Jean-Marie 'Histausse' Mineau
89c7f6ef08
All checks were successful
/ test_checkout (push) Successful in 1m5s
49 lines
3.1 KiB
Typst
49 lines
3.1 KiB
Typst
#import "../lib.typ": todo, epigraph, eg
|
|
|
|
= Introduction <sec:intro>
|
|
|
|
// https://youtu.be/si9iqF5uTFk?t=1512
|
|
#epigraph("Rear Admiral Grace Hopper")[If during the next 12 months any one of you says "but we have always done it that way", I will instantly materialize beside you and I will haunt you for 24 hours.]
|
|
|
|
|
|
// De tout temps les hommes on fait des apps android ...
|
|
Android is the most used mobile operating system since 2014, and since 2017, it even surpasses Windows all platforms combined#footnote[https://gs.statcounter.com/os-market-share#monthly-200901-202304].
|
|
The public adoption of Android is confirmed by application developers, with 1.3 millions apps available in the Google Play Store in 2014, and 3.5 millions apps available in 2017#footnote[https://www.statista.com/statistics/266210].
|
|
Its popularity makes Android a prime target for malware developers.
|
|
Various applications have been shown to behave maliciously, from stealing personal informations~@shanSelfhidingBehaviorAndroid2018 to hijacking the phone computing ressources to mine cryptocurrency~@adjibi_devil_2022.
|
|
|
|
Considering the importance of Android in the everyday live of so many people, Google, the company that develops Android, defined a very strong security model that addresses an extensive threat model~@mayrhofer_android_2021.
|
|
This threat model goes as far as to consider that an adversarie can have physical access to an unlocked device (#eg an abusive partner, or a border control). // Americaaaaa
|
|
On the device, this security model imply the sandboxing of each applications, with a system of permissions to allow the applications to perform potentially unwanted actions.
|
|
For example, an applications cannot access the contact list without requesting the permission to the user first.
|
|
Android keep improving its security version from version, be it by improving the sandboxing (#eg starting with Android 10, application can no longer access the clipboard if they are not focused) or safer default (#eg since Android 9, by default, all network connection must use TLS).
|
|
|
|
/*
|
|
* A mettre qqp:
|
|
* - "Evaluating the Reusability of Android Static Analysis Tools" https://dx.doi.org/10.1007/978-3-031-66459-5_10 10.1007/978-3-031-66459-5_10 21st International Conference on Software and Systems Reuse, ICSR 2024 https://hal.science/hal-04557993v1
|
|
* - "Class Loaders in the Middle: Confusing Android Static Analyzers" in Digital Threats: Research and Practice http://dx.doi.org/10.1145/3754457
|
|
*
|
|
*
|
|
*
|
|
* Android securité explique a ma grand-mere
|
|
* expliquer gentillement, montrer tout les angles de la securité: renforcer l'OS, detecter les malware, reverse
|
|
*
|
|
* c'est quoi le reverse?
|
|
* arriver sur le probleme que les cas qui marchent pas sont souvant ignoré (chiffrer, tableau?) et fait a la main dans les cas
|
|
* cause, pourquoi?
|
|
* est ce qu'on peut essayer de reparer?
|
|
*
|
|
*
|
|
* plan: chapitre, résumé un peu long des chapitres.
|
|
*/
|
|
#todo[developper "De tout temps les hommes "]
|
|
|
|
#todo[Introduire problématique:]
|
|
|
|
#todo[1) résulats trop bons sur des datasets faciles]
|
|
|
|
#todo[2) facile a pieger: shadow attacks]
|
|
|
|
#todo[3) savent pas gerer le chargement dyn et reflection]
|
|
|
|
|