A multidimensional analysis of the Android security ecosystem

Possemato, Andrea
Thesis

With more than 2.5 billion active devices based on Android, Google's mobile operating system is now one of the most widely used in the world.
Despite all the efforts made by Google to constantly improve the security of the entire Android ecosystem, there are still several problems that remain unresolved. In this thesis, we analyze in detail some of the open problems that affect different components and players that are part of and contribute to the Android ecosystem. We start with the security analysis of the network communication of Android applications, showing how, even if Android provides several techniques to secure network communications, developers sometimes are still forced to use clear text protocols. Our study continues with the analysis of another issue that puts the security and privacy of the user at risk. We analyze the vulnerabilities exploited by malicious applications to perform phishing attacks and how there is still no system in place to allow applications to protect themselves against these attacks. Last, we analyze what we think may be the perfect representation of how difficult it is to ensure security in a domain as extensive as Android analyzing how customizations, even though beneficial to vendors, can lead to security problems that are lowering down the overall security of the Android system. In this thesis, for each of the problems, we analyze the issue in detail, we measure how widespread it is, and we propose an alternative solution with the aim of solving the problem, making a step towards a more secure Android ecosystem.

 


HAL
Type:
Thèse
Date:
2021-09-14
Department:
Sécurité numérique
Eurecom Ref:
6626
Copyright:
© EURECOM. Personal use of this material is permitted. The definitive version of this paper was published in Thesis and is available at :

PERMALINK : https://www.eurecom.fr/publication/6626