SoK: Lessons Learned From Android Security Research For Appified Software Platforms

Acar, Yasemin and Backes, Michael and Bugiel, Sven and Fahl, Sascha and McDaniel, Patrick and Smith, Matthew
(2016) SoK: Lessons Learned From Android Security Research For Appified Software Platforms.
In: 37th IEEE Symposium on Security and Privacy (S&P '16).
Conference: S&P - IEEE Symposium on Security and Privacy

[img]
Preview
Text
androidsok-sp16.pdf - Published Version

Download (255kB) | Preview

Abstract

Android security and privacy research has boomed in recent years, far outstripping investigations of other appified platforms. However, despite this attention, research efforts are fragmented and lack any coherent evaluation framework. We present a systematization of Android security and privacy research with a focus on the appification of software systems. To put Android security and privacy research into context, we compare the concept of appification with conventional operating system and software ecosystems. While appification has improved some issues (e.g., market access and usability), it has also introduced a whole range of new problems and aggravated some problems of the old ecosystems (e.g., coarse and unclear policy, poor software development practices). Some of our key findings are that contemporary research frequently stays on the beaten path instead of following unconventional and often promising new routes. Many security and privacy proposals focus entirely on the Android OS and do not take advantage of the unique features and actors of an appified ecosystem, which could be used to roll out new security mechanisms less disruptively. Our work highlights areas that have received the larger shares of attention, which attacker models were addressed, who is the target, and who has the capabilities and incentives to implement the countermeasures. We conclude with lessons learned from comparing the appified with the old world, shedding light on missed opportunities and proposing directions for future research.

Actions

Actions (login required)

View Item View Item