Abstract
Android is the most widely deployed end-user focused operating system. With its growing set of use cases encompassing communication, navigation, media consumption, entertainment, finance, health, and access to sensors, actuators, cameras, or microphones, its underlying security model needs to address a host of practical threats in a wide variety of scenarios while being useful to non-security experts. The model needs to strike a difficult balance between security, privacy, and usability for end users, assurances for app developers, and system performance under tight hardware constraints. While many of the underlying design principles have implicitly informed the overall system architecture, access control mechanisms, and mitigation techniques, the Android security model has previously not been formally published. This article aims to both document the abstract model and discuss its implications. Based on a definition of the threat model and Android ecosystem context in which it operates, we analyze how the different security measures in past and current Android implementations work together to mitigate these threats. There are some special cases in applying the security model, and we discuss such deliberate deviations from the abstract model.
- 2015. Stagefright Vulnerability Report. Retrieved from https://www.kb.cert.org/vuls/id/924951.Google Scholar
- 2017. BlueBorne. Retrieved from https://go.armis.com/hubfs/BlueBorne%20-%20Android%20Exploit%20(20171130).pdf?t=1529364695784.Google Scholar
- 2017. CVE-2017-13177. Retrieved from https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13177.Google Scholar
- 2018. Retrieved from https://www.stonetemple.com/mobile-vs-desktop-usage-study/.Google Scholar
- 2018. Retrieved from http://gs.statcounter.com/platform-market-share/desktop-mobile-tablet.Google Scholar
- 2018. Android Enterprise Security White Paper. Retrieved from https://source.android.com/security/reports/Google_Android_Enterprise_Security_Whitepaper_2018.pdf.Google Scholar
- 2018. Android Security 2017 Year In Review. Retrieved from https://source.android.com/security/reports/Google_Android_Security_2017_Report_Final.pdf.Google Scholar
- 2018. CVE-2017-17558: Remote Code Execution in Media Frameworks. Retrieved from https://source.android.com/security/bulletin/2018-06-01#kernel-components.Google Scholar
- 2018. CVE-2018-9341: Remote Code Execution in Media Frameworks. Retrieved from https://source.android.com/security/bulletin/2018-06-01#media-framework.Google Scholar
- 2018. SVE-2018-11599: Theft of Arbitrary Files Leading to Emails and Email Accounts Takeover. Retrieved from https://security.samsungmobile.com/securityUpdate.smsb.Google Scholar
- 2018. SVE-2018-11633: Buffer Overflow in Trustlet. Retrieved from https://security.samsungmobile.com/securityUpdate.smsb.Google Scholar
- 2019. Android Now FIDO2 Certified. Retrieved from https://fidoalliance.org/android-now-fido2-certified-accelerating-global-migration-beyond-passwords/.Google Scholar
- 2020. Personal identification—ISO-compliant driving licence—Part 5: Mobile driving licence (mDL) application. Draft International Standard: ISO/IEC DIS 18013-5.Google Scholar
- Y. Acar, M. Backes, S. Bugiel, S. Fahl, P. McDaniel, and M. Smith. 2016. SoK: Lessons learned from Android security research for appified software platforms. In Proceedings of the 2016 IEEE Symposium on Security and Privacy (SP’16). 433--451. DOI:https://doi.org/10.1109/SP.2016.33Google Scholar
Cross Ref
- Anne Adams and Martina Angela Sasse. 1999. Users are not the enemy. Commun. ACM 42, 12 (Dec. 1999), 40--46. DOI:https://doi.org/10.1145/322796.322806Google Scholar
Digital Library
- Andrew Ahn. 2018. How We Fought Bad Apps and Malicious Developers in 2017. Retrieved from https://android-developers.googleblog.com/2018/01/how-we-fought-bad-apps-and-malicious.html.Google Scholar
- Bonnie Brinton Anderson, Anthony Vance, C. Brock Kirwan, Jeffrey L. Jenkins, and David Eargle. 2016. From warning to wallpaper: Why the brain habituates to security warnings and what can be done about it. J. Manage. Inf. Syst. 33, 3 (2016), 713--743. DOI:https://doi.org/10.1080/07421222.2016.1243947Google Scholar
Cross Ref
- Anil Kumar Reddy, P. Paramasivam, and Prakash Babu Vemula. 2015. Mobile secure data protection using eMMC RPMB partition. In Proceedings of the 2015 International Conference on Computing and Network Communications (CoCoNet’15). 946--950. DOI:https://doi.org/10.1109/CoCoNet.2015.7411305Google Scholar
