The openness and extensibility of Android have made it a popular platform for mobile devices and a strong candidate to drive the Internet-of-Things. Unfortunately, these properties also leave Android vulnerable, attracting attacks for profit or fun. To mitigate these threats, numerous issue-specific solutions have been proposed. With the increasing number and complexity of security problems and solutions, we believe this is the right moment to step back and systematically re-evaluate the Android security architecture and security practices in the ecosystem. We organize the most recent security research on the Android platform into two categories: the software stack and the ecosystem. For each category, we provide a comprehensive narrative of the problem space, highlight the limitations of the proposed solutions, and identify open problems for future research. Based on our collection of knowledge, we envision a blueprint for engineering a secure, next-generation Android ecosystem.
Bibliographical noteFunding Information:
This work is supported by the National Science Foundation (grant DGE-1500084), Office of Naval Research (grant N000141512162), Defense Advanced Research Projects Agency (contract DARPA-15-15-TC-FP-006), and Electronics and Telecommunications Research Institute (contract MSIP/IITP[B0101-15-0644]).
© 2016 ACM.
- Mobile malware