Paper Info
Title
PatchDroid: scalable third-party security patches for Android devices
Abstract
Android is currently the largest mobile platform with around 750 million devices worldwide. Unfortunately, more than 30% of all devices contain publicly known security vulnerabilities and, in practice, cannot be updated through normal mechanisms since they are not longer supported by the manufacturer and mobile operator. This failure of traditional patch distribution systems has resulted in the creation of a large population of vulnerable mobile devices. In this paper, we present PatchDroid, a system to distribute and apply third-party security patches for Android. Our system is designed for device-independent patch creation, and uses in-memory patching techniques to address vulnerabilities in both native and managed code. We created a fully usable prototype of PatchDroid, including a number of patches for well-known vulnerabilities in Android devices. We evaluated our system on different devices from multiple manufacturers and show that we can effectively patch security vulnerabilities on Android devices without impacting performance or usability. Therefore, PatchDroid represents a realistic path towards dramatically reducing the number of exploitable Android devices in the wild.
Year
DOI
Venue
2013
10.1145/2523649.2523679
ACSAC
Keywords
Field
DocType
different device,device-independent patch creation,exploitable android device,vulnerable mobile device,traditional patch distribution system,scalable third-party security patch,android device,security vulnerability,third-party security patch,mobile operator,largest mobile platform,authentication,reverse engineering
USable,Population,Android (operating system),Managed code,Authentication,Computer security,Computer science,Usability,Mobile device,Operating system,Scalability
Conference
Citations 
PageRank 
References 
22
0.71
10
Authors
4
Name
Order
Citations
PageRank
Collin Mulliner122520.56
Jon Oberheide268144.07
William Robertson31762123.11
Engin Kirda45386334.12