50 Shades of Support: A Device-Centric Analysis of Android Security Updates

Acar, Abbas; Tuncay, Güliz Seray; Luques, Esteban; Oz, Harun; Aris, Ahmet; Uluagac, Selcuk

doi:10.14722/ndss.2024.24175

Search citation statements

Order By: Relevance

Paper Sections

Select...

Citation Types

Supporting

Mentioning

Contrasting

Year Published

2024

Publication Types

Select...

Article2

Other1

Relationship

Self Cite0

Independent3

Authors

Journals

Cited by 3 publications

References 15 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

Android Permissions: Evolution, Attacks, and Best Practices

Tuncay

2024

IEEE Secur. Privacy

View full text Add to dashboard Cite

Android Permissions: Evolution, Attacks, and Best Practices

Tuncay

2024

IEEE Secur. Privacy

View full text Add to dashboard Cite

Impact of incluing a review stage within a software requirement development process

Simões,

Carvalho,

Calderado

et al. 2024

Proceedings of the XXIII Brazilian Symposium on Software Quality

View full text Add to dashboard Cite

Security Evaluation of Companion Android Applications in IoT: The Case of Smart Security Devices

Allen,

Mylonas,

Vidalis

et al. 2024

Sensors

View full text Add to dashboard Cite

Smart security devices, such as smart locks, smart cameras, and smart intruder alarms are increasingly popular with users due to the enhanced convenience and new features that they offer. A significant part of this convenience is provided by the device’s companion smartphone app. Information on whether secure and ethical development practices have been used in the creation of these applications is unavailable to the end user. As this work shows, this means that users are impacted both by potential third-party attackers that aim to compromise their device, and more subtle threats introduced by developers, who may track their use of their devices and illegally collect data that violate users’ privacy. Our results suggest that users of every application tested are susceptible to at least one potential commonly found vulnerability regardless of whether their device is offered by a known brand name or a lesser-known manufacturer. We present an overview of the most common vulnerabilities found in the scanned code and discuss the shortcomings of state-of-the-art automated scanners when looking at less structured programming languages such as C and C++. Finally, we also discuss potential methods for mitigation, and provide recommendations for developers to follow with respect to secure coding practices.

show abstract

50 Shades of Support: A Device-Centric Analysis of Android Security Updates

Cited by 3 publications

References 15 publications

Android Permissions: Evolution, Attacks, and Best Practices

Android Permissions: Evolution, Attacks, and Best Practices

Impact of incluing a review stage within a software requirement development process

Security Evaluation of Companion Android Applications in IoT: The Case of Smart Security Devices

Contact Info

Product

Resources

About