Starting March 27, 2025, we recommend using android-latest-release
instead of aosp-main
to build and contribute to AOSP. For more information, see Changes to AOSP.
ASPIRE
Stay organized with collections
Save and categorize content based on your preferences.
The Android Security and Privacy Research (ASPIRE) program provides
funding for certain research related to Android.
ASPIRE tackles fundamental challenges through the lens of practicality and
encourages the development of technologies that may become core Android features
in the future, impacting the Android ecosystem in the next 2-5 years. This
timeframe extends beyond the next annual Android release to allow adequate time
to analyze, develop, and stabilize research into features before including in
the platform. Note that this is distinct from other Android security initiatives
such as the vulnerability
disclosure program.
ASPIRE operates by inviting proposals for research topics, providing funding
for select proposals, and partnering external researchers with Googlers. We
announce a call for proposals once a year, typically in the middle of the year,
and announce the proposals selected for funding by the end of the calendar
year.
Beyond ASPIRE, if you're a researcher interested in pushing the boundaries of
Android security and privacy, there are several ways to participate:
- Apply for a research
internship as a student pursuing an advanced degree.
- Apply to become a Visiting
Researcher at Google.
- Co-author publications with Android team members.
- Collaborate with Android team members to make changes to the Android Open
Source Project.
Publications funded by ASPIRE
2025
- ScopeVerif: Analyzing the Security of Android's
Scoped Storage via Differential Analysis Zeyu Lei, Güliz Seray
Tuncay, Beatrice Carissa Williem, Z. Berkay Celik, and Antonio Bianchi. Purdue University,
Google 2025
[paper]
- LANShield: Analysing and Protecting Local Network Access on Mobile Devices.
Angelos Beitis, Jeroen Robben, Alexander Matern, Zhen Lei, Yijia Li, Nian Xue, Yongle Chen,
Vik Vanderlinden, and Mathy Vanhoef. 25th Privacy Enhancing Technologies Symposium (PETS)
2025.
[paper]
[website]
2024
- SIMurai: Slicing Through the Complexity of SIM Card Security Research
Tomasz Piotr Lisowski, Merlin Chlosta, Jinjin Wang, and Marius Muench.
33rd USENIX Security Symposium.
[paper]
[video]
[slides]
- 50 Shades of Support: A Device-Centric Analysis of Android
Security Updates. Abbas Acar, Güliz Seray
Tuncay, Esteban Luques, Harun Oz, Ahmet Aris, and Selcuk Uluagac. Networked
and Distributed Systems Security (NDSS) 2024. [paper]
[video]
- Wear's my Data? Understanding the Cross-Device Runtime Permission
Model in Wearables. Doguhan Yeke, Muhammad Ibrahim, Güliz SerayP
Tuncay, Habiba Farrukh, Abdullah Imran, Antonio Bianchi, and Z. Berkay
Celik. IEEE Symposium on Security and Privacy (S&P) 2024. [paper]
[video]
- (In)Security of File Uploads in Node.js. Harun Oz, Abbas
Acar, Ahmet Aris, Güliz Seray
Tuncay, Amin Kharraz, Selcuk Uluagac. ACM Web Conference (WWW) 2024. [paper]
2023
- RøB: Ransomware over Modern Web Browsers. Oz, Harun,
Ahmet Aris, Abbas Acar, Güliz Seray
Tuncay, Leonardo Babun, and Selcuk Uluagac. USENIX Security Symposium
(USENIX Security) 2023. [paper]
[video] [slides]
- UE Security Reloaded: Developing a 5G Standalone User-Side Security
Testing Framework. E Bitsikas, S Khandker, A Salous, A Ranganathan, R
Piqueras Jover, C Pöpper. ACM Conference on Security and Privacy in Wireless and
Mobile Networks (WiSec) 2023. [paper] [video]
[slides]
- The Android Malware Handbook. Qian Han, Salvador Mandujano,
Sebastian Porst, V.S. Subrahmanian, Sai Deep Tetali. [book]
- Understanding Dark Patterns in Home IoT Devices. Monica
Kowalczyk, Johanna T. Gunawan, David Choffnes, Daniel J Dubois, Woodrow Hartzog,
Christo Wilson. ACM Conference on Human Factors in Computing Systems (CHI) 2023.