Cross Ref
- AOSP. [n.d.]. Android Compatibility Definition Document. Retrieved from https://source.android.com/compatibility/cdd.Google Scholar
- AOSP. [n.d.]. Android Enterprise Recommended Requirements. https://www.android.com/enterprise/recommended/requirements/.Google Scholar
- AOSP. [n.d.]. Android Platform Permissions Requesting Guidance. Retrieved from https://material.io/design/platform-guidance/android-permissions.html#request-types.Google Scholar
- AOSP. [n.d.]. Android Verified Boot Flow. Retrieved from https://source.android.com/security/verifiedboot/boot-flow.Google Scholar
- AOSP. [n.d.]. App Manifest Overview. Retrieved from https://developer.android.com/guide/topics/manifest/manifest-intro.Google Scholar
- AOSP. [n.d.]. App Manifest Permission Element. Retrieved from https://developer.android.com/guide/topics/manifest/permission-element.Google Scholar
- AOSP. [n.d.]. Developer Documentation android.security.identity. Retrieved from https://developer.android.com/reference/android/security/identity/package-summary.Google Scholar
- AOSP. [n.d.]. Developer Documentation android.security.keystore.KeyGenParameterSpec. Retrieved from https://developer.android.com/reference/android/security/keystore/KeyGenParameterSpec.Google Scholar
- AOSP. [n.d.]. Gatekeeper. Retrieved from https://source.android.com/security/authentication/gatekeeper.Google Scholar
- AOSP. [n.d.]. Hardware-backed Keystore. Retrieved from https://source.android.com/security/keystore/.Google Scholar
- AOSP. [n.d.]. Intents and Intent Filters. Retrieved from https://developer.android.com/guide/components/intents-filters.Google Scholar
- AOSP. [n.d.]. Network security configuration. Retrieved from https://developer.android.com/training/articles/security-config.Google Scholar
- AOSP. [n.d.]. Privacy: MAC Randomization. Retrieved from https://source.android.com/devices/tech/connect/wifi-mac-randomization.Google Scholar
- AOSP. [n.d.]. Privileged Permission Allowlisting. Retrieved from https://source.android.com/devices/tech/config/perms-whitelist.Google Scholar
- AOSP. [n.d.]. Restrictions on Non-SDK Interfaces. Retrieved from https://developer.android.com/distribute/best-practices/develop/restrictions-non-sdk-interfaces.Google Scholar
- AOSP. [n.d.]. Security Updates and Resources—Process Types. Retrieved from https://source.android.com/security/overview/updates-resources#process_types.Google Scholar
- AOSP. [n.d.]. Verifying Boot. Retrieved from https://source.android.com/security/verifiedboot/verified-boot.Google Scholar
- AOSP. [n.d.]. Verifying Hardware-backed Key Pairs with Key Attestation. Retrieved from https://developer.android.com/training/articles/security-key-attestation.Google Scholar
- AOSP. 2018. Android Protected Confirmation. Retrieved from https://developer.android.com/preview/features/security#android-protected-confirmation.Google Scholar
- AOSP. 2018. Android Verified Boot 2.0. Retrieved from https://android.googlesource.com/platform/external/avb/+/android11-release/README.md.Google Scholar
- AOSP. 2018. APK Signature Scheme v3. Retrieved from https://source.android.com/security/apksigning/v3.Google Scholar
- AOSP. 2018. SELinux for Android 8.0: Changes & Customizations. Retrieved from https://source.android.com/security/selinux/images/SELinux_Treble.pdf.Google Scholar
- AOSP. 2019. Restrictions on Starting Activities from the Background. Retrieved from https://developer.android.com/guide/components/activities/background-starts.Google Scholar
- AOSP. 2020. Android 11 Biometric Authentication. Retrieved from https://developer.android.com/about/versions/11/features#biometric-auth.Google Scholar
- AOSP. 2020. Security and Privacy Enhancements in Android 10. Retrieved from https://source.android.com/security/enhancements/enhancements10.Google Scholar
- Dan Austin and Jeff Vander Stoep. 2016. Hardening the media stack. Retrieved from https://android-developers.googleblog.com/2016/05/hardening-media-stack.html.Google Scholar
- Adam J. Aviv, Katherine Gibson, Evan Mossop, Matt Blaze, and Jonathan M. Smith. 2010. Smudge attacks on smartphone touch screens. In Proceedings of the 4th USENIX Conference on Offensive Technologies (WOOT’10). USENIX Association, Berkeley, CA, 1--7.Google Scholar
Digital Library
