Security and Privacy Analysis of Android System
According to the statistics of statcounter, in the second quarter of 2023, Android maintains the most popular mobile stsyem with a market share of 70.9%. Such popularity makes security and privacy a high-profile issue. When new Android system functions or apps are released, attackers often shed light on the vulnerabilities of these targets and exploit them to cause security/privacy issues. As such, we aim to minimize the security/privacy gap between attacks and a secure system. Our research topics include Android IME, accessibility services, defense againt Android malware evasion, app virtualization, etc.
Android IME Privacy Leakage Analyzer
Our research about Android IME privacy is published as a poster in 41st IEEE Symposium on Security and Privacy conference. Since users use IMEs to type everything on Android devices, including sensitive information such as credit card numbers and passwords, the privacy of user input becomes a huge concern. We build a tool called IMEAnalyzer that can help users test and analyze the privacy leakage of IMEs. IMEAnalyzer is composed of three components, a testing server, a client application on the mobile, and two loggers. When users provide package names of IMEs, the analyzer automatically tests whether keylogging and other privacy leakage exists.
Publications
- POSTER: Android IME Privacy Leakage Analyzer P. Lo, J.-C. Huo, H.-C. Hsiao, B. Sun, T. Ban, T. Takahashi In IEEE Symposium on Security and Privacy (IEEE S&P), May 2020.
- PluginPermCheck: Preventing Permission Escalation in App Virtualization S.-C. Hsiao, H.-C. Hsiao In IEEE Symposium on Security and Privacy (IEEE S&P), May 2022.