Improving Smartphone Security and Reliability

Users are increasingly relying on smartphones, hence concerns such as mobile app security, privacy, and correctness have become increasingly pressing. Software analysis has been successful in tackling many such concerns, albeit on other platforms, such as desktop and server. To fill this gap, he have developed infrastructural tools that permit a wide range of software analyses for the Android smartphone platform. Developing these tools has required surmounting many challenges unique to the smartphone platform: dealing with input non-determinism in sensor-oriented apps, non-standard control ow, low-overhead yet high-fidelity record-and-replay. Our tools can analyze substantial, widely-popular apps running directly on smartphones, and do not require access to the app’s source code. We will first present two tools (automated exploration, record-and-replay) that increase Android app reliability by allowing apps to be explored automatically, and bugs replayed or isolated. Next, we present several security applications of our infrastructure: a permission evolution study on the Android ecosystem; understanding and quantifying the risk posed by URL accesses in benign and malicious apps; app profiling to summarize app behavior; and Moving Target Defense for thwarting attacks.