Tracing the Arc of Smartphone Application Security
The introduction of smart phones in the mid-2000s forever changed the way users interact with data and computation--and through it prompted a renaissance of digital innovation. Yet, at the same time, the architectures, applications and services that fostered this new landscape fundamentally altered the relationship between users and security and privacy. In this talk I map the scientific community's evolving efforts over the last dozen years in evaluating smart phone application security and privacy. I consider several key scientific questions and explore the methods and tools used to answer them. Here I show how our joint understanding of adversary and industry practices have matured over time, and briefly consider how these results have informed and shaped technical public policy in the United States. I conclude with a discussion of the open problems and opportunities in mobile device security and privacy.