Android Security: Taming the Complex Ecosystem

Android Security: Taming the Complex Ecosystem

The Android ecosystem is immense, represents a diverse manifold of use cases and participants, and is therefore highly complex. At the same time, Android primarily targets end-users and acts as the gateway to digital services for a majority of often …

Android security trade-offs 1: Root access

Android security trade-offs: Rooting “Rooting” has been part of the Android ecosystem pretty much since its creation. Within the context of this blog post, I define rooting as a method to disable standard sandboxing mechanisms for particular processes, which is a superset of Nick Kralevich’s earlier definition because many posts mix up the intentional, user-driven root access with exploitation of vulnerabilities. In this post I mean granting select apps and their processes the “root” privilege, which entitles them to ignore access control mechanisms on the system and kernel levels.

Android security trade-offs 0: Ecosystem complexity

Android security trade-offs The Android ecosystem is highly diverse, complex, and has many different stakeholders typically not visible in the limelight. Consequently, making decisions about features in the platform itself — what we call AOSP (Android Open Source Project) — is hard, and often in surprising ways. Over a year and a half ago, I came to Google as the new Director of Android Platform Security. Even though my research group had been working on Android security for over 7 years, many of those complexities were completely new to me.

Insider Attack Resistance in the Android Ecosystem

The threat model for a mobile device ecosystem is complex. In addition to the obvious physical attacks on lost or stolen devices and malicious code threats, typical mobile devices integrate a significant amount of code from different organizations …


[Finished] Enabling IPv6 address privacy on Android devices.

Josef Ressel Center u'smile

[Finished Sept. 2017] Research Center for User-friendly Secure Mobile Environments

Android Exploit Framework

[Finished] Android on-device permanent root exploit framework

IPsec/L2TP gateway for Android and iPhone clients on OpenWRT

How to set up an OpenWRT router/gateway as an IPsec/L2TP gateway for Andoid and iPhone clients The only “reasonable” (that is, not counting PPTP due to its known security issues) VPN protocol supported by default on non-rooted / non-jailbroken Android / iPhone phones as clients is the combination of IPsec and L2TP. Most probably, this was chosen due to its out-of-the-box support by newer Windows clients and MacOS/X as well.

Private Notes

[Finished] Cross-platform end-to-end encrypted note-taking app

Howto create a Debian chroot on an Android phone

Howto create a Debian chroot on an Android phone (HTC Desire and Motorola Milestone) This page will grow once I have everything running, but this is a starting point:… [HTC Desire, unbranded, European version]: Flashed (pre-rooted and with busybox included) firmware from…, taking file On a Debian squeeze (amd64, but with i386 it will be similar) box: sudo apt-get install debchroot qemu-user Download qemu-arm-static from http://packages.