A Large-Scale Study on the Prevalence and Usage of TEE-based Features on Android
- URL: http://arxiv.org/abs/2311.10511v1
- Date: Fri, 17 Nov 2023 13:29:16 GMT
- Title: A Large-Scale Study on the Prevalence and Usage of TEE-based Features on Android
- Authors: Davide Bove,
- Abstract summary: This study focuses on the key areas of cryptography, digital rights management, biometric authentication, and secure dialogs.
Through the analysis of 170,550 popular Android apps, our analysis illuminates the implementation of TEE-related features and their contextual usage.
- Score: 0.0
- License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
- Abstract: In the realm of mobile security, where OS-based protections have proven insufficient against robust attackers, Trusted Execution Environments (TEEs) have emerged as a hardware-based security technology. Despite the industry's persistence in advancing TEE technology, the impact on end users and developers remains largely unexplored. This study addresses this gap by conducting a large-scale analysis of TEE utilization in Android applications, focusing on the key areas of cryptography, digital rights management, biometric authentication, and secure dialogs. To facilitate our extensive analysis, we introduce Mobsec Analytika, a framework tailored for large-scale app examinations, which we make available to the research community. Through the analysis of 170,550 popular Android apps, our analysis illuminates the implementation of TEE-related features and their contextual usage. Our findings reveal that TEE features are predominantly utilized indirectly through third-party libraries, with only 6.7% of apps directly invoking the APIs. Moreover, the study reveals the underutilization of the recent TEE-based UI feature Protected Confirmation.
Related papers
- TÄMU: Emulating Trusted Applications at the (GlobalPlatform)-API Layer [20.44030366449458]
Mobile devices rely on Trusted Execution Environments (TEEs) to execute security-critical code and protect assets.<n>The closed-source nature and fragmentation of mobile TEEs severely hinder dynamic analysis of TAs.<n>This paper presents TMU, a rehosting platform enabling dynamic analysis of TAs.
arXiv Detail & Related papers (2026-01-28T11:34:06Z) - What You Trust Is Insecure: Demystifying How Developers (Mis)Use Trusted Execution Environments in Practice [13.772042459342865]
This paper presents the first large-scale empirical study of real-world TEE applications.<n>We analyzed 241 open-source projects from GitHub that utilize the two most widely-adopted TEEs, Intel SGX and ARM TrustZone.
arXiv Detail & Related papers (2025-12-19T09:02:58Z) - PDRIMA: A Policy-Driven Runtime Integrity Measurement and Attestation Approach for ARM TrustZone-based TEE [3.360308805410428]
ARM TrustZones are widely used in IoT and embedded devices to protect sensitive code and data.<n>Most existing defenses focus on secure boot or REE-side monitoring and provide little visibility into the runtime integrity of the TEE.<n>We propose Policy-Driven Integrity Measurement and runtime integrity protection approach for TrustZone-based TEEs.
arXiv Detail & Related papers (2025-12-06T17:12:54Z) - An Empirical Study on the Security Vulnerabilities of GPTs [48.12756684275687]
GPTs are one kind of customized AI agents based on OpenAI's large language models.<n>We present an empirical study on the security vulnerabilities of GPTs.
arXiv Detail & Related papers (2025-11-28T13:30:25Z) - CTIArena: Benchmarking LLM Knowledge and Reasoning Across Heterogeneous Cyber Threat Intelligence [48.63397742510097]
Cyber threat intelligence (CTI) is central to modern cybersecurity, providing critical insights for detecting and mitigating evolving threats.<n>With the natural language understanding and reasoning capabilities of large language models (LLMs), there is increasing interest in applying them to CTI.<n>We present CTIArena, the first benchmark for evaluating LLM performance on heterogeneous, multi-source CTI.
arXiv Detail & Related papers (2025-10-13T22:10:17Z) - Bridging the Mobile Trust Gap: A Zero Trust Framework for Consumer-Facing Applications [51.56484100374058]
This paper proposes an extended Zero Trust model designed for mobile applications operating in untrusted, user-controlled environments.<n>Using a design science methodology, the study introduced a six-pillar framework that supports runtime enforcement of trust.<n>The proposed model offers a practical and standards-aligned approach to securing mobile applications beyond pre-deployment controls.
arXiv Detail & Related papers (2025-08-20T18:42:36Z) - Qualcomm Trusted Application Emulation for Fuzzing Testing [0.3277163122167433]
This research centers on trusted applications (TAs) within the Qualcomm TEE.<n>Through reverse engineering techniques, we develop a partial emulation environment that accurately emulates their behavior.<n>We integrate fuzzing testing techniques into the emulator to systematically uncover potential vulnerabilities within Qualcomm TAs.
arXiv Detail & Related papers (2025-07-11T06:10:15Z) - Intelligent Detection of Non-Essential IoT Traffic on the Home Gateway [45.70482328441101]
This work presents ML-IoTrim, a system for detecting and mitigating non-essential IoT traffic by analyzing network behavior at the edge.
We test our framework in a consumer smart home setup with IoT devices from five categories, demonstrating that the model can accurately identify and block non-essential traffic.
This research advances privacy-aware traffic control in smart homes, paving the way for future developments in IoT device privacy.
arXiv Detail & Related papers (2025-04-22T09:40:05Z) - Frontier AI's Impact on the Cybersecurity Landscape [46.32458228179959]
We find that while AI is already widely used in attacks, its application in defense remains limited.<n>Experts expect AI to continue favoring attackers over defenders, though the gap will gradually narrow.
arXiv Detail & Related papers (2025-04-07T18:25:18Z) - AISafetyLab: A Comprehensive Framework for AI Safety Evaluation and Improvement [73.0700818105842]
We introduce AISafetyLab, a unified framework and toolkit that integrates representative attack, defense, and evaluation methodologies for AI safety.
