Rogan Creswick will be giving the next Portland Linux/Unix Group's (PLUG) Advanced Topics presentation, "Multi-App Security Analysis: Looking for Android App Collusion." The event, hosted by PLUG, will be held next Tuesday, Nov. 19th at 7:00 p.m. at Free Geek, 1731 SE 10th Avenue, Portland, OR (map).
The Android permission model opens up a number of opportunities for apps to bypass the established single-app permission checks that Android users rely on to control data flow and application behavior on their devices. I'll do my best to terrify the Android-using audience by describing the attack surface for colluding applications and showing interactive visualizations of multi-app data flow. We'll look at the Android permission model, the user-interface it results in, and I'll show just how easy it is to make apps that look innocuous.
Rogan Creswick develops unique tools and techniques for software development and security analysis at Galois, Inc. His research interests focus on improving the state of the art in software engineering tools and user interfaces. His experience also reaches into the areas of user interface automation and customization via integrated assistants and automated documentation aides at IBM Research. He has striven to provide natural interfaces to ease communication with complex and semi-sentient agents through existing tools that have already become trustworthy and familiar to their users.