FirmwareDroid: Towards Automated Static Analysis of Pre-Installed Android Apps

Supply chain attacks are an evolving threat to the IoT and mobile landscape. Recent malware findings have shown that even sizeable mobile phone vendors cannot defend their operating systems fully against pre-installed malware. Detecting and mitigating malware and software vulnerabilities on Android...

Full description

Saved in:
Bibliographic Details
Published in2023 IEEE/ACM 10th International Conference on Mobile Software Engineering and Systems (MOBILESoft) pp. 12 - 22
Main Authors Sutter, Thomas, Tellenbach, Bernhard
Format Conference Proceeding
LanguageEnglish
Published IEEE 01.05.2023
Subjects
Advertising
Android Firmware
Malware
Pre-Installed Apps
Privacy
Security
Static analysis
Supply chains
Task analysis
Vulnerability
Online AccessGet full text

Cover

More Information
Summary:Supply chain attacks are an evolving threat to the IoT and mobile landscape. Recent malware findings have shown that even sizeable mobile phone vendors cannot defend their operating systems fully against pre-installed malware. Detecting and mitigating malware and software vulnerabilities on Android firmware is a challenging task requiring expertise in Android internals, such as customised firmware formats. Moreover, as users cannot choose what software is pre-installed on their devices, there is a fundamental lack of transparency and control. To make Android firmware analysis more accessible and regain some transparency, we present FirmwareDroid, a novel open-source security framework for Android firmware analysis that automates the extraction and analysis of pre-installed software.FirmwareDroid streamlines the process of software extraction from Android firmware for static security and privacy assessments. With FirmwareDroid, we lay the groundwork for researchers to automate the security assessment of Android firmware at scale, and we demonstrated the capabilities of FirmwareDroid by analysing 5,728 Android firmware samples from various vendors. We analysed 75,141 unique pre-installed Android applications to study how common advertising tracker libraries (a piece of software that collects user usage data) are used and which permissions pre-installed Android apps inherit. We conclude that 20.53% of all apps in our dataset include advertising trackers and that 88.14% of all used permissions are signature-based.
DOI:10.1109/MOBILSoft59058.2023.00009