The introduction of smart phones in 2008 forever changed the way users
interact with data and computation. These platforms and the network and
cloud services supporting them have led to a renaissance of mobile
computing. At the same time, changes in the nature of personal computing
heightens concerns about security and privacy. Such concerns prompted an
ongoing area of scientific study exploring smartphone and application
security. Through these efforts, the technical community has become
increasingly aware that applications can (and in many cases have) work
against the user's best interests and house new forms of malware.
This talk explores the genesis and evolution of academic research efforts in evaluating smartphone application security over the first eight years of its existence. A retrospective view of how the community's understanding of application security has changed over the years is provided, with a focus on the scientific questions asked and the methods used. We highlight a range of analysis techniques that extract software structures and behaviors from smartphone applications, and describe several studies that identified important security and privacy concerns. The talk concludes by considering the realities of current mobile apps and markets and identifies challenges in preventing misuse of smartphones.
Date: Monday April 18, 2016 |