Empirical studies in mobile security and privacy
- Mobile devices have become a dominant way that consumers interact with computing. Alongside the growth of mobile computing has been the popularization of a new software distribution method: the "app store''. In addition to representing a major shift in the distribution model of consumer software, app stores are a major opportunity for improving the measurement of the security and privacy properties of mobile computing. App stores provide uniform access to massive datasets of apps and include valuable app metadata that cannot be obtained by examining app code. This property makes it possible to obtain extremely highly quality samples of the entire mobile app ecosystem, study security threats at a population-level scale, and understand non-technical trends and correlates in security vulnerabilities in a manner that is difficult or impossible in other software domains. App stores also provide a platform to collect data about mobile devices and their users through the distribution of mobile apps. Because of the ubiquity of mobile computing, this approach allows for the easy collection of rich datasets of user information. In this dissertation I leverage datasets obtained using app stores to perform three large scale experiments in mobile security and privacy. I collect a massive dataset of Android apps from the Google Play app store spanning nearly four years and study the threat of Target Fragmentation in Android apps as well as the prevalence of security vulnerabilities related to unsafely embedding web content in Android apps. I also study the privacy properties of telephone metadata using a dataset crowdsourced through a mobile app. Each of these studies has serious practical implications. The experiments studying security vulnerabilities in Android apps demonstrate the widespread and continued existence of serious vulnerabilities in the Android ecosystem and the experiment studying the privacy properties of telephone metadata has been cited in legal cases opposing surveillance programs operated by the United States government.
|Type of resource
|electronic; electronic resource; remote
|1 online resource.
|Stanford University, Department of Computer Science.
|Statement of responsibility
|Submitted to the Department of Computer Science.
|Thesis (Ph.D.)--Stanford University, 2016.
- © 2016 by Patrick Charles Mutchler
- This work is licensed under a Creative Commons Attribution Non Commercial 3.0 Unported license (CC BY-NC).
Also listed in
Loading usage metrics...