- David Barrera, Daniel McCarney, Jeremy Clark, and Paul C. van Oorschot. 2014. Baton: Certificate agility for Android’s decentralized signing infrastructure. In Proceedings of the 2014 ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec’14). Association for Computing Machinery, New York, NY, 1--12. DOI:https://doi.org/10.1145/2627393.2627397Google Scholar
- D. Bell and L. LaPadula. 1975. Secure Computer System Unified Exposition and Multics Interpretation. Technical Report MTR-2997. MITRE Corp., Bedford, MA.Google Scholar
- James Bender. 2018. Google Play security metadata and offline app distribution. Retrieved from https://android-developers.googleblog.com/2018/06/google-play-security-metadata-and.html.Google Scholar
- Sandeep Bhatkar, Daniel C. DuVarney, and R. Sekar. 2003. Address obfuscation: An efficient approach to combat a board range of memory error exploits. In Proceedings of the USENIX Security Symposium, Volume 12. USENIX Association, Berkeley, CA, 8--8. http://dl.acm.org/citation.cfm?id=1251353.1251361Google Scholar
- Chad Brubaker. 2014. Introducing nogotofail—A network traffic security testing tool. Retrieved from https://security.googleblog.com/2014/11/introducing-nogotofaila-network-traffic.html.Google Scholar
- Chad Brubaker. 2018. Protecting Users with TLS by Default in Android P. Retrieved from https://android-developers.googleblog.com/2018/04/protecting-users-with-tls-by-default-in.html.Google Scholar
- N. Burow, X. Zhang, and M. Payer. 2019. SoK: Shining Light on Shadow Stacks. In Proceedings of the 2019 IEEE Symposium on Security and Privacy (SP’19). 985--999. DOI:https://doi.org/10.1109/SP.2019.00076Google Scholar
Cross Ref
- Pierre Carru. 2017. Attack TrustZone with Rowhammer. Retrieved from http://www.eshard.com/wp-content/plugins/email-before-download/download.php?dl=9465aa084ff0f070a3acedb56bcb34f5.Google Scholar
- Dan Cashman. 2017. SELinux in Android O: Separating Policy to Allow for Independent Updates. Retrieved from https://events.static.linuxfound.org/sites/events/files/slides/LSS%20-%20Treble%20%27n%27%20SELinux.pdf.Google Scholar
- Jen Chai. 2019. Giving users more control over their location data. Retrieved from https://android-developers.googleblog.com/2019/03/giving-users-more-control-over-their.html.Google Scholar
- Haining Chen, Ninghui Li, William Enck, Yousra Aafer, and Xiangyu Zhang. 2017. Analysis of SEAndroid policies: Combining MAC and DAC in Android. In Proceedings of the 33rd Annual Computer Security Applications Conference (ACSAC’17). ACM, New York, NY, 553--565. DOI:https://doi.org/10.1145/3134600.3134638Google Scholar
Digital Library
- Haining Chen, Vishwath Mohan, Kevin Chyn, and Liz Louis. 2020. Lockscreen and Authentication Improvements in Android 11. Retrieved from https://android-developers.googleblog.com/2020/09/lockscreen-and-authentication.html.Google Scholar
- Jiska Classen and Matthias Hollick. 2019. Inside job: Diagnosing Bluetooth lower layers using off-the-shelf devices. In Proceedings of the 12th Conference on Security and Privacy in Wireless and Mobile Networks (WiSec 2019). ACM, 186--191. DOI:https://doi.org/10.1145/3317549.3319727Google Scholar
Digital Library
- Paul Crowley and Eric Biggers. 2018. Adiantum: Length-preserving encryption for entry-level processors. IACR Trans. Symmetr. Cryptol. 2018, 4 (Dec. 2018), 39--61. DOI:https://doi.org/10.13154/tosc.v2018.i4.39-61Google Scholar
- Edward Cunningham. 2017. Improving app security and performance on Google Play for years to come. Retrieved from https://android-developers.googleblog.com/2017/12/improving-app-security-and-performance.html.Google Scholar
- Lucas Davi, Ahmad-Reza Sadeghi, Daniel Lehmann, and Fabian Monrose. 2014. Stitching the gadgets: On the ineffectiveness of coarse-grained control-flow integrity protection. In Proceedings of the 23rd USENIX Security Symposium (USENIX Security’14). USENIX Association, Berkeley, CA, 401--416.Google Scholar
- Rachna Dhamija, J. D. Tygar, and Marti Hearst. 2006. Why phishing works. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems (CHI’06). ACM, New York, NY, 581--590. DOI:https://doi.org/10.1145/1124772.1124861Google Scholar
Digital Library
- Danny Dolev and Andrew Chi chih Yao. 1983. On the security of public key protocols. IEEE Trans. Inf. Theory 29, 2 (1983), 198--208. DOI:https://doi.org/10.1109/TIT.1983.1056650Google Scholar
Digital Library
- Andre Egners, Björn Marschollek, and Ulrike Meyer. 2012. Hackers in Your Pocket: A Survey of Smartphone Security Across Platforms. Technical Report 2012,7. RWTH Aachen University. https://citeseerx.ist.psu.edu/viewdoc/download;jsessionid=FF05D208E1C00B94566D2C7DAF405C01?doi=10.1.1.261.782&rep=rep1&type=pdf.Google Scholar
