Related papers: Security Evaluation of Android apps in budget African Mobile Devices

Security Evaluation of Android apps in budget African Mobile Devices

URL: http://arxiv.org/abs/2509.18800v1
Date: Tue, 23 Sep 2025 08:45:07 GMT
Title: Security Evaluation of Android apps in budget African Mobile Devices
Authors: Alioune Diallo, Anta Diop, Abdoul Kader Kabore, Jordan Samhi, Aleksandr Pilgun, Tegawendé F. Bissyande, Jacque Klein,
Abstract summary: Pre-installed applications on widely distributed low-cost devices represent a significant and underexplored threat to user security and privacy.<n>These results demonstrate that pre-installed applications on widely distributed low-cost devices represent a significant and underexplored threat to user security and privacy.
Score: 38.026369204707784
License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
Abstract: Android's open-source nature facilitates widespread smartphone accessibility, particularly in price-sensitive markets. System and vendor applications that come pre-installed on budget Android devices frequently operate with elevated privileges, yet they receive limited independent examination. To address this gap, we developed a framework that extracts APKs from physical devices and applies static analysis to identify privacy and security issues in embedded software. Our study examined 1,544 APKs collected from seven African smartphones. The analysis revealed that 145 applications (9%) disclose sensitive data, 249 (16%) expose critical components without sufficient safeguards, and many present additional risks: 226 execute privileged or dangerous commands, 79 interact with SMS messages (read, send, or delete), and 33 perform silent installation operations. We also uncovered a vendor-supplied package that appears to transmit device identifiers and location details to an external third party. These results demonstrate that pre-installed applications on widely distributed low-cost devices represent a significant and underexplored threat to user security and privacy.

Related papers

Beyond Permissions: An Empirical Static Analysis of Privacy and Security Risks in Children-Oriented and General-Audience Mobile Apps for Gaming [0.40611352512781873]
This study contributes a holistic static assessment of privacy exposure in mobile games.<n>It provides actionable insights for developers, platform providers, and researchers seeking to improve privacy-by-design practices in mobile applications.
arXiv Detail & Related papers (2026-02-11T14:06:03Z)
Agentic Discovery and Validation of Android App Vulnerabilities [8.298163888812233]
Existing Android vulnerability detection tools overwhelm teams with thousands of low-signal warnings.<n>Analysts spend days triaging these results, creating a bottleneck in the security pipeline.<n>We introduce A2, a system that mirrors how security experts analyze and validate Android vulnerabilities.
arXiv Detail & Related papers (2025-08-29T12:32:35Z)
LLMs Caught in the Crossfire: Malware Requests and Jailbreak Challenges [70.85114705489222]
We propose MalwareBench, a benchmark dataset containing 3,520 jailbreaking prompts for malicious code-generation.<n>M MalwareBench is based on 320 manually crafted malicious code generation requirements, covering 11 jailbreak methods and 29 code functionality categories.<n>Experiments show that mainstream LLMs exhibit limited ability to reject malicious code-generation requirements, and the combination of multiple jailbreak methods further reduces the model's security capabilities.
arXiv Detail & Related papers (2025-06-09T12:02:39Z)
CyberGym: Evaluating AI Agents' Cybersecurity Capabilities with Real-World Vulnerabilities at Scale [46.76144797837242]
Large language model (LLM) agents are becoming increasingly skilled at handling cybersecurity tasks autonomously.<n>Existing benchmarks fall short, often failing to capture real-world scenarios or being limited in scope.<n>We introduce CyberGym, a large-scale and high-quality cybersecurity evaluation framework featuring 1,507 real-world vulnerabilities.
arXiv Detail & Related papers (2025-06-03T07:35:14Z)
On the (In)Security of Non-resettable Device Identifiers in Custom Android Systems [4.319029420721902]
We present IDRadar, a scalable and accurate approach for identifying vulnerable properties and settings on custom Android ROMs.<n>We have identified 8,192 system properties and 3,620 settings that store non-resettable identifiers, with 3,477 properties and 1,336 settings lacking adequate access control.<n>Our large-scale analysis can identify a large number of security issues which are two orders of magnitude greater than existing techniques.
arXiv Detail & Related papers (2025-02-21T07:52:46Z)
Vulnerability, Where Art Thou? An Investigation of Vulnerability Management in Android Smartphone Chipsets [2.1959918957023743]
This paper provides an empirical study of the current state of smartphone chipset vulnerability management within the Android ecosystem.<n>We create a unified knowledge base of 3,676 chipset vulnerabilities affecting 437 chipset models from all four major chipset manufacturers, combined with 6,866 smartphone models.<n>We find that a single vulnerability often affects hundreds to thousands of different smartphone models, for which update availability is, as we show, often unclear or heavily delayed.
arXiv Detail & Related papers (2024-12-09T15:04:50Z)
Security Analysis of Top-Ranked mHealth Fitness Apps: An Empirical Study [0.32885740436059047]
We investigate the security vulnerabilities of ten top-ranked Android health and fitness apps, a set that accounts for 237 million downloads. Our findings revealed many vulnerabilities, such as insecure coding, hardcoded sensitive information, over-privileged permissions, misconfiguration, and excessive communication with third-party domains.
arXiv Detail & Related papers (2024-09-27T08:11:45Z)
The Impact of SBOM Generators on Vulnerability Assessment in Python: A Comparison and a Novel Approach [56.4040698609393]
Software Bill of Materials (SBOM) has been promoted as a tool to increase transparency and verifiability in software composition. Current SBOM generation tools often suffer from inaccuracies in identifying components and dependencies. We propose PIP-sbom, a novel pip-inspired solution that addresses their shortcomings.
arXiv Detail & Related papers (2024-09-10T10:12:37Z)
A Risk Estimation Study of Native Code Vulnerabilities in Android Applications [1.6078134198754157]
We propose a fast risk-based approach that provides a risk score related to the native part of an Android application. We show that many applications contain well-known vulnerabilities that miscreants can potentially exploit.
arXiv Detail & Related papers (2024-06-04T06:44:07Z)
SyzTrust: State-aware Fuzzing on Trusted OS Designed for IoT Devices [67.65883495888258]
We present SyzTrust, the first state-aware fuzzing framework for vetting the security of resource-limited Trusted OSes. SyzTrust adopts a hardware-assisted framework to enable fuzzing Trusted OSes directly on IoT devices. We evaluate SyzTrust on Trusted OSes from three major vendors: Samsung, Tsinglink Cloud, and Ali Cloud.
arXiv Detail & Related papers (2023-09-26T08:11:38Z)
Foveate, Attribute, and Rationalize: Towards Physically Safe and Trustworthy AI [76.28956947107372]
Covertly unsafe text is an area of particular interest, as such text may arise from everyday scenarios and are challenging to detect as harmful. We propose FARM, a novel framework leveraging external knowledge for trustworthy rationale generation in the context of safety. Our experiments show that FARM obtains state-of-the-art results on the SafeText dataset, showing absolute improvement in safety classification accuracy by 5.9%.
arXiv Detail & Related papers (2022-12-19T17:51:47Z)
Decentralized Privacy-Preserving Proximity Tracing [50.27258414960402]
DP3T provides a technological foundation to help slow the spread of SARS-CoV-2. System aims to minimise privacy and security risks for individuals and communities.
arXiv Detail & Related papers (2020-05-25T12:32:02Z)

This list is automatically generated from the titles and abstracts of the papers in this site.