About Me

I'm Philipp Mao, a PhD student at EPFL working at the Hexhive group. My current research focusses on Android security, poking at the seams underneath the app layer.

I play ctf with 0rganizers/poylgl0ts under the username P.Howe.

Contact: philipp.mao@epfl.ch

Writeups

Profile Picture

Publications

2026

TÄMU: Emulating Trusted Applications at the (GlobalPlatform)-API Layer, Oakland'26
P. Mao, L. Shi, M. Busch, M. Payer [PDF][Artifact]

2025

NASS: Fuzzing All Native Android System Services with Interface Awareness and Coverage, USENIX'25
P. Mao, M. Busch, M. Payer [PDF][Artifact]

Hercules Droidot and the murder on the JNI Express, USENIX'25
L, di Bartolomeo P. Mao, Y. Tung, J. Ayala, S. Doria, P. Celada, M. Busch, J. Garcia, E. Losiouk, M. Payer [PDF][Artifact]

2024

GlobalConfusion: TrustZone Trusted Application 0-Days by Design, USENIX'24
M. Busch, P. Mao, M. Payer [PDF][Artifact]

Spill the TeA: An Empirical Study of Trusted Application Rollback Prevention on Android Smartphones, USENIX'24
M. Busch, P. Mao, M. Payer [PDF][Artifact]

Exploiting Android’s Hardened Memory Allocator, WOOT'24 (best paper)
P. Mao, E. Boschung, M. Busch, M. Payer [PDF][Artifact]

Talks

2026

Exploiting Android Apps with Counterfeit Art, Offensivecon26
P. Mao, R. Fall [Recording]

2025

Not To Be Trusted - A Fiasco in Android TEEs, C39C
P. Mao, M. Busch, M. Payer [Recording] [Artifact]

2024

GlobalConfusion: TrustZone Trusted Application 0-Days by Design, BlackAlps24
M. Busch, P. Mao [Recording]

Exploiting Android's Hardened Memory Allocator, NoHat24
P. Mao [Recording]

2022

No Passwords, More Problems, Area41,2022
P. Mao [Recording]