Skip to end of metadata
Go to start of metadata

This is the course space for the University of Helsinki Dept. of Computer Science and Aalto University Dept. of Computer Science and Engineering course on Mobile Platform Security. The course code is 582704 for University of Helsinki and T-110.6220 for Aalto University. The course is worth 4(+1) credits, where the optional 1 extra credit can be earned for completing a set of programming assignments.

Course staff: N. Asokan, Sini Ruohomaa (Byakushin), Thomas Nyman.

The course has


The lectures are held in the Exactum building in Kumpula, Gustaf Hällströmin katu 2B (main entrance from Pietari Kalmin katu), second floor.

See the UH course page for lecture hours, start date and locations:

  • Tuesdays are the normal lectures; see lecture outline below.
  • Note that the second lecture slot on Thursdays is used as a combined exercise session and programming assignment workshop, for which 80% attendance is compulsory. (In addition to this you will have to attend the lecture you are assigned to take notes for.)
    • Exercise sessions start on the first week of the course! 
      • A briefing on the programming assignments and a tutorial on getting started with the Android developer environment will be given during the first session, and we will do a round of introductions. Questions about assignments etc. can be asked.
      • A discussion on the second set of exercises and an additional tutorial on Android service development are held during the second session.
DateLecture (slides appear before lecture)Lecture notes (assigned to)Exercises (solutions appear after deadline)Prog. assignments (optional)

Tue 14.1.

10-12 B222

L1: Introduction to the course, and

L1: Overview of Platform Security

Sini Ruohomaa (final version)

Exercise 1, Solutions

General briefing on Thu slot: 12-14 B222

P1 is published, DL 28.1. (2 wk)

General briefing on Thu

Tue 21.1.L2: Platform Security in Android OS

Ahmad, Oat, Tillmanns, Mäkipaja, Haris

First versions in Moodle + final DL 4.2. (1+1wk)

Exercise 2, Solutions

L1 exercise solutions discussed on Thu

P2 is published, DL 4.2.

Android Services tutorial on Thu

Tue 28.1.

L3: Mobile software platform security

Architecture picture (PDF)

Tuomela, Peltonen, Hopearuoho, Maaranniitty, Reyes

DL 4.2. + 11.2.

Exercise 3, Solutions. Discussion references

L2 exercise solutions discussed on Thu

P3 is published, DL 11.2.

P1 solutions discussed on Thu

Tue 4.2.L4: Mobile hardware platform security

Lindqvist, Long, Atarah, Seemann

DL 11.2. + 18.2.

Exercise 4, Solutions, Alternate Solutions. Discussion references

L3 exercise solutions discussed on Thu

P4 is published, DL 18.2.,

P2 solutions discussed on Thu

Tue 11.2.

L5: Usability of platform security

Example from slide 53

Spec. assignment topics

Montoya, Hafeez, Udar, Radhakrishnan

DL 18.2. + 25.2.

Exercise 5, Solutions.

L4 exercise solutions discussed on Thu; choose/propose spec. assignment topic

P3 solutions discussed on Thu

Tue 18.2.

 L6: Recent research and summary

Freitag, Ukkonen, Islam, Boehm, Lindert, Zhang

DL 25.2. + 4.3.

L5 exercise solutions discussed on ThuP4 solutions discussed on Thu

For a more detailed overview of lecture outline, refer to the attached course syllabus (PDF): MobileSecurity-Syllabus.pdf.

Homework and evaluation

4 credits is equivalent to 106 h of work. We calculated the below division of labour for 79 effective working hours (3 cu-eff ;)) earlier which is maybe easier to read.

