Hi, I’m Aniketh Girish
I am a Ph.D. student at IMDEA Networks Institute in Madrid, Spain, advised by Dr. Narseo Vallina-Rodriguez since 2020. My research falls at the intersection of (1) hybrid black-box testing, (2) empirical analysis of covert privacy risks in smart home and mobile ecosystems, and (3) regulatory compliance. I have published in top peer-reviewed venues (e.g., PETS, IMC, USENIX Security), and Q1 journals (IEEE Transactions on Software Engineering). I got the Best Poster Award at the TMA’22 Ph.D. school for my novel approach to IoT testing.
During my Ph.D., I was a visiting researcher at Northeastern University’s Cybersecurity and Privacy Institute (USA), advised by Prof. David Choffnes. Prior to that, I held research positions at the Rochester Institute of Technology (USA) and IIJ Innovation Institute (Japan). I was selected twice for Google Summer of Code, contributing to KDE and GNU Linux, and spent a summer at Ben-Gurion University (Israel) exploring applications of machine learning in cybersecurity.
My research has influenced industry practices, regulatory bodies, and policy makers at scale. My work revealed covert tracking techniques in modern smart devices, prompting action from major companies—including Apple, Google, Philips, TP-Link, and over 20 other IoT vendors—to strengthen privacy protections across their ecosystems. For instance, Philips redesigned its identifier scheme to prevent long-term device tracking. Google removed dozens of privacy-invasive apps and SDKs from the Play Store, awarded me two bug bounties—one for exposing covert local network scans, and another for revealing canvas fingerprinting via embedded WebViews—and introduced a dedicated local network permission in Android 16 as a direct result of my work.
My research has also informed enforcement policies at leading regulatory authorities such as the European Data Protection Supervisor (EDPS), the Spanish Data Protection Agency (AEPD), and French Data Protection Agency (CNIL), helping shape discussions around consent, tracking, and platform accountability. My work has also received international media coverage, including in Wired, CBC News, and El País.
More details are enclosed in my CV.
I’m open to full-time opportunities in the next 6~12 months, feel free to contact me if you think I’d be a fit!
Featured Publications
Prompted Android 16's new local network permission. Mixed Signals: Analyzing Software Attribution Challenges in the Android Ecosystem . IEEE Transactions on Software Engineering, 2023. Challenges in inferring privacy properties of smart devices: Towards scalable multi-vantage point testing methods . Proceedings of the 3rd International CoNEXT Student Workshop, 2022. Towards an extensible privacy analysis framework for Smart Homes . Proceedings of the 22nd ACM Internet Measurement Conference (IMC), 2022. ImposTer: Towards an Extensible Privacy Analysis framework for Smart home ecosystem . 10th Traffic Monitoring and Analysis PhD School “Network Intelligence and Measurements", 2022.
Best Poster Award A Longitudinal and Comprehensive Study of the DANE Ecosystem in Email . In Proceedings of the USENIX Security Symposium (Security'20), 2020.
Featured Projects
A high performant lightweight userspace Network stack over Go exhibiting full kernel bypass.
goRFC, an RFC prettifie written in Go.