Paper Info
Title
Understanding and improving app installation security mechanisms through empirical analysis of android
Abstract
We provide a detailed analysis of two largely unexplored aspects of the security decisions made by the Android operating system during the app installation process: update integrity and UID assignment. To inform our analysis, we collect a dataset of Android application metadata and extract features from these binaries to gain a better understanding of how developers interact with the security mechanisms invoked during installation. Using the dataset, we find empirical evidence that Android's current signing architecture does not encourage best security practices. We also find that limitations of Android's UID sharing method force developers to write custom code rather than rely on OS-level mechanisms for secure data transfer between apps. As a result of our analysis, we recommend incrementally deployable improvements, including a novel UID sharing mechanism with applicability to signature-level permissions. We additionally discuss mitigation options for a security bug in Google's Play store, which allows apps to transparently obtain more privileges than those requested in the manifest.
Year
DOI
Venue
2012
10.1145/2381934.2381949
SPSM@CCS
Keywords
Field
DocType
detailed analysis,security bug,android operating system,best security practice,security decision,empirical analysis,novel uid sharing mechanism,uid assignment,security mechanism,uid sharing method force,android application metadata,app installation security mechanism,digital signatures,software installation,android
Metadata,Architecture,World Wide Web,Internet privacy,Android (operating system),Empirical evidence,Data transmission,Computer science,Computer security,Installation,Digital signature,Security bug
Conference
Citations 
PageRank 
References 
30
1.49
27
Authors
4
Name
Order
Citations
PageRank
David Barrera133623.52
Jeremy Clark262046.32
Daniel McCarney3492.54
P. C. van Oorschot44230414.39