Attending lectures (6 à 2h) takes 12 h and exercise sessions (6 à 2h) takes 12 h, general administrative overhead ca. 2 h. The rest covers homework:

  • Written weekly exercises reflect on and extend the topics covered on each lecture (estimated time use: ca. 30 hours total, or roughly 6 hours /week, per exercise set, + attendance).
    • Published on Tuesdays based on the lecture and have deadline on the next Tuesday (at 23:55); returns in writing through Moodle.
    • Exercises are graded 0 (not done) - 5 (great).
    • Participation in Thursday sessions where exercises are discussed is compulsory (80% attendance required to pass course).
  • Students produce lecture notes summarizing a lecture (estimated time use: ca. 1 credit, 25 hours)
    • Think: one chapter in a book about the course for another student, can use material from course book etc as well (remember proper citations, no cut-paste!)
    • Ca. 5 students assigned to cover each lecture, individual returns (= no copying). Collaborative discussion encouraged during second week to improve notes.
    • First deadline: 1 week after lecture (Tuesday at 23:55), returns in writing through Moodle .
    • Final lecture notes will be published in the course wiki. The first versions are visible in Moodle and coarsely graded to give you quick feedback; this version can then be discussed and further polished within 1 week (same dl). The final version is then returned and graded 2 weeks after the lecture.
  • Programming assignments are optional and give an extra credit if completed (estimated time use: ca. 27 hours total).
    • 4 tasks over weeks 2-5, programming on an Android developer environment (free to download, no specialized devices required)
    • Will be briefed in the first Thursday exercise session.
    • Graded 0-5, extra credit earned if at least 3 assignments returned and average score at least 2.5 (UPDATED: returning all assignments no longer required).
    • Deadline will be Tuesday 23:55 two weeks after publication, returns in one file package through Moodle.
  • Grading: weighed 60% on weekly exercises, 40% on quality of lecture notes (10% on first version, 30% on second). Programming assignments can give you an extra credit, but do not affect course grade. There is no exam.

If you wish to do an additional project (separate course, during period 4) in a topic related to this course, submit a proposal (1-2 pages) by email to Sini and Thomas by the second-last exercise session. We will then inform you of the accepted projects at the last exercise session.

"My dog ate my Internet cable" and other inevitable circumstances

Please note that late submissions are grounds for 0 points; we need to run a tight schedule in our end to manage the course. Remember that the Internet and various servers always break down on the last evening! We recommend that you set your personal deadline a day or two earlier to have some buffer for disasters, particularly if you tend to leave work close to deadlines.

If you are unable to make it to a lecture you are assigned to take notes in, let Sini Ruohomaa know at latest on the day of the lecture and preferably well in advance so we can see if assignments can be swapped.

For other circumstances beyond your control, acquire permission for one day's extension beforehand from Sini Ruohomaa (exercises, lecture notes) or Thomas Nyman (programming assignments). (Note that "beforehand" does not mean "two hours before the deadline".) Planning ahead is an important life skill worth training continuously.

Learning objectives and methods

The course learning objectives matrix describes what we expect you to learn on this course (and demonstrate you have learned it).

  • The 'approaches the learning objectives' column is equivalent to sufficient knowledge to pass the course, while 'reaches the learning objectives' is equivalent to a 5/5 grade.

The attached course syllabus (PDF) summarizes the content of the lectures and course.

The course will be graded based on weekly written homework assignments (returned in advance and discussed in Thursday sessions), lecture notes (one lecture), and for an extra 1 credit, optional programming exercises. There will be no exam.

Supplementary book

There is a supplementary course book: Mobile Platform Security by Asokan, Davi, Dmitrienko, Heuser, Kostiainen, Reshetova and Sadeghi (2013) which has just been published.

UH and Aalto students will have free access to the book online (PDF) for a week (13.1.-). As well as to the rest of the Morgan & Claypool book collection. We recommend e.g. Jaeger's Operating Systems Security as supplementary material on access control.


The development of this course is supported by a gift from Intel as a part of its Intel Labs Security Curriculum Initiative. The course material is freely available to other educators; if you wish access to the full material, please send mail to Asokan (at or Sini Ruohomaa (
Navigate space


  • No labels