An Empirical Study on Android-related Vulnerabilities
Mario Linares-Vasquez, Gabriele Bavota, Camilo Escobar-Velasquez
TL;DR
This paper presents the largest empirical analysis of Android OS vulnerabilities, classifying their types, affected subsystems, and survivability, to aid developers and researchers in improving mobile security.
Contribution
It introduces a detailed taxonomy of Android vulnerabilities, analyzes affected OS layers, and studies vulnerability survivability, filling gaps left by prior limited studies.
Findings
Comprehensive classification of Android vulnerabilities.
Identification of most affected OS subsystems.
Insights into vulnerability lifespan and fix timelines.
Abstract
Mobile devices are used more and more in everyday life. They are our cameras, wallets, and keys. Basically, they embed most of our private information in our pocket. For this and other reasons, mobile devices, and in particular the software that runs on them, are considered first-class citizens in the software-vulnerabilities landscape. Several studies investigated the software-vulnerabilities phenomenon in the context of mobile apps and, more in general, mobile devices. Most of these studies focused on vulnerabilities that could affect mobile apps, while just few investigated vulnerabilities affecting the underlying platform on which mobile apps run: the Operating System (OS). Also, these studies have been run on a very limited set of vulnerabilities. In this paper we present the largest study at date investigating Android-related vulnerabilities, with a specific focus on the ones…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsAdvanced Malware Detection Techniques · Software Testing and Debugging Techniques · Security and Verification in Computing