14-829 / 18-638: Mobile and IoT Security - Fall 2020
Lab 1: Understanding Android Apps & Permissions
- Due: Sep 11
- Description: This lab will introduce you to the fundamental concepts and components used in Android development and provide you
with important background information to help you understand the Android security and privacy landscape. In this lab, you'll set up and experiment
with the Android development environment and device emulators (no hardware needed). Your setup will need to
support emulating OS/API levels ranging from Android
4.4/KitKat (API 19) to Android 10/Q (API 29). This lab also requires creation of a simple Android app and demonstration of Android permissions
under different OS versions. In case you are not already familiar with Android development, you can leverage the
Android Developer Guides, in particular the guides on
Fundamental Components and
Permissions. Of particular note, make sure you are familiar with the
differences between normal, signature, dangerous, special, and custom Permissions.
- Tasks:
- Environment Setup - Set up your Android development environment using Android Studio,
and configure several emulator instances for different OS versions. Ensure that your setup supports a variety of OS versions / API levels ranging
from Android 4.4 to Android 10 (specific versions to include may be driven by later tasks, so read ahead).
- Test App Development - Create an Android app and demonstrate that you have the ability to run it in the various emulators. Rather than
just launching some of the demo app code, practice creating your own application (this will be helpful for later labs).
- Study Permission History - Survey the differences in Android Permissions and their evolution from Android 4.4 to Android 10. Identify the most
significant changes and the version numbers where these changes took effect.
- Explore Permission Functionality - Incorporate requests for sensitive information into your Android app. Experiment with how your requests are
handled under different OS versions that you emulate. Also experiment with changing the
targetSDKVersion
in the app manifest, including
versions higher and lower than the actual OS version running on the emulator. Take note of any interesting findings.
- Deliverables & Submission: Prepare a written summary of your efforts and responses for the above tasks. The summary report should include:
- A brief summary of what you did for each task.
- Suitable images or short code snippets (not all of your code) to demonstrate that you accomplished the goals of each task.
- A brief description of any interesting findings.
This summary should be formatted in an easy-to-read way, using font size 10 or greater, and submitted via Canvas as a .pdf
document.
- Grading: This lab is worth 10 points, with 4 points allocated to the description of your survey of Android permission evolution
in Task 3 and 6 points allocated to your summary of efforts for the other Tasks. We reserve the right to take off points for unreadable reports, poor
writing, missing details, inappropriate content, etc.