- Malin Eiband, Mohamed Khamis, Emanuel von Zezschwitz, Heinrich Hussmann, and Florian Alt. 2017. Understanding shoulder surfing in the wild: Stories from users and observers. In Proceedings of the 2017 CHI Conference on Human Factors in Computing Systems (CHI’17). Association for Computing Machinery, New York, NY, 4254--4265. DOI:https://doi.org/10.1145/3025453.3025636Google Scholar
Digital Library
- W. Enck, M. Ongtang, and P. McDaniel. 2009. Understanding Android security. IEEE Secur. Priv. 7, 1 (Jan. 2009), 50--57. DOI:https://doi.org/10.1109/MSP.2009.26Google Scholar
Digital Library
- Sascha Fahl, Marian Harbach, Thomas Muders, Lars Baumgärtner, Bernd Freisleben, and Matthew Smith. 2012. Why Eve and Mallory love Android: An analysis of Android SSL (in)security. In Proceedings of the 2012 ACM Conference on Computer and Communications Security (CCS’12). ACM, New York, NY, 50--61. DOI:https://doi.org/10.1145/2382196.2382205Google Scholar
Digital Library
- Sascha Fahl, Marian Harbach, Henning Perl, Markus Koetter, and Matthew Smith. 2013. Rethinking SSL development in an appified world. In Proceedings of the 2013 ACM SIGSAC Conference on Computer & Communications Security (CCS’13). ACM, New York, NY, 49--60. DOI:https://doi.org/10.1145/2508859.2516655Google Scholar
Digital Library
- Hossein Falaki, Ratul Mahajan, Srikanth Kandula, Dimitrios Lymberopoulos, Ramesh Govindan, and Deborah Estrin. 2010. Diversity in smartphone usage. In Proceedings of the 8th International Conference on Mobile Systems, Applications, and Services (MobiSys’10). ACM, New York, NY, 179--194. DOI:https://doi.org/10.1145/1814433.1814453Google Scholar
Digital Library
- P. Faruki, A. Bharmal, V. Laxmi, V. Ganmoor, M. S. Gaur, M. Conti, and M. Rajarajan. 2015. Android security: A survey of issues, malware penetration, and defenses. IEEE Commun. Surv. Tutor. 17, 2 (2015), 998--1022. DOI:https://doi.org/10.1109/COMST.2014.2386139Google Scholar
Digital Library
- Adrienne Porter Felt, Serge Egelman, Matthew Finifter, Devdatta Akhawe, and David A. Wagner. 2012. How to ask for permission. In Proceedings of the USENIX Summit on Hot Topics in Security (HotSec’12).Google Scholar
- Adrienne Porter Felt, Elizabeth Ha, Serge Egelman, Ariel Haney, Erika Chin, and David Wagner. 2012. Android permissions: User attention, comprehension, and behavior. In Proceedings of the 8th Symposium on Usable Privacy and Security (SOUPS’12). ACM, New York, NY, Article 3, 14 pages. DOI:https://doi.org/10.1145/2335356.2335360Google Scholar
Digital Library
- Earlence Fernandes, Qi Alfred Chen, Justin Paupore, Georg Essl, J. Alex Halderman, Z. Morley Mao, and Atul Prakash. 2016. Android UI deception revisited: Attacks and defenses. In Financial Cryptography and Data Security, Lecture Notes in Computer Science. Springer, Berlin, 41--59. DOI:https://doi.org/10.1007/978-3-662-54970-4_3Google Scholar
- Nate Fischer. 2018. Protecting WebView with Safe Browsing. Retrieved from https://android-developers.googleblog.com/2018/04/protecting-webview-with-safe-browsing.html.Google Scholar
- Google APIs for Android. [n.d.]. Retrieved from https://developers.google.com/android/reference/com/google/android/gms/fido/Fido.Google Scholar
- Yanick Fratantonio, Chenxiong Qian, Simon Chung, and Wenke Lee. 2017. Cloak and dagger: From two permissions to complete control of the UI feedback loop. In Proceedings of the IEEE Symposium on Security and Privacy.Google Scholar
Cross Ref
- Martin Georgiev, Subodh Iyengar, Suman Jana, Rishita Anubhai, Dan Boneh, and Vitaly Shmatikov. 2012. The most dangerous code in the world: Validating SSL certificates in non-browser software. In Proceedings of the ACM Conference on Computer and Communications Security. 38--49.Google Scholar
Digital Library
- Anwar Ghuloum. 2019. Fresher OS with Projects Treble and Mainline. Retrieved from https://android-developers.googleblog.com/2019/05/fresher-os-with-projects-treble-and-mainline.html.Google Scholar
- J. Alex Halderman, Seth D. Schoen, Nadia Heninger, William Clarkson, William Paul, Joseph A. Calandrino, Ariel J. Feldman, Jacob Appelbaum, and Edward W. Felten. 2009. Lest we remember: Cold-boot attacks on encryption keys. Commun. ACM 52, 5 (May 2009), 91--98. DOI:https://doi.org/10.1145/1506409.1506429Google Scholar
Digital Library
