Available at: http://digitalcommons.calpoly.edu/theses/1811
Date of Award
MS in Computer Science
The recent consumer explosion of smartphones and tablets has led to the proliferation of sensitive data stored on mobile devices and the cloud. In 2015, it was reported that 16.2% of files uploaded to file sharing services contain sensitive data (Skyhigh Networks). With users having so much personal data on their devices and the cloud, security becomes an imperative subject. Unfortunately, security is often overlooked or implemented improperly in many commercial devices. Knowledge of security fundamentals is essential to ensure users maintain their privacy and security.
The work in this thesis designs and implements five labs for a potential undergraduate mobile security course with a focus on the Android operating system. The purpose of these labs is to give students practical experience and awareness in mobile security. In the first lab, I teach the basics of the Android Software Development Kit (SDK), such as accessing device hardware components and getting user permissions. The second lab teaches students how to inject malicious code into an existing app. The third lab teaches students how to implement a man in the middle attack using a WiFi Pineapple and setup an OAuth 2.0 session. In the fourth lab, students learn how to use Metasploit to run an exploit to get remote shell access to a device. In the fifth lab, I teach students how to get a device's WiFi information and how to interface with the WiGLE.net and Google Maps Android APIs.