An Empirical Study of Android Security Bulletins in Different Vendors

Sadegh Farhang, Mehmet Bahadir Kirdan, Aron Laszka, Jens Grossklags

Publikation: Beitrag in Buch/Bericht/KonferenzbandKonferenzbeitragBegutachtung

15 Zitate (Scopus)

Abstract

Mobile devices encroach on almost every part of our lives, including work and leisure, and contain a wealth of personal and sensitive information. It is, therefore, imperative that these devices uphold high security standards. A key aspect is the security of the underlying operating system. In particular, Android plays a critical role due to being the most dominant platform in the mobile ecosystem with more than one billion active devices and due to its openness, which allows vendors to adopt and customize it. Similar to other platforms, Android maintains security by providing monthly security patches and announcing them via the Android security bulletin. To absorb this information successfully across the Android ecosystem, impeccable coordination by many different vendors is required. In this paper, we perform a comprehensive study of 3,171 Android-related vulnerabilities and study to which degree they are reflected in the Android security bulletin, as well as in the security bulletins of three leading vendors: Samsung, LG, and Huawei. In our analysis, we focus on the metadata of these security bulletins (e.g., timing, affected layers, severity, and CWE data) to better understand the similarities and differences among vendors. We find that (i) the studied vendors in the Android ecosystem have adopted different structures for vulnerability reporting, (ii) vendors are less likely to react with delay for CVEs with Android Git repository references, (iii) vendors handle Qualcomm-related CVEs different from the rest of external layer CVEs.

OriginalspracheEnglisch
TitelThe Web Conference 2020 - Proceedings of the World Wide Web Conference, WWW 2020
Herausgeber (Verlag)Association for Computing Machinery, Inc
Seiten3063-3069
Seitenumfang7
ISBN (elektronisch)9781450370233
DOIs
PublikationsstatusVeröffentlicht - 20 Apr. 2020
Extern publiziertJa
Veranstaltung29th International World Wide Web Conference, WWW 2020 - Taipei, Taiwan
Dauer: 20 Apr. 202024 Apr. 2020

Publikationsreihe

NameThe Web Conference 2020 - Proceedings of the World Wide Web Conference, WWW 2020

Konferenz

Konferenz29th International World Wide Web Conference, WWW 2020
Land/GebietTaiwan
OrtTaipei
Zeitraum20/04/2024/04/20

Fingerprint

Untersuchen Sie die Forschungsthemen von „An Empirical Study of Android Security Bulletins in Different Vendors“. Zusammen bilden sie einen einzigartigen Fingerprint.

Dieses zitieren