Employing Android Security Features for Enhanced Security and Privacy Preservation

Wakim, Mike

January 2017

In this thesis, we examine the architecture and the security framework underlying the Android operating system. We explore existing Android end-to-end encrypted (E2EE) messaging applications and derive four categories of common issues that are applicable to these applications. We then provide an overview of the known issue of privilege escalation wherein a malicious privileged application can utilize inter-process communication techniques to send protected data to an unauthorized application on a user’s device. We demonstrate through a proof of concept how this behavior can be achieved in real applications, and we suggest potential countermeasures that can help prevent this issue. Furthermore, in the interest of diminishing the common issues that are applicable to E2EE messaging applications, we propose a new design for such applications that employs some of the principal security features offered by the Android operating system. We explain how our design can help eliminate trust-related issues associated with such applications, as well as how it can help minimize issues in other categories. Finally, we demonstrate how our proposed design can be used in practice by implementing a proof of concept.

Android

Security

Privacy

Preservation

IPC

E2EE

Scheme

Encryption

End-to-End

Messaging

Usability-Driven Security Enhancements in Person-to-Person Communication

Yadav, Tarun Kumar

01 February 2024

In the contemporary digital landscape, ensuring secure communication amid widespread data exchange is imperative. This dissertation focuses on enhancing the security and privacy of end-to-end encryption (E2EE) applications while maintaining or improving usability. The dissertation first investigates and proposes improvements in two areas of existing E2EE applications: countering man-in-the-middle and impersonation attacks through automated key verification and studying user perceptions of cryptographic deniability. Insights from privacy-conscious users reveal concerns about the lack of E2EE support, app siloing, and data accessibility by client apps. To address these issues, we propose an innovative user-controlled encryption system, enabling encryption before data reaches the client app. Finally, the dissertation evaluates local threats in the FIDO2 protocol and devises defenses against these risks. Additionally, it explores streamlining FIDO2 authentication management across multiple websites for user convenience and security.

FIDO2

End-to-end encryption

E2EE

Application-independent encryption

2FA

Signal

Secure messaging

MITM attacks

Authentication

Physical Sciences and Mathematics