14-829: Mobile and IoT Security

14-829 / 18-638: Mobile and IoT Security - Fall 2021



Lab 1: Understanding Android Apps & Permissions

Due: Sep 10

Description: This lab will introduce you to the fundamental concepts and components used in Android development and provide you with important background information to help you understand the Android security and privacy landscape. In this lab, you'll set up and experiment with the Android development environment and device emulators (no hardware needed). Your setup will need to support emulating OS/API levels ranging from Android 4.4/KitKat (API 19) to Android 11/R (API 30). This lab also requires creation of a simple Android app and demonstration of Android permissions under different OS versions. In case you are not already familiar with Android development, you can leverage the Android Developer Guides, in particular the guides on Fundamental Components and Permissions. Of particular note, make sure you are familiar with the differences between normal, signature, dangerous, special, and custom Permissions.

Tasks:
  1. Environment Setup - Set up your Android development environment using Android Studio, and configure several emulator instances for different OS versions. Ensure that your setup supports a variety of OS versions / API levels ranging from Android 4.4 to Android 11 (note, you don't need an instance of every version, as specific versions to include may be driven by later tasks, so read ahead).

  2. Test App Development - Create an Android app and demonstrate that you have the ability to run it in the various emulators. Rather than just launching some of the demo app code, practice creating your own application (this will be helpful for later labs).

  3. Study Permission History - Survey the differences in Android Permissions and their evolution from Android 4.4 to Android 11. Identify the most significant changes and the version numbers where these changes took effect.

  4. Explore Permission Functionality - Incorporate requests for sensitive information into your Android app. Experiment with how your requests are handled under different OS versions that you emulate. Also experiment with changing the targetSDKVersion in the app manifest, including versions higher and lower than the actual OS version running on the emulator. Take note of any interesting findings.

Deliverables & Submission: Prepare a written summary of your efforts and responses for the above tasks. The summary report should include:
  • A brief summary of what you did for each task.
  • Suitable images or short code snippets (not all of your code) to demonstrate that you accomplished the goals of each task.
  • A brief description of any interesting findings.
This summary should be formatted in an easy-to-read way, using font size 10 or greater, and submitted via Canvas as a .pdf document.

Grading: This lab is worth 10 points, with 4 points allocated to the description of your survey of Android permission evolution in Task 3 and 6 points allocated to your summary of efforts for the other Tasks. We reserve the right to take off points for unreadable reports, poor writing, missing details, inappropriate content, etc.