- Grant Hernandez, Dave (Jing) Tian, Anurag Swarnim Yadav, Byron J. Williams, and Kevin R. B. Butler. 2020. BigMAC: Fine-grained policy analysis of Android firmware. In Proceedings of the 29th USENIX Security Symposium (USENIX Security’20). USENIX Association, 271--287.Google Scholar
- Daniel Hintze, Rainhard D. Findling, Muhammad Muaaz, Sebastian Scholz, and René Mayrhofer. 2014. Diversity in locked and unlocked mobile device usage. In Proceedings of the 2014 ACM International Joint Conference on Pervasive and Ubiquitous Computing: Adjunct Publication (UbiComp’14). ACM Press, 379--384. DOI:https://doi.org/10.1145/2638728.2641697Google Scholar
Digital Library
- Daniel Hintze, Rainhard D. Findling, Sebastian Scholz, and René Mayrhofer. 2014. Mobile device usage characteristics: The effect of context and form factor on locked and unlocked usage. In Proceedings of the12th International Conference on Advances in Mobile Computing and Multimedia (MoMM’14). ACM Press, New York, NY, 105--114. DOI:https://doi.org/10.1145/2684103.2684156Google Scholar
Digital Library
- Daniel Hintze, Philipp Hintze, Rainhard Dieter Findling, and René Mayrhofer. 2017. A large-scale, long-term analysis of mobile device usage characteristics. Proc. ACM Interact. Mob. Wearable Ubiq’ Technol. 1, 2, Article 13 (Jun’ 2017), 21 pages. DOI:https://doi.org/10.1145/3090078Google Scholar
Digital Library
- Sebastian Höbarth and René Mayrhofer. 2011. A framework for on-device privilege escalation exploit execution on Android. In Proceedings of the 3rd International Workshop on Security and Privacy in Spontaneous Interaction and Mobile Phone Use, Colocated with Pervasive 2011 (IWSSI/SPMU’11).Google Scholar
- Michael Hölzl, Michael Roland, and René Mayrhofer. 2017. Real-world identification for an extensible and privacy-preserving mobile eID. In Privacy and Identity Management. The Smart Revolution. Privacy and Identity 2017. IFIP AICT, Vol. 526/2018. Springer, Berlin, 354--370. DOI:https://doi.org/10.1007/978-3-319-92925-5_24Google Scholar
- Yeongjin Jang, Chengyu Song, Simon P. Chung, Tielei Wang, and Wenke Lee. 2014. A11Y attacks: Exploiting accessibility in operating systems. In Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security (CCS’14). ACM, New York, NY, 103--115. DOI:https://doi.org/10.1145/2660267.2660295Google Scholar
Digital Library
- Troy Kensinger. 2018. Google and Android Have Your Back by Protecting Your Backups. Retrieved from https://security.googleblog.com/2018/10/google-and-android-have-your-back-by.html.Google Scholar
- Hassan Khan, Urs Hengartner, and Daniel Vogel. 2018. Evaluating attack and defense strategies for smartphone PIN shoulder surfing. In Proceedings of the 2018 CHI Conference on Human Factors in Computing Systems (CHI’18). Association for Computing Machinery, New York, NY, 1--10. DOI:https://doi.org/10.1145/3173574.3173738Google Scholar
Digital Library
- Amin Kharraz, William Robertson, Davide Balzarotti, Leyla Bilge, and Engin Kirda. 2015. Cutting the Gordian knot: A look under the hood of ransomware attacks. In Detection of Intrusions and Malware, and Vulnerability Assessment, Magnus Almgren, Vincenzo Gulisano, and Federico Maggi (Eds.). Springer International Publishing, Cham, 3--24.Google Scholar
- Erik Kline and Ben Schwartz. 2018. DNS over TLS support in Android P Developer Preview. Retrieved from https://android-developers.googleblog.com/2018/04/dns-over-tls-support-in-android-p.html.Google Scholar
- Paul Kocher, Daniel Genkin, Daniel Gruss, Werner Haas, Mike Hamburg, Moritz Lipp, Stefan Mangard, Thomas Prescher, Michael Schwarz, and Yuval Yarom. 2018. Spectre attacks: Exploiting speculative execution. arxiv:1801.01203. Retrieved from http://arxiv.org/abs/1801.01203.Google Scholar
- Nick Kralevich. 2016. The Art of Defense: How Vulnerabilities Help Shape Security Features and Mitigations in Android. Retrieved from https://www.blackhat.com/docs/us-16/materials/us-16- Kralevich-The-Art-Of-Defense-How- Vulnerabilities-Help-Shape- Security-Features-And-Mitigations-In-Android.pdfBlackHat.Google Scholar
- Joshua Kraunelis, Yinjie Chen, Zhen Ling, Xinwen Fu, and Wei Zhao. 2014. On malware leveraging the Android accessibility framework. In Mobile and Ubiquitous Systems: Computing, Networking, and Services, Ivan Stojmenovic, Zixue Cheng, and Song Guo (Eds.). Springer International Publishing, Cham, 512--523.Google Scholar
- Mariantonietta La Polla, Fabio Martinelli, and Daniele Sgandurra. 2013. A survey on security for mobile devices. Communications Surveys & Tutorials 15 (01 2013), 446--471.Google Scholar
