Smart phone 3rd party applications are becoming more and more popular as smart-phones become richer in sensors, capabilities and private information. Moreover, it is common that the applications have dangerous privileges to access these sensors, capabilities and information. Clearly, over-privileged smart phone applications are a dire security concern to end-users.
In this project students will design and implement a set of Android applications – “the infrastructure” – which aims to enable much safer Android programming, by helping applications become much less privileged without harming their functionality. In Android, applications can offer services to other applications. The infrastructure applications are a set of services useful to many other Android applications. These services offer implementation of common application behavior and, in particular, commonly required declassification behavior (see below).
Applications utilizing this infrastructure will be easier to develop, less buggy and most importantly – less privileged and more secure. Notably, Microsoft Windows Phone has a small part of this infrastructure (several services, or common behaviors’ implementation) integrated in their API and OS environment. Android Development environment does not offer these API calls, but offers something better perhaps – the ability to easily implement them (and many more) as Android applications offering these services to other apps.
Students participating in this project will learn general principles of information security and apply them to real-life programs. They will also get familiar with Android Development, and will get to utilize its unique flexibility in ways seldom done elsewhere so far. We believe the infrastructure implemented here is important to Android Development as it is being performed today, and it (or a developed form of it) could be widely used by many applications one day.
Declassification