AISafetyLab features an intuitive interface that enables developers to seamlessly apply various techniques.
We conduct empirical studies on Vicuna, analyzing different attack and defense strategies to provide valuable insights into their comparative effectiveness.
arXiv Detail & Related papers (2025-02-24T02:11:52Z) - Zero Trust Architecture: A Systematic Literature Review [0.0]
ZTA operates on the principle of "never trust, always verify"
This study applies the PRISMA framework to analyze 10 years of research on ZTA.
arXiv Detail & Related papers (2025-02-07T13:11:15Z) - Physical and Software Based Fault Injection Attacks Against TEEs in Mobile Devices: A Systemisation of Knowledge [5.6064476854380825]
Trusted Execution Environments (TEEs) are critical components of modern secure computing.
They provide isolated zones in processors to safeguard sensitive data and execute secure operations.
Despite their importance, TEEs are increasingly vulnerable to fault injection (FI) attacks.
arXiv Detail & Related papers (2024-11-22T11:59:44Z) - A Qualitative Study on Using ChatGPT for Software Security: Perception vs. Practicality [1.7624347338410744]
ChatGPT is a Large Language Model (LLM) that can perform a variety of tasks with remarkable semantic understanding and accuracy.
This study aims to gain an understanding of the potential of ChatGPT as an emerging technology for supporting software security.
It was determined that security practitioners view ChatGPT as beneficial for various software security tasks, including vulnerability detection, information retrieval, and penetration testing.
arXiv Detail & Related papers (2024-08-01T10:14:05Z) - Enhancing Physical Layer Communication Security through Generative AI with Mixture of Experts [80.0638227807621]
generative artificial intelligence (GAI) models have demonstrated superiority over conventional AI methods.
MoE, which uses multiple expert models for prediction through a gate mechanism, proposes possible solutions.
arXiv Detail & Related papers (2024-05-07T11:13:17Z) - LLbezpeky: Leveraging Large Language Models for Vulnerability Detection [10.330063887545398]
Large Language Models (LLMs) have shown tremendous potential in understanding semnatics in human as well as programming languages.
We focus on building an AI-driven workflow to assist developers in identifying and rectifying vulnerabilities.
arXiv Detail & Related papers (2024-01-02T16:14:30Z) - SyzTrust: State-aware Fuzzing on Trusted OS Designed for IoT Devices [67.65883495888258]
We present SyzTrust, the first state-aware fuzzing framework for vetting the security of resource-limited Trusted OSes.
SyzTrust adopts a hardware-assisted framework to enable fuzzing Trusted OSes directly on IoT devices.
We evaluate SyzTrust on Trusted OSes from three major vendors: Samsung, Tsinglink Cloud, and Ali Cloud.
arXiv Detail & Related papers (2023-09-26T08:11:38Z) - Task-Oriented Integrated Sensing, Computation and Communication for
Wireless Edge AI [46.61358701676358]
Edge artificial intelligence (AI) has been proposed to provide high-performance computation of a conventional cloud down to the network edge.
Recently, convergence of wireless sensing, computation and communication (SC$2$) for specific edge AI tasks, has aroused paradigm shift.
It is paramount importance to advance fully integrated sensing, computation and communication (I SCC) to achieve ultra-reliable and low-latency edge intelligence acquisition.
arXiv Detail & Related papers (2023-06-11T06:40:51Z) - An Empirical Study of AI Techniques in Mobile Applications [10.43634556488264]
We conducted the most extensive empirical study on AI applications, exploring on-device ML apps, on-device DL apps, and AI service-supported (cloud-based) apps.
Our study has strong implications for AI app developers, users, and AI R&D.
arXiv Detail & Related papers (2022-12-03T15:31:34Z) - Developing an AI-enabled IIoT platform -- Lessons learned from early use
case validation [47.37985501848305]
We introduce the design of this platform and discuss an early evaluation in terms of a demonstrator for AI-enabled visual quality inspection.
This is complemented by insights and lessons learned during this early evaluation activity.
arXiv Detail & Related papers (2022-07-10T18:51:12Z) - Distributed intelligence on the Edge-to-Cloud Continuum: A systematic
literature review [62.997667081978825]
This review aims at providing a comprehensive vision of the main state-of-the-art libraries and frameworks for machine learning and data analytics available today.
The main simulation, emulation, deployment systems, and testbeds for experimental research on the Edge-to-Cloud Continuum available today are also surveyed.
arXiv Detail & Related papers (2022-04-29T08:06:05Z) - SoK: On the Semantic AI Security in Autonomous Driving [42.15658768948801]
Autonomous Driving systems rely on AI components to make safety and correct driving decisions.
For such AI component-level vulnerabilities to be semantically impactful at the system level, it needs to address non-trivial semantic gaps.
In this paper, we define such research space as semantic AI security as opposed to generic AI security.
arXiv Detail & Related papers (2022-03-10T12:00:34Z) - Android Security using NLP Techniques: A Review [1.218340575383456]
Android is among the most targeted platform by attackers.
Traditional solutions based on static and dynamic analysis have been evolving.
This study aims to explore possible research directions for future studies by presenting state-of-the-art in this domain.
arXiv Detail & Related papers (2021-07-07T08:33:00Z) - Deep Learning for Face Anti-Spoofing: A Survey [74.42603610773931]
Face anti-spoofing (FAS) has lately attracted increasing attention due to its vital role in securing face recognition systems from presentation attacks (PAs)
arXiv Detail & Related papers (2021-06-28T19:12:00Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.