Android

The Android ecosystem is immense, represents a diverse manifold of use cases and participants, and is therefore highly complex. At the …

Android security trade-offs: Rooting “Rooting” has been part of the Android ecosystem pretty much since its creation. Within the context of this blog post, I define rooting as a method to disable standard sandboxing mechanisms for particular processes, which is a superset of Nick Kralevich’s earlier definition because many posts mix up the intentional, user-driven root access with exploitation of vulnerabilities.

Android security trade-offs The Android ecosystem is highly diverse, complex, and has many different stakeholders typically not visible in the limelight. Consequently, making decisions about features in the platform itself — what we call AOSP (Android Open Source Project) — is hard, and often in surprising ways.

The threat model for a mobile device ecosystem is complex. In addition to the obvious physical attacks on lost or stolen devices and …

[Finished] Enabling IPv6 address privacy on Android devices.

[Finished Sept. 2017] Research Center for User-friendly Secure Mobile Environments

Executive summary appjolt.com is seemingly an iOS and Android library/SDK to bundle with other apps. It is a special form of malware typically referred to as spyware, and is even worse than the typical advertiser network libraries that include in-app advertisments during use.

[Finished] Android on-device permanent root exploit framework

How to set up an OpenWRT router/gateway as an IPsec/L2TP gateway for Andoid and iPhone clients The only “reasonable” (that is, not counting PPTP due to its known security issues) VPN protocol supported by default on non-rooted / non-jailbroken Android / iPhone phones as clients is the combination of IPsec and L2TP.

[Finished] Cross-platform end-to-end encrypted note-taking app