CEG 4440: Android Internals and Security


Prabhaker Mateti

Revised Feb 2019.

Catalog Description: Internals of the Android OS. Linux refresher of Networking, File System, and other subsystems. Android Security Architecture. Reverse engineering of APKs. Well known TCP/IP exploits on Android. Analyses of Android malware. Security enhancement of Android Framework. ASLR and ROP. Android Forensics. Future of body-hugging computing/networking devices.

Prerequisite(s): Undergraduate level CS 3100 Minimum Grade of C. Further Advice: Fluent in CEG 2350 OS Concepts and Usage; Fluent in Java; Recommended (Senior Level) Operating Systems Internals and Design.

Source Material

There is no required text book this term. The course home page leads to lecture notes on every topic of this course.

  1. Course Home Page Prabhaker Mateti, Lecture Notes on Android Internals and Security, https://www.cs.wright.edu/~pmateti/Courses/4440/ Has extensive lecture notes.
  2. Google, https://developer.android.com/ "Build Anything on Android"
  3. https://source.android.com/ Android Open Source Project
  4. Nikolay Elenkov, "An In-Depth Guide to Android's Security Architecture", https://www.nostarch.com/androidsecurity . October 2014, 432 pp. ISBN: 978-1-59327-581-5; WSU safaribooksonline
  5. Karim Yaghmour, Embedded Android, O'Reilly Media, Inc., 2013, 412 pp, ISBN: 9781449327958; WSU safaribooksonline
  6. Roger Ye, Android System Programming, Packt Publishing, 470pp, 2017; ISBN-13: 978-1-78712-536-0; WSU safaribooksonline
  7. Joseph Annuzzi, Jr., Lauren Darcey, Shane Conder, Introduction to Android Application Development: Android Essentials, 5th Edition, Addison-Wesley Professional, 2015, 672pp, ISBN: 9780134389653; WSU safaribooksonline
  8. Adapted Materials from Android security sites


Student should
  1. Realize that "smartphones" are body-hugging computing devices with always-on networking.
  2. Recognize the impact of integrating media services, location services, in the context of mobile messaging devices on privacy and security.
  3. Be cognizant of the forensics.

Learning Outcomes

Student should be able to
  1. Design applications at firmware, Linux CLI, and Android Framework levels, on Android.
  2. Dissect Android APKs.
  3. Demonstrate existing malware.
  4. Improve security and privacy by revising the Android configuration.


Full attendance is expected.

Course Content

Lab work is a significant part of this course. The ordering of lectures, in contrast to the course content topics listed below, is largely due to this influence.

  1. OS refresher; TCP/IP Refresher; Mobile Systems Characteristics;
  2. Design of Mobile OS, Android Internals, API
  3. Application Software Design for Android.
  4. Tour of: Android Open Source Project (AOSP), CyanogenMod; Building a ROM; Linaro
  5. Network Security; Linux Security; Android Security; Location Based Services; Pocket Spy
  6. Android Permissions System
  7. Mobile Malware
  8. Privacy Violations
  9. Hot Topics in Security
  10. Mobile-, Cloud-, Ubiquitous-, Pervasive- Computing

Course Content Week-by-Week

W Lectures   PL#: Proj/LabName Wt
1 Course overview; Android Develop          
* Refreshers: OS internals, TCP/IP          
2 Android-Internals; Security #1   L1 AndroidIntro 5%
3 Android Virtual Devices,   Networking Exploits Overview          
4 ReverseEngineering, Dissection of APKs Security #2  
5 Android Init   L2 CachePoison 5%
6 Android Binder   L3 InitMods 5%
7 Android Zygote  
Midterm   MT Midterm 30%
8 Android SM, AM ashmem    
9 Android Rooting Exploits   L4 Malware 5%
a AOSP/ LineageOS Tour   L5 Rooting 5%
b Code Injection/ Shell Code; ASLR ROP          
c Exploit Prevention: Secure Coding   L6 CodeInject 5%
d Exploit Prevention: Hardening      
e Pocket Spy; Violations of Privacy   5%
e Android Forensics   L7 CheckSSSFHB 5%
e Hot Topics in Android Security 2019   L8 IG-learner 5%
f Last Lecture = TBA • Final   FI Final 30%

The above is an HTML-copy-paste snapshot of the Weekly Tentative Schedule located at https://cecs.wright.edu/~pmateti/Courses/4440/Top/


There are two exams contributing 30% 20% and 30% to the final grade. The mid term is scheduled around the sixth week, and the final during the exam week as set by the Registrar.

Labs + Projects

The labs + projects contribute 40% to the final grade. I expect to give eight six five labs + projects. These must be submitted by midnight on the due date posted. The subject matter of these labs is included in the exams.

All lab work can be conducted within various WSU computer labs. But, it is highly recommended that you setup your own desktop/laptop for this work.

In this course, a project generally will begin with studying the source code tree given to you. It may require you to build an executable after suitable reconfiguration using tools such as make or gradle. The code will be in Java/ Kotlin for Android SDK.

The labs + projects are to be performed by the student individually. This must be work done solely by you, except for the parts I provided/agreed.

Homework Assignments

There are no homework assignments to be turned in.

CEG 6440

Students enrolled in CEG 6440 are required to do additional tasks, at a graduate student level, on one of the topics below. Undergraduate students and graduate students will be graded separately. This semester the graduate tasks are to (i) sketch a new lab experiment based on that topic, and (ii) carry out that experiment and submit a lab report as usual. Your article and lab experiment should look like one of those already included in the course. If a topic beyond this list interests you, I am happy to consider it.

  1. Secure Re-coding of init, zigote, etc.
  2. An SEAndroid (SELinux) Re-configurator.
  3. Proactive Forensics of Activity to Cloud Storage.
  4. Ransomware Prevention
  5. Code Injection and ROP

Copyright © 2019 • Dr Prabhaker Mateti • Revised Feb 2019; Apr 2019.