A Large-Scale Study on the Prevalence and Usage of TEE-based Features on Android

• URL: http://arxiv.org/abs/2311.10511v1
• Date: Fri, 17 Nov 2023 13:29:16 GMT
• Title: A Large-Scale Study on the Prevalence and Usage of TEE-based Features on Android
• Authors: Davide Bove,
• Abstract summary: This study focuses on the key areas of cryptography, digital rights management, biometric authentication, and secure dialogs. Through the analysis of 170,550 popular Android apps, our analysis illuminates the implementation of TEE-related features and their contextual usage.
• Score: 0.0
• License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
• Abstract: In the realm of mobile security, where OS-based protections have proven insufficient against robust attackers, Trusted Execution Environments (TEEs) have emerged as a hardware-based security technology. Despite the industry's persistence in advancing TEE technology, the impact on end users and developers remains largely unexplored. This study addresses this gap by conducting a large-scale analysis of TEE utilization in Android applications, focusing on the key areas of cryptography, digital rights management, biometric authentication, and secure dialogs. To facilitate our extensive analysis, we introduce Mobsec Analytika, a framework tailored for large-scale app examinations, which we make available to the research community. Through the analysis of 170,550 popular Android apps, our analysis illuminates the implementation of TEE-related features and their contextual usage. Our findings reveal that TEE features are predominantly utilized indirectly through third-party libraries, with only 6.7% of apps directly invoking the APIs. Moreover, the study reveals the underutilization of the recent TEE-based UI feature Protected Confirmation.

Related papers

• A Qualitative Study on Using ChatGPT for Software Security: Perception vs. Practicality [1.7624347338410744]
  ChatGPT is a Large Language Model (LLM) that can perform a variety of tasks with remarkable semantic understanding and accuracy. This study aims to gain an understanding of the potential of ChatGPT as an emerging technology for supporting software security. It was determined that security practitioners view ChatGPT as beneficial for various software security tasks, including vulnerability detection, information retrieval, and penetration testing.
  arXiv  Detail & Related papers  (2024-08-01T10:14:05Z)
• Enhancing Physical Layer Communication Security through Generative AI with Mixture of Experts [80.0638227807621]
  generative artificial intelligence (GAI) models have demonstrated superiority over conventional AI methods. MoE, which uses multiple expert models for prediction through a gate mechanism, proposes possible solutions.
  arXiv  Detail & Related papers  (2024-05-07T11:13:17Z)
• LLbezpeky: Leveraging Large Language Models for Vulnerability Detection [10.330063887545398]
  Large Language Models (LLMs) have shown tremendous potential in understanding semnatics in human as well as programming languages. We focus on building an AI-driven workflow to assist developers in identifying and rectifying vulnerabilities.
  arXiv  Detail & Related papers  (2024-01-02T16:14:30Z)
• A Holistic Approach for Trustworthy Distributed Systems with WebAssembly and TEEs [2.0198678236144474]
  This paper introduces a novel approach using WebAssembly to address these issues. We present the design of a portable and fully attested publish/subscribe system as a holistic approach. Our experimental results showcase most overheads, revealing a 1.55x decrease in message throughput when using a trusted broker.
  arXiv  Detail & Related papers  (2023-12-01T16:37:48Z)
• SyzTrust: State-aware Fuzzing on Trusted OS Designed for IoT Devices [67.65883495888258]
  We present SyzTrust, the first state-aware fuzzing framework for vetting the security of resource-limited Trusted OSes. SyzTrust adopts a hardware-assisted framework to enable fuzzing Trusted OSes directly on IoT devices. We evaluate SyzTrust on Trusted OSes from three major vendors: Samsung, Tsinglink Cloud, and Ali Cloud.
  arXiv  Detail & Related papers  (2023-09-26T08:11:38Z)
• Task-Oriented Integrated Sensing, Computation and Communication for Wireless Edge AI [46.61358701676358]
  Edge artificial intelligence (AI) has been proposed to provide high-performance computation of a conventional cloud down to the network edge. Recently, convergence of wireless sensing, computation and communication (SC$2$) for specific edge AI tasks, has aroused paradigm shift. It is paramount importance to advance fully integrated sensing, computation and communication (I SCC) to achieve ultra-reliable and low-latency edge intelligence acquisition.
  arXiv  Detail & Related papers  (2023-06-11T06:40:51Z)
• An Empirical Study of AI Techniques in Mobile Applications [10.43634556488264]
  We conducted the most extensive empirical study on AI applications, exploring on-device ML apps, on-device DL apps, and AI service-supported (cloud-based) apps. Our study has strong implications for AI app developers, users, and AI R&D.
  arXiv  Detail & Related papers  (2022-12-03T15:31:34Z)
• Developing an AI-enabled IIoT platform -- Lessons learned from early use case validation [47.37985501848305]
  We introduce the design of this platform and discuss an early evaluation in terms of a demonstrator for AI-enabled visual quality inspection. This is complemented by insights and lessons learned during this early evaluation activity.
  arXiv  Detail & Related papers  (2022-07-10T18:51:12Z)
• Distributed intelligence on the Edge-to-Cloud Continuum: A systematic literature review [62.997667081978825]
  This review aims at providing a comprehensive vision of the main state-of-the-art libraries and frameworks for machine learning and data analytics available today. The main simulation, emulation, deployment systems, and testbeds for experimental research on the Edge-to-Cloud Continuum available today are also surveyed.
  arXiv  Detail & Related papers  (2022-04-29T08:06:05Z)
• Android Security using NLP Techniques: A Review [1.218340575383456]
  Android is among the most targeted platform by attackers. Traditional solutions based on static and dynamic analysis have been evolving. This study aims to explore possible research directions for future studies by presenting state-of-the-art in this domain.
  arXiv  Detail & Related papers  (2021-07-07T08:33:00Z)
• Deep Learning for Face Anti-Spoofing: A Survey [74.42603610773931]
  Face anti-spoofing (FAS) has lately attracted increasing attention due to its vital role in securing face recognition systems from presentation attacks (PAs)
  arXiv  Detail & Related papers  (2021-06-28T19:12:00Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.