At the end of 2015, Android-based devices are the most sold in the world dominating the market with a solid 84.7% share [1]. A key-aspect in Android's success is the support for third-party applications (or simply apps) creating a very dynamic software landscape accessible through the Google Play marketplace as well as third-party markets.

The rate of Android success is only matched by the increase in malicious activity targeting Android. Between 2011 and 2012 the malware samples targeting Android has gone up of 1000% [2]. At the end of 2012, Android has crashed another record becoming the top target for malicious code overtaking Microsoft's Windows operating system [3]. Currently, Android malware is still on the rising. A recent report by anti-virus vendor Kaspersky [4] indicates that the number of new malicious programs targeting Android has tripled in 2015.

Android is not only dominating the mobile device market (smartphones and tablets), but is also becoming predominant in mission critical support and infotainment car systems. The implication of its security issues can be very important in these areas as well. For instance, through Android malware could find its way to interact with the Can Bus system of a car. Also, Android is very relevant in Internet of Things (IoT) devices where it is being used as OS.

This course will be organised as follows. Firstly, to bring everyone up to speed, we will discuss some relevant access controller models used in Android. Then we will move into details about Android and detailing some of its internals. Next, we will study Android security mechanism and features. We will cover also recent research efforts for enhancing some aspect of Android security framework.

In the last part of the course, we will focus on Android malware highlighting the attack types and providing details of some malware families. One of the common characteristics of Android malware is that most of them use reverse engineering for repackaging benign apps with malicious payloads. In view of this, we will cover some of the recent approaches that deal with app tampering detection and protecting. We will conclude with a Q&A session.

[1] Smartphone OS Market Share, Q3 2015. Available: http://www.gartner.com/newsroom/id/3169417  

[2] Android malware up over 1000% in last three months.  http://www.ibtimes.co.uk/articles/401395/20121105/android-malware-increae-ten-fold.htm .

[3] The changing face of security: Android overtakes windows as top threat. http://www.technologyreview.com/view/508316/the-changing-face-of-security-android overtakes-windows-as-top-threat/

[4] https://public.gdatasoftware.com/Presse/Publikationen/Malware_Reports/G_DATA_MobileMWR_Q1_2015_US.pdf

Learning Objectives:

• Deep understanding of the Android security model
• Understanding of the malware capabilities and how to contrast them
• Know-how to develop robust and secure apps and policies for cyber-physical systems
• An overview of the most recent security approached in Android

About the Instructor:

Dr. Giovanni Russello is an Associate Professor at the University of Auckland. He has worked on access control and cloud security for the past 10 years. In the last 5 years, he has also focused in enhancing the security for the Android OS.

This course builds on the experience gained in the last 3 years where Giovanni has given a similar course at ACSAC 2013, ACSAC 2014, and ACSAC 2015. The course is based on a post-graduate course (20 hours of lectures), taught at his department since 2013. Students who attended this course were very enthusiastic and find it very useful.