Atif Memon publishes article in IEEE Security and Privacy with Montgomery Blair High School Student
Professor Atif Memon recently published an article entitled Colluding Apps: Tomorrow’s Mobile Malware Threat in the November/December issue of IEEE Security and Privacy. He published this work with Ali Anwar, a student in his junior year from the Science Magnet Program at Montgomery Blair High School in Takoma Park, MD. Memon’s and Anwar’s work addresses the malicious nature of some of the applications that people have on their mobile devices, and how that personal information can be taken and transmitted without a user’s knowledge. They examine Android, a very popular operating system for mobile devices, for security vulnerabilities, and determine that although this operating system takes active measures to try to protect applications from accessing each other’s information (called sandboxing), there are still instances in which malware can infiltrate the applications on mobile devices.
While this work is significant for several reasons, particularly that it calls into question the relative safety of user information in what seems to a mostly secure environment, as well as Memon’s and Anwar’s suggestions for security improvements, it is also significant because of the collaboration between Professor Memon and Mr. Anwar. Most high school students do not have the opportunity to work with professors in their chosen field for undergrad, but fortunately for Anwar and other local high school students, professors in the Computer Science Department do try to work with those students who show interest and talent in CS.
Anwar agreed to an interview about his experience working with Professor Memon:
How did you get introduced to working with Professor Memon?
My mother works in the Physics Department at UMD, so when I was looking for internships she was able to introduce me to Professor Jordan Goodman, also of the Physics Department. He offered to forward my resume to some contacts in the Computer Science department, one of which was Professor Memon.
What drew you to research in mobile systems and security?
I got my first introduction to mobile app development when I joined Blair’s Smartphone Programming Club. It gave me a solid foundation of mobile programming knowledge (mostly Android, but some iOS) and a lot of experience with collaborative programming (using tools like GitHub). It also helped me develop a lasting interest in mobile systems, and that’s what lead me to pursue mobile related research opportunities. As for security, Professor Memon set the topic of our research based on recent work he’s done, but mobile and security and computer security in general interests me because it’s such a relevant issue in the tech world today.
Has your work examining covert communication channels changed your own thinking and behavior about security with your mobile device?
My research has definitely made me a lot more conscious of the potential for malicious activityon my phone and, to an extent, I think it's made me more cautious as well. For example, today take the time to review the permissions being requested by every app I download and justify them to myself before downloading it.
IOS or Android? Which do you prefer? Why?
I’ve only ever owned Android devices, but I’ve used Apple devices and between the two I certainly prefer the former. I think Android devices are better in large part because they give the user more freedom—unlike Apple, Android lets users customize their phones by adding screen widgets, gives them full, easy access to their files from a computer and doesn’t enforce as many restrictions on the types of apps available in their app market.
Do you have plans for future research? What are they?
Most Blair Magnet seniors do a “senior research project” that starts this summer and carries on into the following year. I don't have any definite plans for mine yet, but I'm starting to look for and apply to institutions with research opportunities where I can work during the summer.
What's one thing that you learned from Professor Memon that was surprising?
While working with Professor Memon, it surprised me how much the focus of our project evolved as we did research into the topic at hand. I had a preconceived notion that research is generally done with a very specific goal in mind from the beginning, but our work with mobile security showed me that research can significantly shape and influence the subject area of a project even in its later stages.
Do you plan to continue doing research in the future? What other areas of Computer Science are interesting to you?
I hope to find a research opportunity focusing on some aspect of computer science for the senior research project I mentioned. Besides mobile systems, some other areas of Computer Science that interest me are artificial intelligence (particularly machine learning) and quantum computing.
Have you talked with your fellow students/colleagues or your friends and family about sandboxing and the potential for malicious activities on their mobile phones?
I've explained the basics of the research I did to family and friends who were interested. I wouldn't say that I warned them explicitly about the dangers app collusion posed to their own mobile devices, but I tried to emphasize how easily some malicious activity can occur and many of them seemed surprised to find out how vulnerable their devices were.
Anything else that you'd like to say about your experience?
I’m very grateful to Professor Memon for providing me with the opportunity to work with him, and to Professor Goodman for introducing us. I have a lot of passion for mobile development and computer science in general, and getting to put my skills to practice use by finding and analyzing a real problem in modern app development has been a fantastic experience. I’ve definitely learned a lot about mobile systems, but beyond that this internship has taught me skills about general scientific research and problem solving that I’m certain are going to be invaluable in my future internships and research opportunities.
The Department welcomes comments, suggestions and corrections. Send email to editor [at] cs [dot] umd [dot] edu.