[paper]
- Continuous Learning for Android Malware Detection. Yizheng
Chen, Zhoujie Ding, and David Wagner. USENIX Security Symposium (USENIX
Security) 2023. [paper]
- PolyScope: Multi-Policy Access Control Analysis to Triage Android
Scoped Storage. Yu-Tsung Lee, Haining Chen, William Enck, Hayawardh
Vijayakumar, Ninghui Li, Zhiyun Qian, Giuseppe Petracca, and Trent Jaeger. IEEE
Transactions on Dependable and Secure Computing, doi: 10.1109/TDSC.2023.3310402.
[paper]
- Triaging Android Systems Using Bayesian Attack Graphs.
Yu-Tsung Lee, Rahul George, Haining Chen, Kevin Chan, and Trent Jaeger. IEEE
Secure Development Conference (SecDev), 2023. [paper]
2022
- SARA: Secure Android Remote Authorization. Abdullah
Imran, Habiba Farrukh, Muhammad Ibrahim, Z. Berkay Celik, and Antonio Bianchi.
USENIX Security Symposium (USENIX Security) 2022. [paper] [video] [slides]
- FReD: Identifying File Re-Delegation in Android System
Services. Sigmund Albert Gorski III, Seaver Thorn, William Enck, and
Haining Chen. USENIX Security Symposium (USENIX Security) 2022. [paper] [video] [slides]
- Poirot: Probabilistically Recommending Protections for the Android
Framework. Zeinab El-Rewini, Zhuo Zhang, Yousra Aafer. ACM Computer and
Communication Security (CCS) 2022. [paper]
- Sifter: Protecting Security-Critical Kernel Modules in Android
through Attack Surface Reduction. Hsin-Wei Hung, Yingtong Liu, Ardalan
Amiri Sani. ACM Conference on Mobile Computing And Networking (MobiCom) 2022.
[paper]
2021
- An Investigation of the Android Kernel Patch
Ecosystem. Zheng Zhang, Hang Zhang, Zhiyun Qian, and Billy Lau. USENIX
Security Symposium (USENIX Security) 2021. [paper] [video] [slides]
- Demystifying Android's Scoped Storage Defense. Yu-Tsung
Lee, Haining Chen, and Trent Jaeger. IEEE Security & Privacy, vol. 19, no. 05,
pp. 16-25, 2021. [paper]
2019
- Protecting the stack with PACed canaries. H.
Liljestrand, Z. Gauhar, T. Nyman, J.-E. Ekberg, and N. Asokan.
[paper]
Content and code samples on this page are subject to the licenses described in the Content License. Java and OpenJDK are trademarks or registered trademarks of Oracle and/or its affiliates.
Last updated 2025-06-27 UTC.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Missing the information I need","missingTheInformationINeed","thumb-down"],["Too complicated / too many steps","tooComplicatedTooManySteps","thumb-down"],["Out of date","outOfDate","thumb-down"],["Samples / code issue","samplesCodeIssue","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-06-27 UTC."],[],[],null,["# ASPIRE\n\nThe Android Security and Privacy Research (ASPIRE) program provides\nfunding for certain research related to Android.\n\nASPIRE tackles fundamental challenges through the lens of practicality and\nencourages the development of technologies that may become core Android features\nin the future, impacting the Android ecosystem in the next 2-5 years. This\ntimeframe extends beyond the next annual Android release to allow adequate time\nto analyze, develop, and stabilize research into features before including in\nthe platform. Note that this is distinct from other Android security initiatives\nsuch as the [vulnerability\ndisclosure program](https://bughunters.google.com/about).\n\nASPIRE operates by inviting proposals for research topics, providing funding\nfor select proposals, and partnering external researchers with Googlers. We\nannounce a call for proposals once a year, typically in the middle of the year,\nand announce the proposals selected for funding by the end of the calendar\nyear.