigned: Knipfer, Thangarasu, Treu | |
| Large-Scale App Analysis from Google Play | On Android, applications signed with vendor certificates can be granted a large number of powerful permissions that third-party applications normally cannot obtain. Although vendors are urged to only sign their own preinstalled apps with these keys, they sometimes also sign apps that can be installed from app stores, sometimes even from third-party developers. In this project, you write an automated APK analysis tool that you run on a seizable portion of apps available from Google Play. Luckily, the AndroZoo project (you will have to request a free API key) already collects apps that you can use, so you can focus on the analysis aspect. If you choose this topic, make sure you start well ahead of the deadline, since the analysis will take a few days. The result of this project is a report of your findings, i.e. how many and which apps you found signed with vendor keys, and what powerful (platform) permissions they use. |
| Assigned: Sulçe, Sulçe | |
| Assigned: Berchtold, Pistauer | |
| Analysis of Samsung Engineering Mode | Samsung devices contain an engineering mode that allows configuring certain aspects of system components and preinstalled apps even on production devices. In this project, you carry out an extensive online research and on-device investigation (including reverse-engineering of system components) to figure out the scope and functionality of this hidden feature. The result of this project is a detailed report documenting your approach and findings. |
| Assigned: Sanchez, Shvets | |
| Assigned: | |
| Solve Android Hacklets | Security researcher Yanick Fratantonio assembled Android hacklet challenges on his website here. For assignment 2, your task is to solve as many of these challenges as possible (solve at least 18 + (# of group members) of the 21 challenges for grade 1). The result of this project is a detailed report documenting your solutions for the challenges you solved (include the flags you found for each challenge!). For the presentation, you describe the exploited vulnerabilities and your solution for 3 x (# of group members) hacklets of your choice. |
| Assigned: Edlinger, Kandler | |
| Assigned: Second team not allowed for this project! | |
| Linux: Analysing an Embedded Linux device | Many IoT devices run a simple Linux-based operating system. They therefore present a very interesting possibility for studying various security-related concepts that directly translate to larger Linux-based embedded systems such as Android. As part of this project, you analyse an embedded Linux IoT device of your choice to shed light on its internal operation and identify potential security vulnerabilities. The following aspects will have to be covered:
Helpful tools: Ghidra, ssh, strace, gdb Note: If you choose this topic, please contact me in advance about the IoT device you intend to analyse! |
| Assigned: | |
| Assigned: | |
| Analyse Amazon App Store | When developers upload their apps to Amazon App Store, the submitted file is stripped of its original app signature, modified to add Amazon-proprietary code, and finally signed with a new certificate generated by Amazon. In this project, you investigate the extent of the modifications. In particular, you explore how the injected Amazon code influences the app’s data privacy and whether the changes are accurately reflected in the data protection section of individual apps inside Amazon App Store. The result of this project is a detailed report documenting your findings. |
| Assigned: Mathie, Zwanzger | |
| Assigned: Pettersen, Pischler | |
| Notification Forwarder (P2P) | Develop an iOS/Android application that forwards notifications from a mobile device to your computer. The connection should be peer to peer. Pay special attention to how you secure the connection: How is confidentiality ensured? How are keys exchanged? Where are they stored? Can you prevent replay attacks or MITM attacks? Your submission should consist of a report discussing your design decisions and the source codes for server and app component. |
| Assigned: Radic, Martinz, Panzitt | |
| Assigned: Koppensteiner, Thorbauer | |
| Analysis of Huawei Phone Clone / Honor Device Clone | When setting up a new Android device, Honor and Huawei offer a tool for migrating data from an old device to the new Android device. While such a feature incentivises more frequent device upgrades, it poses interesting privacy challenges. In this project, your task is to reverse-engineer Huawei’s or Honor’s migration implementation with a focus on security and privacy. You will likely have to set up a rooted Android phone or emulator instance, and use Frida to trace method calls. You will also use JADX for app decompilation. The result of this project is a detailed report of your findings. In particular, it should answer what lower-level transfer technology is used, how pairing is accomplished (where passwords come from), whether transmitted data is encrypted, and how the encryption keys are negotiated/derived. |
| Assigned: | |
| Assigned: | |
| Use FlowDroid to automatically check Data Safety Section | FlowDroid is a static analysis tool that implements taint tracking. This technique allows determining whether execution flows exist between a given source method and a given sink method. In this project, you will write a custom Java tool based on FlowDroid. It will use FlowDroid’s taint tracking capabilities to automatically identify information flows from source methods related to one of the data points mentioned in the Data Safety section of each analysed app (e.g. Location data) to a set of sink methods related to Internet communications. You will run this automated tool against a set of at least 100 popular apps from Google Play (use the ranking published on Google Play). You can retrieve APK files from the AndroZoo project (you will have to request a free API key). If you choose this topic, make sure you start well ahead of the deadline, since the analysis will take some time. The result of this project is your implementation and a report of your findings, i.e. what analysis you implemented, which apps you analysed, what data flows you found that are not declared in the Data Safety Section, … |
| Assigned: Sternig | |
| Assigned: | |
| Secure Proximity-Based Authentication System | In this project, the goal is to develop a secure proximity-based authentication system. This system will utilize a mobile phone as an authentication key for other devices, such as smart locks, computers, or IoT devices. The objective is to design and implement a secure protocol that verifies physical proximity while safeguarding against relay attacks and other security threats. The implementation will consist of two components: a mobile authenticator app and the authenticatee device logic. It is required to address several challenges, including secure pairing, mutual authentication, distance bounding, and protection against eavesdropping and replay attacks. Additionally, various proximity technologies (Bluetooth, NFC, ultrasound, etc.) have to be considered and their practicality evaluated. The final deliverable of this project will be a working prototype implementation, accompanied by a report that documents the system design decisions, security analysis, and implementation details. |
| Assigned: Burtscher, Gugacs, Heinemann | |
| Assigned: Calkic, Frolla, Örtengren | |
| In-Depth Analysis of Studo |
This project centers on conducting a detailed analysis of the recent Android version of the Studo app. The analysis focuses on its data-gathering mechanisms, forum system, and account registration process. You will also explore the feasibility of creating an alternative client for accessing Studo services. As part of the project, you will also verify whether issues found in earlier app versions still persist in the latest version and discuss some legal aspects regarding this topic. The result of this project is a detailed report documenting the results of the investigation points described above and the source code for a simple alternative client prototype.
|
| Assigned: Felix, Lienbacher, Stoppacher |