rene_mobile’s Twitter Archive

Popular Tweets

A list of popular tweets by retweets and favorites.

1. Our paper on the Android Platform Security Model is now finally public: arxiv.org/abs/1904.05572. Many thanks to all the (partially anonymous) reviewers whose feedback has helped significantly to improve on earlier drafts as well as the many AOSP contributors. @DaveKSecure/1116531835071127552
   Permalink On twitter.com ♻️ 100 Retweets ❤️ 184 Favorites 2019 Apr 12 Mood +4 🙂
2. …in reply to @rene_mobile
   PS: Dear @nest, it is, technically speaking, perfectly possible to turn on heating locally without cloud services. See e.g. @openHAB
   Permalink On twitter.com ♻️ 55 Retweets ❤️ 79 Favorites 2016 Jan 18 Mood +5 🙂
3. Secure key handling for backdoors with multiple parties has not been shown workable in practice. Not a single time - and many have tried - did this work out securely at scale (at least we don't know any cases in public). So from our current best knowledge, we can't do it. @zackwhittaker/1235308493906812931
   Permalink On twitter.com ♻️ 46 Retweets ❤️ 80 Favorites 2020 Mar 5 Mood +5 🙂
4. Anybody, not just Apple (and our own P0, obviously): please do that for Android! We all benefit from learning about and fixing security vulnerabilities. If you find anything, please reach out and we'll happily support publication of details as soon as the fix is out, as usual. @mattblaze/1170109132260683776
   Permalink On twitter.com ♻️ 46 Retweets ❤️ 167 Favorites 2019 Sep 7 Mood +7 🙂
5. Happy to have our last version of "The Android Platform Security Model" now included in the official August 2021 edition of ACM Transactions on Privacy and Security: dl.acm.org/doi/10.1145/3448609. Fully open access - download, read, share, feel free to use however it's helpful 😉
   Permalink On twitter.com ♻️ 33 Retweets ❤️ 132 Favorites 2021 Aug 26 Mood +9 🙂
6. Nice - creating cloned fingerprints using off-the-shelf inkjet printer and have them work on current smart phones: cse.msu.edu/rgroups/biometrics/Publications/Fingerprint/CaoJain_HackingMobilePhonesUsing2DPrintedFingerprint_MSU-CSE-16-2.pdf
   Permalink On twitter.com ♻️ 30 Retweets ❤️ 15 Favorites 2016 Mar 7 Mood +4 🙂
7. cacm.acm.org/magazines/2021/6/252840-collusion-rings-threaten-the-integrity-of-computer-science-research/fulltext - Active collusion in academic peer review is disturbing. We knew it was always possible, but quite a lot of the research culture depends on honesty. I shudder to think how we should do research in an actively adversarial setting.
   Permalink On twitter.com ♻️ 23 Retweets ❤️ 41 Favorites 2021 May 25 Mood -1 🙁
8. security.googleblog.com/2018/12/new-keystore-features-keep-your-slice.html: New blog post documenting two new Keystore features in Android Pie - Keyguard-bound keys and secure key import.
   Permalink On twitter.com ♻️ 22 Retweets ❤️ 32 Favorites 2018 Dec 12 Mood +2 🙂
9. Thread: So, for my first time, I went to #BHUSA2018 (@BlackHatEvents) and #DEFCON26. I took my main phone and laptop, and on conference day 1 went completely non-anonymous with an Android platform security team T-shirt on. Let me tell you what happened. 1/n
   Permalink On twitter.com ♻️ 22 Retweets ❤️ 55 Favorites 2018 Aug 10 Mood 0
10. Most talks from our #AndroidSecuritySymposium are now online at youtube.com/c/usmileAT-mobile-security with slides linked from usmile.at/symposium/program
    Permalink On twitter.com ♻️ 21 Retweets ❤️ 15 Favorites 2015 Sep 18 Mood 0
11. The Android Enterprise Security Whitepaper is now online: source.android.com/security/reports/Google_Android_Enterprise_Security_Whitepaper_2018.pdf
    Permalink On twitter.com ♻️ 20 Retweets ❤️ 24 Favorites 2018 Oct 11 Mood 0
