Mobile devices such as smartphones and Internet tablets have achieved computing and networking capabilities comparable to traditional personal computers. Their successful consumerization has also become a source of pain for adopting users and organizations. For example, the widespread presence of information-stealing applications raises substantial security and privacy concerns. The operating systems supporting these new devices have both advantages and disadvantages with respect to security. On one hand, they use application sandboxing to contain exploits and limit privileges given to malware. On the other hand, they routinely collect and organize many forms of security- and privacy-sensitive information and make that information easily accessible to third-party applications.

Recognizing smartphone security and privacy as an emerging area, this workshop intends to provide a venue for interested researchers and practitioners to get together and exchange ideas. The workshop will deepen our understanding of various security and privacy issues on smartphones. Topics of interest include (but are not limited to) the following subject categories:

We also would like to especially encourage novel paradigms and controversial ideas that are not on the above list. The workshop is to act as a venue for creative debate and interaction in security- and privacy-sensitive areas of computing and communication impacted by smartphones.

Important Dates

Manuscript Submission: July 22, 2013
Acceptance Notification: August 15, 2013
Final Manuscript due: August 30, 2013
Workshop Date: November 8, 2013


Authors are invited to submit either Full Research Papers (of up to 12 pages) or Short Papers (of up to 6 pages). Full Research Papers that present relatively complete and mature research results on security and privacy in smartphones and mobile devices are solicited. Short Papers that define new problems in security and privacy related to smartphones and mobile devices or provide inspiring visions are also solicited.

Submissions must be in double-column ACM format (available at the ACM Website) with a font no smaller than 9 point. Only PDF files will be accepted. Submissions need to have their pages numbered and should not substantially overlap with papers that have been published or that are simultaneously submitted to a journal or a conference with proceedings. All authors and their affiliations must be listed. Each accepted paper must be presented by one registered author. Submissions not meeting these guidelines risk rejection without consideration of their merits. Accepted papers will be published by the ACM Press and/or the ACM Digital Library.

The submission website is here.

For questions, email

Organizing Commitees

Program Co-chairs

N. Asokan, Aalto University and University of Helsinki
Adrienne Porter Felt, Google

General Chair

William Enck, North Carolina State University

Publications Chair

Lucas Davi, TU Darmstadt

Technical Program Committee

Sruthi Bandhakavi, Google
David Barrera, Carleton University
Ravishankar Borgaonkar, Technische Universität Berlin
Billy Brumley, Qualcomm
Mike Dietz, Rice University
Hao Chen, University of California, Davis
Jan-Erik Ekberg, TrustOnIC
Aurélien Francillon, Eurecom
Mario Frank, University of California, Berkeley
Rajarshi Gupta, Qualcomm Research Silicon Valley
Urs Hengartner, University of Waterloo
Ling Huang, Intel Labs
Maritza Johnson, Facebook
Jaeyeon Jung, Microsoft Research
Mike Just, Glasgow Caledonian University
Kari Kostiainen, Swiss Federal Institute of Technology, Zurich (ETHZ)
Janne Lindqvist, Rutgers University
Patrick McDaniel, Pennsylvania State University
Panos Papadimitratos, Royal Institute of Technology, Sweden
Franzi Roesner, University of Washington
Patrick Traynor, Georgia Institute of Technology
Marcel Winandy, Ruhr-Universität Bochum
Glenn Wurster, BlackBerry
Xinwen Zhang, Huawei


To register for the SPSM 2013 workshop, please click here (the link will redirect you to the ACM CCS registration website)

Technical Program

Note that the below schedule is tentative.

Friday, November 8, 2013

7:30 - 8:30 Breakfast
8:30 - 8:35 Welcome: N. Asokan (Aalto University and University of Helsinki)
8:35 - 09:45 Keynote, Jon Geater, Chief Technology Officer at Trustonic
Session Chair: N. Asokan (Aalto University and University of Helsinki)
Title: Security Composition in the Real World: Squaring the Circle of Mobile Security with Contemporary Device Economics

Abstract: In a very short space of time consumer mobile devices have changed the way we live and work, resulting in huge amounts of sensitive data - personal and corporate - flowing through these tiny devices. As the value of data on these devices grows so do the threats they face, and the unique way the mobile industry works presents many challenges to achieving verifiable security while enabling an open ecosystem. Promising techniques involve combining hardware and software mechanisms (widely available in ARM chips) but with many parts coming from many suppliers there are still many challenges in designing and validating whole-system security. This talk examines the past and near future of hardware assisted mobile security techniques and highlights some of the key areas of research needed to improve quality and confidence in these fast-evolving composed systems.

