Speakers

Professor Chunyang Chen

Monash University, Australia

Talk title: Towards Quality Assurance of On-device AI Models in Android Apps

Abstract: Mobile apps are now indispensable for people's daily life. To make it more powerful, many deep learning models are now embedded into mobile apps. Compared to offloading deep learning from smartphones to the cloud, performing machine learning on-device can help improve latency, connectivity, and power consumption. However, deploying models to devices may expose model details due to the mature reverse engineering of Android apps, resulting in potential security concerns. In this talk, I will present our latest works on attacking on-device models in Android Apps. Based on a large-scale empirical study of AI deployment on real-world Android apps, we proposed different attacks, including adversarial and backdoor attacks, to mislead on-device deep learning models, and potential defence to these attacks.

Bio:Dr Chunyang Chen is a tenured senior lecturer in the Faculty of IT, Monash University, Australia. His main research interest lies in automated software engineering, especially data-driven mobile app development. Besides, he is also interested in Human-Computer Interaction and software security. He has published 70+ research papers in top venues such as ICSE, FSE, ASE, CHI, CSCW with extensive collaboration with industry, including Google, Microsoft, Meta, and Alibaba. His research has won awards including ACM SIGSOFT Early Career Researcher Award, Facebook Research Award, four ACM SIGSOFT Distinguished Paper Awards (ICSE'23/21/20, ASE'18), and multiple best paper/demo awards.

Professor Narseo Vallina-Rodriguez

IMDEA Networks, Madrid, Spain

Talk title: How Evidence-based Research Can Enhance Mobile Privacy and Security

Abstract: Mobile applications have revolutionized our way of life; however, they also pose significant privacy and security risks to end-users, despite regulatory requirements. In this talk, Narseo Vallina-Rodriguez will revisit his research efforts in the field of mobile security and privacy. The talk will specifically focus on three key areas: unveiling the mobile tracking ecosystem, automatically assessing apps' regulatory compliance, and understanding the risks associated with the open-source nature of the Android operating system and device manufacturer customizations. We will describe and discuss how scalable analysis techniques, which leverage the complementary strengths of static and dynamic analysis methods, not only provide evidence to effectively address numerous privacy and security vulnerabilities in mobile systems but also assist policymakers, regulators, and industry stakeholders in making informed decisions to protect end-users. We will conclude with a discussion of socio-technical barriers to enforcing privacy regulations and policies, including the General Data Protection Regulation (GDPR).

Bio:Narseo Vallina-Rodriguez is currently an Associate Research Professor at IMDEA Networks and co-founder of AppCensus. His research focuses on the intersection of online privacy, cybersecurity, networking, and tech policy. Narseo has made significant academic contributions, receiving best paper awards at relevant peer-reviewed cybersecurity conferences. Notably, he was awarded the 2020 Best-Practical Paper Award at the IEEE Symposium on Security and Privacy (S\&P) and the Distinguished Paper Award at USENIX Security in 2019. Narseo's contributions extend beyond academia, having profound industrial and policy implications. As a result, his merits have been recognized by influential industry stakeholders and regulators, receiving research awards such as the AEPD Emilio Aced Award, the Caspar Bowden Award, and the CNIL-INRIA Privacy Protection Award, as well as a 2018 Google Faculty Fellowship in the area of Privacy. His research has also garnered attention from international media outlets such as The Washington Post, The New York Times, The Guardian, and the Financial Times. Narseo Vallina-Rodriguez obtained his Ph.D. from the University of Cambridge in 2014.