The award is for research in automated security testing of hybrid Android applications.

Many modern Android applications are written as hybrid applications, a combination of a Java-based Android app and HTML/JavaScript. Hybrid apps use an embedded webview, essentially a bare bones web browser, and expose an interface for JavaScript to interact with the app. Since developers typically control both the app and the JavaScript code, they consider these interfaces to be private. However, malicious attackers may manipulate contents loaded through network connections and can thus interact with the interface almost arbitrarily. The goal of this project is to develop methods for assessing the impact of insecure interfaces: while many functions exposed through such interfaces are harmless, some can allow an attacker to obtain or manipulate sensitive information, or even to load additional privilege escalation exploits.

Dr Kinder's research focuses on assessing and improving the reliability and security of software, in particular with the help of automated tools. This requires him to cross back and forth between the fields of programming languages, software engineering, and systems security. His principal interests lie in program analysis for real-world systems, runtime monitoring and instrumentation, and specification and detection of malware. .

Google's Faculty Research Awards Program is a competitive world-wide research funding programme, through which Google reaches out to universities to support high-caliber research in Computer Science and facilitate interaction with academia. Google Faculty Research Awards are structured as unrestricted gifts to support the research of world-class permanent faculty members at top universities around the world.

Johannes is a member of our Centre for Software Language Engineering.