Bio: Jon Geater is Chief Technology Officer at Trustonic, a leading supplier of TEE technology, where he is responsible for long term technology strategy. Prior to this Jon held a number of senior technical roles in the Information Security area specializing in cryptography and key management with companies such as ARM, Thales and nCipher providing real world enterprise security solutions to financial services, telecoms, hi-tech and government organizations worldwide. Jon is also a keen supporter of standards, is a founder of the OASIS Key Management Interoperability Protocol TC and is a former member of the Board of Directors at GlobalPlatform.

09:45 - 10:30 Technical Session I: Platform Hardening
Session Chair: Kari Kostiainen (ETH Zurich)
Deadbolt: Locking Down Android Disk Encryption
Adam Skillen (Carleton University), David Barrera (Carleton University) and Paul C. Van Oorschot (Carleton University)
(Short Paper) Native Code Execution Control for Attack Mitigation on Android
Rafael Fedler (Fraunhofer AISEC), Marcel Kulicke (Fraunhofer AISEC) and Julian Schütte (Fraunhofer AISEC)
10:30 - 11:00 Coffee Break
11:00 - 12:30 Technical Session II: Malware Detection
Session Chair: Bruno Crispo (University of Trento)
Sound and Precise Malware Analysis for Android via Pushdown Reachability and Entry-Point Saturation
Shuying Liang (University of Utah), Andrew Keep (University of Utah), Matthew Might (University of Utah), David Van Horn (Northeastern University), Steven Lyde (University of Utah), Thomas Gilray (University of Utah) and Petey Aldous (University of Utah)
The Curse of 140 Characters: Evaluating The Efficacy of SMS Spam Detection on Android
Akshay Narayan (School of Computing, National University of Singapore) and Prateek Saxena (School of Computing, National University of Singapore)
(Short Paper) This Network is Infected: HosTaGe - a Low-Interaction Honeypot for Mobile Devices
Emmanouil Vasilomanolakis (Technische Universität Darmstadt), Shankar Karuppayah (Technische Universität Darmstadt), Mathias Fischer (Technische Universität Darmstadt), Max Muhlhauser (Technische Universität Darmstadt), Mihai Plasoianu (Technische Universität Darmstadt), Wulf Pfeiffer (Technische Universität Darmstadt) and Lars Pandikow (Technische Universität Darmstadt)
(Short Paper) AndroTotal: A Flexible, Scalable Toolbox and Service for Testing Mobile Malware Detectors
Federico Maggi (Politecnico di Milano), Andrea Valdi (Politecnico di Milano) and Stefano Zanero (Politecnico di Milano)
12:30 - 14:00 Lunch
14:00 - 14:50 Technical Session III: Attacks
Session Chair: Marcel Winandy (Ruhr-Universität Bochum)
Sleeping Android: The Danger of Dormant Permissions
James Sellwood (ISG, Royal Holloway) and Jason Crampton (ISG, Royal Holloway)
PIN Skimmer: Inferring PINs Through The Camera and Microphone
Laurent Simon (Cambridge University) and Ross Anderson (Cambridge University)
14:50 - 15:30 Technical Session IV: Privacy
Session Chair: Jean-Pierre Hubaux (École Polytechnique Fédérale de Lausanne)
(Short Paper) A Case of Collusion: A Study of the Interface Between Ad Libraries and their Apps
Theodore Book (Rice University) and Dan Wallach (Rice University)
(Short Paper) Please Slow Down! The Impact on Tor Performance from Mobility
Stephen Doswell (Northumbria University), Nauman Aslam (Northumbria University), David Kendall (Northumbria University) and Graham Sexton (Northumbria University)
15:30 - 16:00 Coffee Break
16:00 - 17:00 Technical Session V: Authentication
Session Chair: William Enck (North Carolina State University)
(Short Paper) Secure Enrollment and Practical Migration for Mobile Trusted Execution Environments
Claudio Marforio (ETH Zurich), Nikolaos Karapanos (ETH Zurich), Claudio Soriente (ETH Zurich), Kari Kostiainen (ETH Zurich) and Srdjan Capkun (ETH Zurich)
(Short Paper) Securitas: User Identification through RGB-NIR Camera Pair on Mobile Devices
Shijia Pan (Carnegie Mellon University), An Chen (Qualcomm Technologies, Inc.) and Pei Zhang (Carnegie Mellon University)
(Short Paper) Passwords and Interfaces: Towards Creating Stronger Passwords by Using Mobile Phone Handsets
S M Taiabul Haque (University of Texas at Arlington), Matthew Wright (University of Texas at Arlington) and Shannon Scielzo (University of Texas at Arlington)
17:00 - 17:05 Closing Remarks: William Enck (North Carolina State University)