FindAPhD Weekly PhD Newsletter | JOIN NOW FindAPhD Weekly PhD Newsletter | JOIN NOW

Security and Privacy in App-enabled ecosystems

   Information Security Group

This project is no longer listed on and may not be available.

Click here to search for PhD studentship opportunities
  Dr Jorge BlascoAlis  No more applications being accepted  Competition Funded PhD Project (Students Worldwide)

About the Project

App-enabled ecosystems have taken over most of the ways we interact with devices and the internet. Users can now find and install apps on their smart devices (phones, watches, TVs, etc.), browsers (as extensions and webapps) or within other applications (suites, productivity tools, etc.). The huge popularity of these ecosystems along with poor privacy and security privacy practices has led to a proliferation of malware and apps that don’t handle the user’s information in a transparent and secure manner.

Research at the Information Security Group in this area has already covered ecosystems such as Android in detail. We have been involved in malware and app analysis for the Android ecosystem and are expanding to other app-based ecosystems such as those for IoT platforms and browser extensions. Initial results show that despite many efforts in these areas, apps with poor security and privacy practices are widespread and downloaded by users.


We are seeking students to expand our efforts in these new platforms and how they interconnect. This project has three goals: characterisation, generalisation, and automation.

In the characterisation phase, we aim to study commonalities and divergences in different ecosystems and how it might impact their security and privacy, allowing apps to be compromised by malware. The characterisation phase is largely exploratory using a combination manual and automated analysis which is specific to the ecosystem.

In the generalisation phase, we propose an abstract model of an ecosystem and a core set of issues using which this abstract model could be breached. We show that our abstract model is flexible enough to cover a wide spectrum of ecosystems. Then, we show how a breach can occur in this abstract model through programming anti-patterns, unchecked I/O, misprogramming of APIs or permission misuse.

The final part of the PhD is about building the tooling to automatically analyse an arbitrary ecosystem for weaknesses. The first part of the tool translates ecosystems into variants of the abstract model developed in the generalisation phase. The second part of the tool checks the variants for potential weaknesses by running static checks for the core set of issues identified in the generalisation phase that may lead to a compromised system.

The deliverable for the project is a tool that is parametric in the software ecosystem allowing unprecedented opportunities in understanding security issues and fortifying a wide spectrum of ecosystems.


Applications should have a background in Computer Science or a related discipline with interests in security, privacy and static analysis techniques. Prospective applicants are welcome to discuss with Dr Jorge Blasco ([Email Address Removed])

Funding Notes

The Centre for Doctoral Training in Cyber Security for the Everyday can offer up to ten studentships per year, three of which can be awarded to international students (which includes EU and EEA.)
Please ensure you are familiar with the eligibility criteria set by UKRI and their terms and conditions.
In order to apply please visit the CDT website and follow the application instructions.
The studentship includes
* Tuition fees:
* Maintenance: £21,285 for each academic year.
Search Suggestions
Search suggestions

Based on your current searches we recommend the following search filters.

PhD saved successfully
View saved PhDs