FirmwareDroid: Security Analysis of the Android Firmware EcoSystem

by   Thomas Sutter, et al.

The Android Open Source Project (AOSP) is probably the most used and customized operating system for smartphones and IoT devices worldwide. Its market share and high adaptability makes Android an interesting operating system for many developers. Nowadays, we use Android firmware in smartphones, TVs, smartwatches, cars, and other devices by various vendors and manufacturers. The sheer amount of customized Android firmware and devices makes it hard for security analysts to detect potentially harmful applications. Another fact is that many vendors include apps from 3rd party developers. Such bloatware usually has more privileges than standard apps and cannot be removed by the user without rooting the device. In recent years several cases were reported where 3rd party developers could include malicious apps into the Android built chain. Media reports claim that pre-installed malware like Chamois and Triade we able to infect several million devices. Such cases demonstrate the need for better strategies for analyzing Android firmware. In our study, we analyze the Android firmware eco-system in various ways. We collected a dataset with several thousand Android firmware archives and show that several terabytes of firmware data are waiting on the web to be analyzed. We develop a web service called FirmwareDroid for analyzing Android firmware archives and pre-installed apps and create a dataset of firmware samples. Focusing on Android apps, we automated the process of extracting and scanning pre-installed apps with state of the art open-source tools. We demonstrate on real data that pre-installed apps are, in fact, a a threat to Android's users, and we can detect several hundred malware samples using scanners like VirusTotal, AndroGuard, and APKiD. With state of the art tools, we could scan more than 900000 apps during our research and give unique insights into Android custom ROMs.


page 1

page 21

page 26

page 30

page 32

page 35

page 38

page 41


Automatic Investigation Framework for Android Malware Cyber-Infrastructures

The popularity of Android system, not only in the handset devices but al...

An Analysis of Pre-installed Android Software

The open-source nature of the Android OS makes it possible for manufactu...

Dissecting Android Cryptocurrency Miners

Cryptojacking applications pose a serious threat to mobile devices. Due ...

AndroVault: Constructing Knowledge Graph from Millions of Android Apps for Automated Analysis

Data driven research on Android has gained a great momentum these years....

Web APIs in Android through the Lens of Security

Web communication has become an indispensable characteristic of mobile a...

A Large-scale Temporal Measurement of Android Malicious Apps: Persistence, Migration, and Lessons Learned

We study the temporal dynamics of potentially harmful apps (PHAs) on And...

The Design of the User Interfaces for Privacy Enhancements for Android

We present the design and design rationale for the user interfaces for P...

Please sign up or login with your details

Forgot password? Click here to reset