Security Metrics for the Android Ecosystem

  title={Security Metrics for the Android Ecosystem},
  author={Daniel R. Thomas and Alastair R. Beresford and Andrew C. Rice},
  journal={Proceedings of the 5th Annual ACM CCS Workshop on Security and Privacy in Smartphones and Mobile Devices},
  • Daniel R. ThomasA. BeresfordA. Rice
  • Published 12 October 2015
  • Computer Science
  • Proceedings of the 5th Annual ACM CCS Workshop on Security and Privacy in Smartphones and Mobile Devices
The security of Android depends on the timely delivery of updates to fix critical vulnerabilities. In this paper we map the complex network of players in the Android ecosystem who must collaborate to provide updates, and determine that inaction by some manufacturers and network operators means many handsets are vulnerable to critical vulnerabilities. We define the FUM security metric to rank the performance of device manufacturers and network operators, based on their provision of updates and… 

An Empirical Study of Android Security Bulletins in Different Vendors

A comprehensive study of 3,171 Android-related vulnerabilities is performed and it is found that the studied vendors in the Android ecosystem have adopted different structures for vulnerability reporting, and vendors are less likely to react with delay for CVEs with Android Git repository references.

Honey, I Shrunk Your App Security: The State of Android App Hardening

This paper assesses the RASP market for Android by providing an overview of the available products and their features, and describes an in-depth case study for a leading RasP product—namely Promon Shield—which is being used by approximately 100 companies to protect over 100 million end users worldwide.

The Android OS stack and its vulnerabilities: an empirical study

The largest study so far aimed at analyzing software vulnerabilities in the Android OS is presented, which analyzes a total of 1,235 vulnerabilities from four different perspectives: vulnerability types and their evolution, CVSS vectors that describe the vulnerabilities, impacted Android OS layers, and their survivability across the AndroidOS history.

LaChouTi: kernel vulnerability responding framework for the fragmented Android devices

The results show that: (1) the security risk of unpatched vulnerabilities caused by fragmentation is serious; and (2) the proposed LaChouTi is effective in responding to such security risk.

The Android Platform Security Model

This article aims to both document the abstract model of the Android security model and discuss its implications, and analyze how the different security measures in past and current Android implementations work together to mitigate these threats.

Security in Android Applications Master

To promote secure programming practices, a lightweight static analysis tool is developed and identified avoidable vulnerabilities in Android-run devices and the security code smells that indicate their presence.

Studying TLS Usage in Android Apps

This paper uses data collected by Lumen, a mobile measurement platform, to analyze how 7,258 Android apps use TLS in the wild and analyzes and fingerprint handshake messages to characterize the TLS APIs and libraries that apps use, and evaluates weaknesses.

An Economic Study of the Effect of Android Platform Fragmentation on Security Updates

A model of the Android ecosystem utilizing the concepts of game theory and product differentiation to capture the competition involving two vendors customizing the AOSP platform and shows how product prices will decrease for the same cost of customization in the presence of a fine, or a higher level of regulator-imposed minimum security.

An investigation study for risk calculation of security vulnerabilities on android applications

This review discusses the risk calculation of android applications which is used to determine the overall security of an application and presents and discusses the permission-based access control models that can be used to evaluate application access to user data.

Systematic discovery of Android customization hazards

This dissertation performs a systematic investigation of Android customization’ inconsistencies with regards to security aspects at various Android layers and brings to light new vulnerabilities, never investigated before, caused by the under-regulated and complex Android customization.



Security Enhanced (SE) Android: Bringing Flexible MAC to Android

The work to bring flexible mandatory access control (MAC) to Android is motivated and described by enabling the effective use of Security Enhanced Linux (SELinux) for kernel-level MAC and by developing a set of middleware MAC extensions to the Android permissions model.

Upgrading Your Android, Elevating My Malware: Privilege Escalation through Mobile OS Updating

This research brought to light a new type of security-critical vulnerabilities, called Pileup flaws, through which a malicious app can strategically declare a set of privileges and attributes on a low-version operating system (OS) and wait until it is upgraded to escalate its privileges on the new system.

Critical Vulnerability in Browser Security Metrics

It is argued that patch deployment matters vastly more than patch frequency, that bug count fails to take into account differences in severity and vendor reporting methodologies, and that the security features that matter most are ignored by negative news articles.

Jekyll on iOS: When Benign Apps Become Evil

A novel attack method is presented that allows attackers to reliably hide malicious behavior that would otherwise get their app rejected by the Apple review process, and to introduce malicious control flows by rearranging signed code.

DREBIN: Effective and Explainable Detection of Android Malware in Your Pocket

DREBIN is proposed, a lightweight method for detection of Android malware that enables identifying malicious applications directly on the smartphone and outperforms several related approaches and detects 94% of the malware with few false alarms.

Hey, You, Get Off of My Market: Detecting Malicious Apps in Official and Alternative Android Markets

A permissionbased behavioral footprinting scheme to detect new samples of known Android malware families and a heuristics-based filtering scheme to identify certain inherent behaviors of unknown malicious families are proposed.

DroidChameleon: evaluating Android anti-malware against transformation attacks

This paper evaluates the state-of-the-art commercial mobile antimalware products for Android and test how resistant they are against various common obfuscation techniques and proposes possible remedies for improving the current state of malware detection on mobile devices.

Secure Software Updates: Disappointments and New Challenges

This analysis of several popular software update mechanisms shows that deployed systems often rely on trusted networks to distribute critical software updates-despite the research progress in secure content distribution.

ANDRUBIS -- 1,000,000 Apps Later: A View on Current Android Malware Behaviors

This paper presents ANDRUBIS, a fully automated, publicly available and comprehensive analysis system for Android apps that combines static analysis with dynamic analysis on both Dalvik VM and system level, as well as several stimulation techniques to increase code coverage.

Systematic Detection of Capability Leaks in Stock Android Smartphones

This paper analyzes eight popular Android smartphones and discovers that the stock phone images do not properly enforce the permission model, leaving several privileged permissions unsafely exposed to other applications which do not need to request them for the actual use.