Ning Zhang, assistant professor of computer science & engineering in the McKelvey School of Engineering at Washington University in St. Louis, recently received the Best Paper Award and the Distinguished Paper Award from the 53rd Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), which focuses on cyberphysical systems dependability, resiliency and security.
The paper, titled “Devils in Your Apps: Vulnerabilities and User Privacy Exposure in Mobile Notification Systems,” analyzes the mobile/Internet of Things push notification systems, used by billions of users daily, from the security and privacy angle.
“The study was partially motivated by my 3-year-old daughter’s complaint to me that the notifications were blocking her ‘Peppa Pig’ show,” Zhang said.
The paper is the first systematic exploration of security and privacy of the mobile notification services, used by billions of users daily. Zhang and the team dissected the system designs of the Android mobile notification ecosystem into four stages, identified four critical processes that take place, then analyzed the potential security and privacy vulnerabilities and viable attacks to show real-world threats. Their analysis found that more than half of all apps use notification software development kits (SDK), which are software tools and programs used by developers to create manage notification-related functionalities. Only one-third of the SDKs provided privacy-related application programming interfaces (API), and only 3% of the apps use the APIs appropriately.
Zhang’s research focuses on security and privacy problems in emerging cyberphysical systems, which is at the intersection of software/hardware system, artificial intelligence, real-time system, control systems and security. He leads the Computer Security and Privacy Laboratory at Washington University in St. Louis. His research is supported by the National Science Foundation, Army Research Office, Department of Homeland Security, Department of Energy, Mastercard and Intel. He is a member of the Center for Trustworthy AI in CPS, AI and IoT for Medicine (AIM) Institute, and the Social Policy Institute (SPI) at Washington University in St. Louis.