CS-GY9163: Application Security Assignment 5: MobileSecurity
The goal of this assignment is to give you experience working with Android applications in a safe and secure way, as well as to understand the security and privacy implications of choices made during application development. However, due to time constraints we cannot spend enough time creating a full Android application. However, you should still gain experience with Android application. Therefore, in this assignment you are tasked with fixing an Android application that uses a spell checker Web service as a back end, and reducing the permissions to only what’s necessary. You will then return the fixed code and a write-up explaining what you changed in the code and why.
Grading
All report submissions should be in either PDF format or text format.
The grading split is done as follows: Android Application Changes: 50 pts. Writeup: 50 pts.
Total 100 pts.
For this assignment you need to install Android Studio. Download the latest version of Android studio from here: https://developer.android.com/studio/index.html. More information about instillation can be found here: https://developer.android.com/studio/install. You will also need to install android SDK version 28 (Android 9.0-pie API level 28). The android application provided in this assignment can work on minimum SDK version 26 and the target SDK version is 28.
Completion time – 5 to 7 hours
In the first week of this unit you are tasked with fixing an android application. Code for the android application has been provided and has to be forked from: https://github.com/Rahulmashlesh/CS-GY9163_AppSec_Assignment_5. This application has vulnerabilities and performs insecure and improper operations. You are tasked with finding and removing these vulnerabilities, improper operations and unnecessary code.
Completion time – 2 to 5 hours depending on experience.
Many applications on the Android market contain access to many more permissions than necessary. Often these permissions are requested to make the application work with advertisement libraries or other dependencies. However, this practice of granting more permissions to the Android application puts the user’s privacy at risk. It is good practice, therefore, to limit the permissions of an application to only what it needs to function.
For this portion of the assignment you are tasked with reducing the permissions of this application to only what is necessary to function. The application’s source code with reduced permissions should be submitted for grading.
The report is to be submitted through NYU Classes. Your write-up should include information about why and which files were retained, modified or removed. You must also include what permissions were needed to function and why.
Once you test your application on an emulator the modified working project should be uploaded to a new GitHub repository and made accessible to the instructor and TAs. Here is a link on how to add collaborator on github and include these github handle: rahulmashlesh, and kcg295. https://help.github.com/en/github/setting-up-and-managing-your-github-user-account/inviting-collaborators-to-a-personal-repository
Late assignments will not be accepted.