In conversation with our young researchers: Jordan Samhi

14 July 2023

How to detect and prevent malicious apps from reaching users? How to enhance the security and privacy of Android app users?

Jordan Samhi, a research associate within the TruX research group of the Interdisciplinary Centre for Security, Reliability and Trust at the University of Luxembourg, has been making significant contributions in the field of static analysis, Android applications, cybersecurity, and software engineering. His research focuses on ways to improve the safety and reliability of mobile software and to provide better tools for analysing and securing Android apps.

Enhancing the security and privacy of millions of Android app users

In recent years, there have been numerous instances where malicious apps have been found on official app markets such as the Google Play store. These apps were able to bypass the security measures put in place by the app market and reach millions of users, potentially putting their devices and personal information at risk.

One such example is the “Joker” malware, which was discovered in 2019 and affected over 1,700 apps on the Google Play store. The malware was designed to silently subscribe victims to premium services without their knowledge, generating revenue for the attackers. The malware was able to evade detection by using sophisticated techniques to hide its malicious code and communicate with the attackers’ servers.

These incidents highlight the importance of robust security measures for mobile devices, particularly in the context of app markets. While app markets such as the Google Play store have measures in place to detect and remove malicious apps, these are not foolproof and can be bypassed by determined attackers.

Jordan Samhi has been working on developing more effective methods for detecting and preventing malicious apps from reaching users. By developing novel approaches, tools, and techniques, Jordan has been able to evaluate the effectiveness and impact of his research findings on real-world problems related to software engineering and security. For instance, he found new logic bombs in many real-world Android applications. 

Additionally, Jordan’s research provides valuable insights and tools for developers and analysts, allowing them to create safer, more robust apps and promote a more secure mobile ecosystem.

Jordan’s research project has been funded through an AFR grant from the Luxembourg National Research Fund (FNR).

The power of collaboration: enhancing research insights

Jordan Samhi is part of TruX – a software engineering and software security research group that develops innovative approaches and tools towards helping the research and practice communities build trustworthy software. His group provides the opportunity to work at the intersection of software engineering and software security. This interdisciplinarity aligns with his research interests and allows him to work autonomously. Case in point: two years ago, Jordan and his fellow researchers successfully combined their strengths and authored a paper on malware detection using computer vision techniques – an area outside of his primary expertise. This collaboration has been crucial to the success of the project. Jordan acknowledges that their supervisors were very supportive, giving them a lot of freedom to work together and explore the possibilities of interdisciplinary research.

Throughout his research journey in Luxembourg, Jordan has had the opportunity to collaborate with many researchers from different fields. While primarily working with Prof. Jacques Klein and Prof. Tegawendé F. Bissyandé in Luxembourg, Jordan has established collaborations worldwide. During the last year of his PhD, he spent four months at the University of Washington (in Seattle, WA) under the advisory of Prof. Michael D. Ernst and Prof. René Just. These collaborations have significantly enriched his research experience and provided valuable perspectives, helping him tackle complex problems in software engineering and security.

Research Luxembourg: gaining a foothold on the international scene

Jordan Samhi’s researcher journey began with Université de Lorraine in Metz, France, where he specialised in cybersecurity. This background has been instrumental in driving his research at the intersection of software engineering and security. Upon completion of his PhD at the University of Luxembourg, his passion for research, knowledge creation, and teaching drove him to explore new frontiers in the ever-evolving field of computer science.

Jordan chose Luxembourg as a research destination because it fosters interdisciplinarity and research in computer science conducted in the country is becoming highly valued on the international scene.

Luxembourg has emerged as a prime location for research, particularly in computer science. Despite its small size, the country’s research labs are expanding, and its international visibility is increasing. This was evident during my attendance at the 44th International Conference on Software Engineering in Pittsburgh in 2022, where Luxembourg’s growing research presence was clearly noticeable.

Jordan Samhi

To him, the research infrastructure available in Luxembourg is impressive, providing access to numerous servers and even a high-performance computing (HPC) system for handling computationally demanding tasks.

More about High-Performance Computing research in Luxembourg

Luxembourg is actively promoting research across various domains. The country’s highly international nature, including within the research community, offers valuable opportunities for learning from diverse perspectives. According to Jordan, Luxembourg fosters a rich environment for researchers, as gaining new insights and knowledge is at the core of the profession.

Similar articles