Measurements of Timing-Differences in the Android API

posted in #Mobile & Cloud on the 15.06.2020

The report introduces a framework that can automatically detect timing leaks on Android devices. It does so by automatically invoking API methods with different parameters and measuring the execution time of the different calls. If these differ significantly over several invocations, it may be possible to deduce information that is not directly accessible to the caller. The report shows two examples on how such timing differences can partially bypass the authorization system of Android.

Downloads

File Description File size
pdf Project Report (DE) Version 1.0 of 08.06.2019 (German only)
 230 KB
zip Application Version 1.0 of 08.06.2020 (.zip, Java - Android)
 743 KB