Bove D (2024)
Publication Type: Conference contribution
Publication year: 2024
Publisher: Association for Computing Machinery
City/Town: New York
Pages Range: 1-11
Conference Proceedings Title: Proceedings of the 19th International Conference on Availability, Reliability and Security
ISBN: 979-8-4007-1718-5
In the realm of mobile security, where OS-based protections have proven insufficient against robust attackers, Trusted Execution Environments (TEEs) have emerged as a hardware-based security technology. Despite the industry’s persistence in advancing TEE technology, the impact on end users and developers remains largely unexplored. This study addresses this gap by conducting a large-scale analysis of TEE utilization in Android applications, focusing on the key areas of cryptography, digital rights management, biometric authentication, and secure dialogs.
To facilitate our extensive analysis, we introduce Mobsec Analytika, a framework tailored for large-scale app examinations, which we make available to the research community. Through 333,475 popular Android apps, our analysis illuminates the implementation of TEE-related features and their contextual usage.
Our findings reveal that TEE features are predominantly utilized indirectly through third-party libraries, with only 6.2% of apps directly invoking the APIs. Moreover, the study reveals the underutilization of the recent TEE-based UI feature Protected Confirmation.
APA:
Bove, D. (2024). A Large-Scale Study on the Prevalence and Usage of TEE-based Features on Android. In Proceedings of the 19th International Conference on Availability, Reliability and Security (pp. 1-11). Vienna, AT: New York: Association for Computing Machinery.
MLA:
Bove, Davide. "A Large-Scale Study on the Prevalence and Usage of TEE-based Features on Android." Proceedings of the ARES '24, Vienna New York: Association for Computing Machinery, 2024. 1-11.
BibTeX: Download