CORE
🇺🇦
make metadata, not war
Services
Services overview
Explore all CORE services
Access to raw data
API
Dataset
FastSync
Content discovery
Recommender
Discovery
OAI identifiers
OAI Resolver
Managing content
Dashboard
Bespoke contracts
Consultancy services
Support us
Support us
Membership
Sponsorship
Community governance
Advisory Board
Board of supporters
Research network
About
About us
Our mission
Team
Blog
FAQs
Contact us
Security metrics for the Android ecosystem
Authors
AR Beresford
A Rice
DR Thomas
Publication date
12 October 2015
Publisher
SPSM 2015 - Proceedings of the 5th Annual ACM CCS Workshop on Security and Privacy in Smartphones and Mobile Devices, co-located with: CCS 2015
Doi
Cite
Abstract
© 2015 ACM. The security of Android depends on the timely delivery of updates to fix critical vulnerabilities. In this paper we map the complex network of players in the Android ecosystem who must collaborate to provide updates, and determine that inaction by some manufacturers and network operators means many handsets are vulnerable to critical vulnerabil- ities. We define the FUM security metric to rank the per- formance of device manufacturers and network operators, based on their provision of updates and exposure to critical vulnerabilities. Using a corpus of 20 400 devices we show that there is significant variability in the timely delivery of security updates across different device manufacturers and network operators. This provides a comparison point for purchasers and regulators to determine which device man- ufacturers and network operators provide security updates and which do not. We find that on average 87.7% of An- droid devices are exposed to at least one of 11 known critical vulnerabilities and, across the ecosystem as a whole, assign a FUM security score of 2.87 out of 10. In our data, Nexus devices do considerably better than average with a score of 5.17; and LG is the best manufacturer with a score of 3.97
Similar works
Full text
Open in the Core reader
Download PDF
Available Versions
Sustaining member
Apollo (Cambridge)
See this paper in CORE
Go to the repository landing page
Download from data provider
oai:www.repository.cam.ac.uk:1...
Last time updated on 03/06/2019
University of Strathclyde Institutional Repository
See this paper in CORE
Go to the repository landing page
Download from data provider
oai:strathprints.strath.ac.uk:...
Last time updated on 09/09/2019