Research Assistant


After working on Android application analysis during the SCG seminar and master’s thesis, I now continue to contribute within this field during my PhD research.

My interest includes large Android app collections that are mined for security issues. These issues are evaluated based on different feature sets and thus contain a valuable source for later software assessments.

Supervisors: Dr. Mohammad Ghafari, Prof. Dr. Oscar Nierstrasz

Project Proposals

Seminar

• Phishing: Improving dynamic phishing
• Android: HTTPS to HTTP downgrade
• Android: Investigating the quantity and quality of localizations
• Android: Understanding the use of code comments
• Android: Investigation of apps’ AIDL use
• Individual projects available on request

BSc

• Interactive visualizations for debugging
• Individual projects available on request

MSc

• Android: Improvement of Security Smell detections and evaluation on practitioners
• Predicting insecure code in answers of Q&A web sites
• Real time classification of, and adaptation to programmer tasks in IDEs
• Individual projects available on request

Previous Proposals

• MSc: Android: Targeted attacks supported by recovered data structures of web API’s
• MSc: Android: Scrutinizing web APIs used in mobile apps
• BSc: Investigating password policies of web services
• BSc: Learning from nature: How nature resolves security issues
• BSc: Dynamic Phishing
• BSc: The life of a bug report
• BSc: Migration from insecure to secure API uses
• Seminar: Android: Investigating password policies found in Android apps
• Seminar: Android: Bypassing HTTPS certificate pinning
• Seminar: Purpose of different programming languages in Android projects
• Seminar: Privacy concerns in public web APIs
• Seminar: Android Studio plug-in for code reviews

Contact

Publications

2020

1. Pascal Gadient, Mohammad Ghafari, Marc-Andrea Tarnutzer, and Oscar Nierstrasz. Web APIs in Android through the Lens of Security. In 27th edition of the IEEE International Conference on Software Analysis, Evolution and Reengineering (SANER), p. , March 2020. DOI PDF →

2019

1. Pascal Gadient, Mohammad Ghafari, Patrick Frischknecht, and Oscar Nierstrasz. Security Code Smells in Android ICC. In Empirical Software Engineering 24 p. 3046—3076, 2019. DOI PDF →
2. Nitish Patkar, Pascal Gadient, Mohammad Ghafari, and Oscar Nierstrasz. Towards a Catalogue of Mobile Elicitation Techniques. In 25th International Conference on Requirements Engineering: Foundation for Software Quality (REFSQ), 2019. DOI PDF →

2017

1. Pascal Gadient. Security in Android Applications. Masters thesis, University of Bern, August 2017. PDF →
2. Mohammad Ghafari, Pascal Gadient, and Oscar Nierstrasz. Security Smells in Android. In 17th IEEE International Working Conference on Source Code Analysis and Manipulation (SCAM), p. 121-130, September 2017. DOI PDF →