12. It now takes 11 bugs/issues chained together to persistently exploit a modern Android phone. This is a nice validation for our defense in depth strategy. Bugs will happen, but they don't have to be (at least not directly) exploitable. Very nice work by the authors of this chain! @munmap/981360749938294784
    Permalink On twitter.com ♻️ 20 Retweets ❤️ 52 Favorites 2018 Apr 4 Mood +4 🙂
13. engadget.com/2016/01/14/nest-software-bug/ - how much does it take to realize that life-critical functionality dependent on "the cloud" is not a good idea?
    Permalink On twitter.com ♻️ 20 Retweets ❤️ 24 Favorites 2016 Jan 18 Mood +3 🙂
14. Btw, most talks are being recorded and will be made available in our #AndroidSecuritySymposium YouTube channel at youtube.com/c/usmileAT-mobile-security
    Permalink On twitter.com ♻️ 18 Retweets ❤️ 21 Favorites 2017 Mar 8 Mood 0
15. Welcome, Pixel 3! I am particularly excited by the Titan chip, which implements StrongBox including Insider Attack Resistance (android-developers.googleblog.com/2018/05/insider-attack-resistance.html). And there are more security features like Protected Confirmation added with Pie (android-developers.googleblog.com/2018/08/introducing-android-9-pie.html). @sundarpichai/1049694448068612096
    Permalink On twitter.com ♻️ 17 Retweets ❤️ 29 Favorites 2018 Oct 9 Mood +7 🙂
16. First introduced at scale with the Google Pixel and Android kernel, CFI now hits mainline to protect all other distributions as well. Thanks Sami and @kees_cook for making this happen. @lwnnet/1395750449379217408
    Permalink On twitter.com ♻️ 16 Retweets ❤️ 56 Favorites 2021 May 21 Mood +3 🙂
17. "Our most important insight is that careful developer workflow integration is key for static analysis tool adoption." on static code analysis at @Google: cacm.acm.org/magazines/2018/4/226371-lessons-from-building-static-analysis-tools-at-google/fulltext
    Permalink On twitter.com ♻️ 15 Retweets ❤️ 63 Favorites 2018 Mar 30 Mood +4 🙂
18. I would like to add that the Pixel 3a gets *all* the security features of Pixel 3, including the Titan M secure element with insider attack resistance, Protected Confirmation, AVB verified boot with firmware transparency, and quick updates. This is a great pair of devices. @backlon/1125830028720140288
    Permalink On twitter.com ♻️ 13 Retweets ❤️ 69 Favorites 2019 May 8 Mood +7 🙂
19. …in reply to @magentatelekom
    @tmobileat Twitter is not the right medium for this. I am offering a phonecall to explain why this approach to password security is a very bad idea (happily in German as well). If you are interested, we'll find a slot that works across time zones.
    Permalink On twitter.com ♻️ 8 Retweets ❤️ 64 Favorites 2018 Apr 7 Mood -1 🙁
20. Officially started at @Google today as Director of Android Platform Security. The next 2 weeks will be busy with learning details.
    Permalink On twitter.com ♻️ 5 Retweets ❤️ 62 Favorites 2017 Oct 31 Mood 0
21. Happy 2nd Birthday! @xdadevelopers/1074885256371716096
    Permalink On twitter.com ♻️ 4 Retweets ❤️ 60 Favorites 2018 Dec 19 Mood +3 🙂
22. github.com/pyca/cryptography/issues/5771: There's quite a bit more drama than seems warranted for security packages moving away from memory unsafe languages. Yes, Rust is a new build dependency, and that causes change/breakage in existing build pipelines. But we really need to stop writing new C.
    Permalink On twitter.com ♻️ 3 Retweets ❤️ 52 Favorites 2021 Feb 16 Mood -2 🙁
23. After nearly 2 years in Mountain View, my family and I are moving back to Austria. While I am transitioning back to my academic role at @jkulinz as main job, I will remain involved with Android platform security to focus on mid- to long-term strategic vision.
    Permalink On twitter.com ♻️ 2 Retweets ❤️ 63 Favorites 2019 Jul 11 Mood +1 🙂