An Economic Study of the Effect of Android Platform Fragmentation on Security Updates

Sadegh Farhang, Aron Laszka, Jens Grossklags

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

3 Scopus citations

Abstract

Vendors in the Android ecosystem typically customize their devices by modifying Android Open Source Project (AOSP) code, adding in-house developed proprietary software, and pre-installing third-party applications. However, research has documented how various security problems are associated with this customization process. We develop a model of the Android ecosystem utilizing the concepts of game theory and product differentiation to capture the competition involving two vendors customizing the AOSP platform. We show how the vendors are incentivized to differentiate their products from AOSP and from each other, and how prices are shaped through this differentiation process. We also consider two types of consumers: security-conscious consumers who understand and care about security, and naïve consumers who lack the ability to correctly evaluate security properties of vendor-supplied Android products or simply ignore security. It is evident that vendors shirk on security investments in the latter case. Regulators such as the U.S. Federal Trade Commission have sanctioned Android vendors for underinvestment in security, but the exact effects of these sanctions are difficult to disentangle with empirical data. Here, we model the impact of a regulator-imposed fine that incentivizes vendors to match a minimum security level. Interestingly, we show how product prices will decrease for the same cost of customization in the presence of a fine, or a higher level of regulator-imposed minimum security.

Original languageEnglish
Title of host publicationFinancial Cryptography and Data Security - 22nd International Conference, FC 2018, Revised Selected Papers
EditorsSarah Meiklejohn, Kazue Sako
PublisherSpringer Verlag
Pages119-137
Number of pages19
ISBN (Print)9783662583869
DOIs
StatePublished - 2018
Event22nd International Conference on Financial Cryptography and Data Security, 2018 - Nieuwpoort, Belgium
Duration: 26 Feb 20182 Mar 2018

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume10957 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Conference

Conference22nd International Conference on Financial Cryptography and Data Security, 2018
Country/TerritoryBelgium
CityNieuwpoort
Period26/02/182/03/18

Fingerprint

Dive into the research topics of 'An Economic Study of the Effect of Android Platform Fragmentation on Security Updates'. Together they form a unique fingerprint.

Cite this