- Ben Lapid and Avishai Wool. 2019. Cache-attacks on the ARM TrustZone implementations of AES-256 and AES-256-GCM via GPU-based analysis. In Proceedings of the Selected Areas in Cryptography (SAC’18), Carlos Cid and Michael J. Jacobson Jr. (Eds.). Springer International Publishing, Cham, 235--256.Google Scholar
Digital Library
- B. Laurie, A. Langley, and E. Kasper. 2013. Certificate Transparency. Retrieved from https://www.rfc-editor.org/info/rfc6962.Google Scholar
- Li Li, Alexandre Bartel, Jacques Klein, Yves Le Traon, Steven Arzt, Siegfried Rasthofer, Eric Bodden, Damien Octeau, and Patrick McDaniel. 2014. I know what leaked in your pocket: Uncovering privacy leaks on Android Apps with Static Taint Analysis. arXiv:1404.7431 [cs]. Retrieved from http://arxiv.org/abs/1404.7431.Google Scholar
- Li Li, Tegawendé F. Bissyandé, Mike Papadakis, Siegfried Rasthofer, Alexandre Bartel, Damien Octeau, Jacques Klein, and Le Traon. 2017. Static analysis of Android apps: A systematic literature review. Inf. Softw. Technol. 88 (2017), 67--95. DOI:https://doi.org/10.1016/j.infsof.2017.04.001Google Scholar
Digital Library
- M. Lindorfer, M. Neugschwandtner, L. Weichselbaum, Y. Fratantonio, V. v. d. Veen, and C. Platzer. 2014. ANDRUBIS—1,000,000 apps later: A view on current Android malware behaviors. In Proceedings of the 2014 3rd International Workshop on Building Analysis Datasets and Gathering Experience Returns for Security (BADGERS’14). 3--17. DOI:https://doi.org/10.1109/BADGERS.2014.7Google Scholar
Digital Library
- Moritz Lipp, Michael Schwarz, Daniel Gruss, Thomas Prescher, Werner Haas, Stefan Mangard, Paul Kocher, Daniel Genkin, Yuval Yarom, and Mike Hamburg. 2018. Meltdown. arxiv:1801.01207. Retrieved fromhttp://arxiv.org/abs/1801.01207.Google Scholar
- T. Lodderstedt, M. McGloin, and P. Hunt. 2013. OAuth 2.0 Threat Model and Security Considerations. Retrieved from https://www.rfc-editor.org/info/rfc6819.Google Scholar
- Ivan Lozano. 2018. Compiler-based Security Mitigations in Android P. Retrieved from https://android-developers.googleblog.com/2018/06/compiler-based-security-mitigations-in.html.Google Scholar
- Iliyan Malchev. 2017. Here Comes Treble: A Modular Base for Android. Retrieved from https://android-developers.googleblog.com/2017/05/here-comes-treble-modular-base-for.html.Google Scholar
- René Mayrhofer. 2014. An architecture for secure mobile devices. Security and Communication Networks (2014). DOI:https://doi.org/10.1002/sec.1028Google Scholar
- René Mayrhofer. 2019. Insider attack resistance in the android ecosystem. Enigma 2019. https://www.usenix.org/conference/enigma2019/presentation/mayrhofer.Google Scholar
- René Mayrhofer, Vishwath Mohan, and Stephan Sigg. 2020. Adversary Models for Mobile Device Authentication. arxiv:cs.CR/2009.10150. Retrieved from https://arxiv.org/abs/2009.10150.Google Scholar
- T. McDonnell, B. Ray, and M. Kim. 2013. An empirical study of API stability and adoption in the Android ecosystem. In Proceedings of the 2013 IEEE International Conference on Software Maintenance. 70--79. DOI:https://doi.org/10.1109/ICSM.2013.18Google Scholar
Digital Library
- I. Mohamed and D. Patel. 2015. Android vs iOS security: A comparative study. In Proceedings of the 2015 12th International Conference on Information Technology—New Generations. 725--730. DOI:https://doi.org/10.1109/ITNG.2015.123Google Scholar
- Vishwath Mohan. 2018. Better Biometrics in Android P. Retrieved from https://android-developers.googleblog.com/2018/06/better-biometrics-in-android-p.html.Google Scholar
- Vikrant Nanda and René Mayrhofer. 2018. Android Pie á la Mode: Security & Privacy. Retrieved from https://android-developers.googleblog.com/2018/12/android-pie-la-mode-security-privacy.html.Google Scholar
- Sundar Pichai. 2018. Android Has Created More Choice, Not Less. Retrieved from https://blog.google/around-the-globe/google-europe/android-has-created-more-choice-not-less/.Google Scholar
- Joel Reardon, Álvaro Feal, Primal Wijesekera, Amit Elazari Bar On, Narseo Vallina-Rodriguez, and Serge Egelman. 2019. 50 ways to leak your data: An exploration of apps’ circumvention of the Android permissions system. In Proceedings of the 28th USENIX Security Symposium (USENIX Security’19). USENIX Association, Berkeley, CA, 603--620.Google Scholar