\n\nBeyond ASPIRE, if you're a researcher interested in pushing the boundaries of\nAndroid security and privacy, there are several ways to participate:\n\n- Apply for a [research\n internship](https://careers.google.com/students/engineering-and-technical-internships/) as a student pursuing an advanced degree.\n- Apply to become a [Visiting\n Researcher](https://research.google/outreach/visiting-researcher-program/) at Google.\n- Co-author publications with Android team members.\n- Collaborate with Android team members to make changes to the Android Open Source Project.\n\n### Publications funded by ASPIRE\n\n#### 2025\n\n- **ScopeVerif: Analyzing the Security of Android's\n Scoped Storage via Differential Analysis** Zeyu Lei, [Güliz Seray\n Tuncay](https://research.google/people/g%C3%BCliz-seray-tuncay/), Beatrice Carissa Williem, Z. Berkay Celik, and Antonio Bianchi. Purdue University, Google 2025 \\[[paper](https://www.ndss-symposium.org/wp-content/uploads/2025-340-paper.pdf)\\]\n\n\u003c!-- --\u003e\n\n- **LANShield: Analysing and Protecting Local Network Access on Mobile Devices.** Angelos Beitis, Jeroen Robben, Alexander Matern, Zhen Lei, Yijia Li, Nian Xue, Yongle Chen, Vik Vanderlinden, and Mathy Vanhoef. 25th Privacy Enhancing Technologies Symposium (PETS) 2025. \\[[paper](https://papers.mathyvanhoef.com/pets2025.pdf)\\] \\[[website](https://lanshield.eu)\\]\n\n#### 2024\n\n- **SIMurai: Slicing Through the Complexity of SIM Card Security Research** Tomasz Piotr Lisowski, Merlin Chlosta, Jinjin Wang, and Marius Muench. 33rd USENIX Security Symposium. \\[[paper](https://www.usenix.org/system/files/usenixsecurity24-lisowski.pdf)\\] \\[[video](https://www.youtube.com/watch?v=3_R9P--ksE4)\\] \\[[slides](https://www.usenix.org/system/files/usenixsecurity24_slides-lisowski.pdf)\\]\n- **50 Shades of Support: A Device-Centric Analysis of Android\n Security Updates.** Abbas Acar, [Güliz Seray\n Tuncay](https://research.google/people/g%C3%BCliz-seray-tuncay/), Esteban Luques, Harun Oz, Ahmet Aris, and Selcuk Uluagac. Networked and Distributed Systems Security (NDSS) 2024. \\[[paper](https://www.ndss-symposium.org/wp-content/uploads/2024-175-paper.pdf)\\] \\[[video](https://www.youtube.com/watch?v=s_CIxz1BLEM)\\]\n- **Wear's my Data? Understanding the Cross-Device Runtime Permission\n Model in Wearables.** Doguhan Yeke, Muhammad Ibrahim, [Güliz SerayP\n Tuncay](https://research.google/people/g%C3%BCliz-seray-tuncay/), Habiba Farrukh, Abdullah Imran, Antonio Bianchi, and Z. Berkay Celik. IEEE Symposium on Security and Privacy (S\\&P) 2024. \\[[paper\\]](https://www.computer.org/csdl/proceedings-article/sp/2024/313000a077/1RjEaMvw3iE) \\[[video](https://www.youtube.com/watch?v=EWrEsDJ084c)\\]\n- **(In)Security of File Uploads in Node.js.** Harun Oz, Abbas Acar, Ahmet Aris, [Güliz Seray\n Tuncay](https://research.google/people/g%C3%BCliz-seray-tuncay/), Amin Kharraz, Selcuk Uluagac. ACM Web Conference (WWW) 2024. \\[[paper](https://research.google/pubs/pub53215/)\\]\n\n#### 2023\n\n- **RøB: Ransomware over Modern Web Browsers** . Oz, Harun, Ahmet Aris, Abbas Acar, [Güliz Seray\n Tuncay](https://research.google/people/g%C3%BCliz-seray-tuncay/), Leonardo Babun, and Selcuk Uluagac. USENIX Security Symposium (USENIX Security) 2023. \\[[paper](https://www.usenix.org/system/files/usenixsecurity23-oz.pdf)\\] \\[[video](https://youtu.be/MUVNz6p3_jk)\\] \\[[slides](https://www.usenix.org/system/files/sec23_slides_oz.pdf)\\]\n- **UE Security Reloaded: Developing a 5G Standalone User-Side Security\n Testing Framework** . E Bitsikas, S Khandker, A Salous, A Ranganathan, R Piqueras Jover, C Pöpper. ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec) 2023. \\[[paper](https://dl.acm.org/doi/abs/10.1145/3558482.3590194)\\] \\[[video](https://www.youtube.com/watch?v=GrJCN-_T29c&list=PL4FCce8hBdnIf2argwcrw5J0h_eB39WSn&index=15)\\] \\[slides\\]\n- **The Android Malware Handbook.** Qian Han, Salvador Mandujano, Sebastian Porst, V.S. Subrahmanian, Sai Deep Tetali. \\[[book](https://books.google.com/books/about/The_Android_Malware_Handbook.html?id=U2y1EAAAQBAJ)\\]\n- **Understanding Dark Patterns in Home IoT Devices** . Monica Kowalczyk, Johanna T. Gunawan, David Choffnes, Daniel J Dubois, Woodrow Hartzog, Christo Wilson. ACM Conference on Human Factors in Computing Systems (CHI) 2023. \\[[paper](https://david.choffnes.com/pubs/chi23-740-2.pdf)\\]\n- **Continuous Learning for Android Malware Detection** . Yizheng Chen, Zhoujie Ding, and David Wagner. USENIX Security Symposium (USENIX Security) 2023. \\[[paper](https://www.usenix.org/system/files/usenixsecurity23-chen-yizheng.pdf)\\]\n- **PolyScope: Multi-Policy Access Control Analysis to Triage Android\n Scoped Storage** . Yu-Tsung Lee, Haining Chen, William Enck, Hayawardh Vijayakumar, Ninghui Li, Zhiyun Qian, Giuseppe Petracca, and Trent Jaeger. IEEE Transactions on Dependable and Secure Computing, doi: 10.1109/TDSC.2023.3310402. \\[[paper](https://ieeexplore.ieee.org/abstract/document/10234635)\\]\n- **Triaging Android Systems Using Bayesian Attack Graphs.** Yu-Tsung Lee, Rahul George, Haining Chen, Kevin Chan, and Trent Jaeger. IEEE Secure Development Conference (SecDev), 2023. \\[[paper](https://ieeexplore.ieee.org/abstract/document/10305618)\\]\n\n#### 2022\n\n- **SARA: Secure Android Remote Authorization** . Abdullah Imran, Habiba Farrukh, Muhammad Ibrahim, Z. Berkay Celik, and Antonio Bianchi. USENIX Security Symposium (USENIX Security) 2022. \\[[paper](https://www.usenix.org/system/files/sec22-imran.pdf)\\] \\[[video](https://youtu.be/gvYUctgJ3P8)\\] \\[[slides](https://www.usenix.org/system/files/sec22_slides-imran.pdf)\\]\n- **FReD: Identifying File Re-Delegation in Android System\n Services.** Sigmund Albert Gorski III, Seaver Thorn, William Enck, and Haining Chen. USENIX Security Symposium (USENIX Security) 2022. \\[[paper](https://www.usenix.org/system/files/sec22summer_gorski.pdf)\\] \\[[video](https://www.youtube.com/watch?v=xtv1-51W2o8)\\] \\[[slides](https://www.usenix.org/system/files/sec22_slides-gorski.pdf)\\]\n- **Poirot: Probabilistically Recommending Protections for the Android\n Framework.** Zeinab El-Rewini, Zhuo Zhang, Yousra Aafer. ACM Computer and Communication Security (CCS) 2022. \\[[paper](https://dl.acm.org/doi/pdf/10.1145/3548606.3560710)\\]\n- **Sifter: Protecting Security-Critical Kernel Modules in Android\n through Attack Surface Reduction.** Hsin-Wei Hung, Yingtong Liu, Ardalan Amiri Sani. ACM Conference on Mobile Computing And Networking (MobiCom) 2022. \\[[paper](https://dl.acm.org/doi/pdf/10.1145/3495243.3560548)\\]\n\n#### 2021\n\n- **An Investigation of the Android Kernel Patch\n Ecosystem.** Zheng Zhang, Hang Zhang, Zhiyun Qian, and Billy Lau. USENIX Security Symposium (USENIX Security) 2021. \\[[paper](https://www.usenix.org/system/files/sec21-zhang-zheng.pdf)\\] \\[[video](https://www.youtube.com/watch?v=sx2unUrsQhc)\\] \\[[slides](https://www.usenix.org/system/files/sec21_slides_zhang-zheng.pdf)\\]\n- **Demystifying Android's Scoped Storage Defense.** Yu-Tsung Lee, Haining Chen, and Trent Jaeger. IEEE Security \\& Privacy, vol. 19, no. 05, pp. 16-25, 2021. \\[[paper](https://ieeexplore.ieee.org/abstract/document/9502925)\\]\n\n#### 2019\n\n- **Protecting the stack with PACed canaries.** H. Liljestrand, Z. Gauhar, T. Nyman, J.-E. Ekberg, and N. Asokan. \\[[paper](https://dl.acm.org/doi/pdf/10.1145/3342559.3365336)\\]"]]