Hi, I'm Eric H. (Haotian) Deng.
I study how Android hands out power — and how to take it back without asking nicely. 70+ vulnerabilities found, and counting.
I'm a graduate student in Cyberspace Security at the University of Electronic Science and Technology of China (UESTC), advised by Prof. Hongwei Li (IEEE Fellow). I earned my B.E. from the School of Cyberspace Security at Beijing University of Posts and Telecommunications (BUPT) in 2024, working with Prof. Shengli Pan.
My research lives in software and systems security, centered on the Android permission model — the machinery that decides which app may do what, and all the ways that machinery can be talked into saying yes when it should say no. I'm also drawn to AI-for-security.
News
- — SecInfer and MADU accepted to IEEE ICC 2025.
- — ENBT-BA accepted to IEEE GLOBECOM 2023.
Research
Android decides what an app can touch — your location, your camera, your messages — through its permission system. My work is finding the gaps between what that system promises and what it actually enforces. So far that has meant 70+ vulnerabilities in Android's permission mechanisms and the components around them.
The first one I ever reported was a way to read the call log without holding the permission for it. I remember submitting the report at 4 a.m. — equal parts thrilled and exhausted.
The one I'm proudest of is bigger: taking control of an on-device agent to execute arbitrary commands — the difference between peeking through a window and holding the keys to the house.
Want to see what these look like? I keep a demo rig where the target is, fittingly, me. ⚡ Try to hack Eric →
Hack Eric
You're the attacker now. The target is Eric's phone. Type a command or click an exploit. All targets are Eric. No actual humans (or presidents) were harmed.
This part is an interactive terminal — enable JavaScript to try the pentest. (Everything else on this page works fine without it.)
Publications
Before Android had my full attention, I spent about a year each on secure multi-party computation and on network tomography — one paper apiece, and a lot of respect for how hard both fields are.
-
2025
Haotian Deng, Hongwei Li, Hanxiao Chen, Meng Hao, Pengzhi Xing, Jia Hu, Rui Zhang, Wenbo Jiang. "SecInfer: Secure and Efficient Model Inference on Vertically Partitioned Data." IEEE ICC, 2025.
-
2023
Haotian Deng, Shengli Pan. "Evaluating Network Boolean Tomography under Byzantine Attacks." IEEE GLOBECOM, 2023.
Beyond Work
When I'm not talking Android into oversharing:
- I sing, and I'll happily lose an evening to a rabbit hole of music or dance analysis.
- I'm a stubborn believer in early nights and early mornings — 养生 (yǎngshēng), the art of not wrecking your own body, is a hobby I take seriously.
- I trade US and Hong Kong stocks, mostly as an ongoing lesson in humility.
- I read history, and once read an unreasonable amount of time-travel fiction.
- Curiosity is the through-line: I know a little about a lot, and I've made peace with that.
Two ideas I keep coming back to: from Sartre, that existence precedes essence — we are what we make of ourselves, not what we were assigned to be; and from Marx, that the philosophers have only interpreted the world, while the point is to change it. I care a great deal about individual psychology, and both ideas sit well with that.
Contact
Say hi — I like meeting people who read this far.