Smartphones are now the most common way users handle digital
information and interact with online services. The interaction with
these devices encompasses different actors, trusting each other in
different ways. Users interact with apps, trusting them to access
valuable and privacy-sensitive information. At the same time, apps
usually communicate with remote backends and mediate user
authentication to online services. Finally, all these interactions are
mediated on one side by the user interface and on the other by the
During my PhD I studied how all these different actors trust each
other and how this trust can be unfortunately violated by attackers,
because of limitations on how the operating system, apps, and the user
interface are currently designed and implemented. To assist my work, I
developed automatic analysis tools to perform large-scale analyses of
Android apps. In this presentation I will describe both the tools I
have developed and my findings.
Specifically, I will first describe my work on how, in an Android
system, it is possible to lure users to interact with malicious apps
which "look like" legitimate ones. This completely violates the trust
relationship, mediated by the user interface, between users and apps.
As a countermeasure, we implemented modifications of the Android user
interface and we evaluated their effectiveness with a user study.
Then, I will explain how many apps unsafely authenticate their users
to remote backends, due to misplaced trust in the operating system.
Specifically, we identified different apps that only rely on values
provided by the operating system (such as the "device id" or the
"device MAC address") to perform authentication. For this reason, an
attacker can trivially spoof these values, and logins in behalf of a
legitimate user. Finally, I will introduce my ongoing research on how
new hardware-assisted technologies could help, if used correctly, in
mitigating the previously mentioned trust violations.