- Peter Riedl, Rene Mayrhofer, Andreas Möller, Matthias Kranz, Florian Lettner, Clemens Holzmann, and Marion Koelle. 2015. Only play in your comfort zone: Interaction methods for improving security awareness on mobile devices. Pers. Ubiq. Comput. 27 (Mar. 2015), 1--14. DOI:https://doi.org/10.1007/s00779-015-0840-5Google Scholar
- Franziska Roesner, Tadayoshi Kohno, Er Moshchuk, Bryan Parno, Helen J. Wang, and Crispin Cowan. 2012. User-driven access control: Rethinking permission granting in modern operating systems. In Proceedings of the 2012 IEEE Symposium on Security and Privacy (SP’12). 224--238. DOI:https://doi.org/10.1109/SP.2012.24Google Scholar
Digital Library
- Michael Roland, Josef Langer, and Josef Scharinger. 2013. Applying relay attacks to Google wallet. In Proceedings of the 5th International Workshop on Near Field Communication (NFC’13). IEEE, Los Alamitos, CA. DOI:https://doi.org/10.1109/NFC.2013.6482441Google Scholar
Cross Ref
- R. S. Sandhu and P. Samarati. 1994. Access control: Principle and practice. IEEE Commun. Mag. 32, 9 (Sep. 1994), 40--48. DOI:https://doi.org/10.1109/35.312842Google Scholar
Digital Library
- N. Scaife, H. Carter, P. Traynor, and K. R. B. Butler. 2016. CryptoLock (and drop it): Stopping ransomware attacks on user data. In Proceedings of the 2016 IEEE 36th International Conference on Distributed Computing Systems (ICDCS’16). 303--312. DOI:https://doi.org/10.1109/ICDCS.2016.46Google Scholar
Cross Ref
- Konstantin Serebryany, Derek Bruening, Alexander Potapenko, and Dmitriy Vyukov. 2012. AddressSanitizer: A fast address sanity checker. In Presented as Part of the 2012 USENIX Annual Technical Conference (USENIX ATC’12). USENIX, Berkeley, CA, 309--318.Google Scholar
- Arvind Seshadri, Mark Luk, Ning Qu, and Adrian Perrig. 2007. SecVisor: A tiny hypervisor to provide lifetime kernel code integrity for commodity OSes. In Proceedings of 21st ACM SIGOPS Symposium on Operating Systems Principles (SOSP’07). ACM, New York, NY, 335--350. DOI:https://doi.org/10.1145/1294261.1294294Google Scholar
Digital Library
- Hovav Shacham, Matthew Page, Ben Pfaff, Eu-Jin Goh, Nagendra Modadugu, and Dan Boneh. 2004. On the effectiveness of address-space randomization. In Proceedings of the 11th ACM Conference on Computer and Communications Security (CCS’04). ACM, New York, NY, 298--307. DOI:https://doi.org/10.1145/1030083.1030124Google Scholar
Digital Library
- Stephen Smalley and Robert Craig. 2013. Security enhanced (SE) Android: Bringing flexible MAC to Android. In Proceedings of the Network and Distributed System Security Symposium (NDSS’13). 18.Google Scholar
- Sampath Srinivas and Karthik Lakshminarayanan. 2019. Simplifying Identity and Access Management of Your Employees, Partners, and Customers. Retrieved from https://cloud.google.com/blog/products/identity-security/simplifying-identity-and-access-management-of-your-employees-partners-and-customers.Google Scholar
- Jeff Vander Stoep and Chong Zhang. 2019. Queue the Hardening Enhancements. Retrieved from https://android-developers.googleblog.com/2019/05/queue-hardening-enhancements.html.Google Scholar
- Andrew S. Tanenbaum and Herbert Bos. 2014. Modern Operating Systems (4th ed.). Prentice Hall, Upper Saddle River, NJ.Google Scholar
Digital Library
- Adrian Tang, Simha Sethumadhavan, and Salvatore Stolfo. 2017. CLKSCREW: Exposing the perils of security-oblivious energy management. In Proceedings of the 26th USENIX Security Symposium (USENIX Security’17). USENIX Association, Berkeley, CA, 1057--1074.Google Scholar
- Sai Deep Tetali. 2018. Keeping 2 Billion Android Devices Safe with Machine Learning. Retrieved from https://android-developers.googleblog.com/2018/05/keeping-2-billion-android-devices-safe.html.Google Scholar
- Daniel R. Thomas, Alastair R. Beresford, and Andrew Rice. 2015. Security metrics for the Android ecosystem. In Proceedings of the 5th Annual ACM CCS Workshop on Security and Privacy in Smartphones and Mobile Devices (SPSM’15). Association for Computing Machinery, New York NY, 87--98. DOI:https://doi.org/10.1145/2808117.2808118Google Scholar
Digital Library
- Caroline Tice, Tom Roeder, Peter Collingbourne, Stephen Checkoway, Úlfar Erlingsson, Luis Lozano, and Geoff Pike. 2014. Enforcing forward-edge control-flow integrity in GCC & LLVM. In Proceedings of the 23rd USENIX Security Symposium (USENIX Security’14). USENIX Association, Berkeley, CA, 941--955.Google Scholar
- Sami Tolvanen. 2017. Hardening the Kernel in Android Oreo. Retrieved from https://android-developers.googleblog.com/2017/08/hardening-kernel-in-android-oreo.html.Google Scholar
- Sami Tolvanen. 2018. Control Flow Integrity in the Android kernel. Retrieved from https://security.googleblog.com/2018/10/posted-by-sami-tolvanen-staff-software.html.Google Scholar
- Sami Tolvanen. 2019. Protecting against Code Reuse in the Linux Kernel with Shadow Call Stack. Retrieved from https://security.googleblog.com/2019/10/protecting-against-code-reuse-in-linux_30.html.Google Scholar
- Victor van der Veen, Yanick Fratantonio, Martina Lindorfer, Daniel Gruss, Clementine Maurice, Giovanni Vigna, Herbert Bos, Kaveh Razavi, and Cristiano Giuffrida. 2016. Drammer: Deterministic Rowhammer Attacks on Mobile Platforms. ACM Press, 1675--1689. DOI:https://doi.org/10.1145/2976749.2978406Google Scholar
Digital Library
- Jeff Vander Stoep. 2015. Ioctl Command Whitelisting in SELinux. Retrieved from http://kernsec.org/files/lss2015/vanderstoep.pdfLinux Security Summit.Google Scholar
- Jeff Vander Stoep. 2016. Android: Protecting the Kernel. Retrieved from https://events.static.linuxfound.org/sites/events/files/slides/Android-%20protecting%20the%20kernel.pdf.Google Scholar
- Jeff Vander Stoep. 2017. Shut the HAL Up. Retrieved from https://android-developers.googleblog.com/2017/07/shut-hal-up.html.Google Scholar
- Jeff Vander Stoep and Sami Tolvanen. 2018. Year in Review: Android Kernel Security. Retrieved from https://events.linuxfoundation.org/wp-content/uploads/2017/11/LSS2018.pdf.Google Scholar
- W3C. [n.d.]. Web Authentication: An API for accessing Public Key Credentials. Retrieved from https://webauthn.io/.Google Scholar
- R. Watson. 2012. New Approaches to Operatng System Security Extensibility. Technical Report UCAM-CL-TR-818. Cambridge University.Google Scholar
- Primal Wijesekera, Arjun Baokar, Ashkan Hosseini, Serge Egelman, David Wagner, and Konstantin Beznosov. 2015. Android permissions remystified: A field study on contextual integrity. In Proceedings of the 24th USENIX Security Symposium (USENIX Security’15). USENIX Association, Berkeley, CA, 499--514.Google Scholar
- Linux Kernel Security Subsystem Wiki. 2019. Exploit Methods/Userspace Execution. Retrieved from https://kernsec.org/wiki/index.php/Exploit_Methods/Userspace_execution.Google Scholar
- Shawn Willden. 2018. Insider Attack Resistance. Retrieved from https://android-developers.googleblog.com/2018/05/insider-attack-resistance.html.Google Scholar
- Xiaowen Xin. 2018. Titan M Makes Pixel 3 Our Most Secure Phone Yet. Retrieved from https://blog.google/products/pixel/titan-m-makes-pixel-3-our-most-secure-phone-yet/.Google Scholar
- Keun Soo Yim, Iliyan Malchev, Andrew Hsieh, and Dave Burke. 2019. Treble: Fast software updates by creating an equilibrium in an active software ecosystem of globally distributed stakeholders. ACM Trans. Embed. Comput. Syst. 18, 5s, Article 104 (Oct. 2019), 23 pages. DOI:https://doi.org/10.1145/3358237Google Scholar
Digital Library
- David Zeuthen, Shawn Willden, and René Mayrhofer. 2020. Privacy-preserving features in the Mobile Driving License. Retrieved from https://security.googleblog.com/2020/10/privacy-preserving-features-in-mobile.html.Google Scholar
- Yuan Zhang, Min Yang, Bingquan Xu, Zhemin Yang, Guofei Gu, Peng Ning, X. Sean Wang, and Binyu Zang. 2013. Vetting undesirable behaviors in Android apps with permission use analysis. In Proceedings of the 2013 ACM SIGSAC Conference on Computer & Communications Security (CCS’13). ACM, New York, NY, 611--622. DOI:https://doi.org/10.1145/2508859.2516689Google Scholar
Digital Library
Index Terms
The Android Platform Security Model
Recommendations
An Automated Permission Selection Framework for Android Platform
AbstractEnhancements to Android security frameworks have been a focal point of the research community in the past few years due to Android’s growing popularity. The Android permission framework performs a vital role in identifying the malicious behavior ...
Android: Changing the Mobile Landscape
The mobile phone landscape changed last year with the introduction of smart phones running Android, a platform marketed by Google. Android phones are the first credible threat to the iPhone market. Not only did Google target the same consumers as iPhone,...
Comparative analysis of Android and iOS from security viewpoint
AbstractSmartphone usage has increased exponentially in the recent years. Android and iOS are the most popular smartphone platforms, while the ease of use along with the computational power to handle a wide array of applications attracts ...






Comments