Show simple item record

dc.contributor.authorThomas, DR
dc.contributor.authorBeresford, AR
dc.contributor.authorRice, A
dc.date.accessioned2018-09-07T21:24:54Z
dc.date.available2018-09-07T21:24:54Z
dc.date.issued2015-10-12
dc.identifier.isbn9781450338196
dc.identifier.urihttps://www.repository.cam.ac.uk/handle/1810/279693
dc.description.abstract© 2015 ACM. The security of Android depends on the timely delivery of updates to fix critical vulnerabilities. In this paper we map the complex network of players in the Android ecosystem who must collaborate to provide updates, and determine that inaction by some manufacturers and network operators means many handsets are vulnerable to critical vulnerabil- ities. We define the FUM security metric to rank the per- formance of device manufacturers and network operators, based on their provision of updates and exposure to critical vulnerabilities. Using a corpus of 20 400 devices we show that there is significant variability in the timely delivery of security updates across different device manufacturers and network operators. This provides a comparison point for purchasers and regulators to determine which device man- ufacturers and network operators provide security updates and which do not. We find that on average 87.7% of An- droid devices are exposed to at least one of 11 known critical vulnerabilities and, across the ecosystem as a whole, assign a FUM security score of 2.87 out of 10. In our data, Nexus devices do considerably better than average with a score of 5.17; and LG is the best manufacturer with a score of 3.97.
dc.publisherACM
dc.titleSecurity metrics for the Android ecosystem
dc.typeConference Object
prism.endingPage98
prism.publicationDate2015
prism.publicationNameSPSM 2015 - Proceedings of the 5th Annual ACM CCS Workshop on Security and Privacy in Smartphones and Mobile Devices, co-located with: CCS 2015
prism.startingPage87
dc.identifier.doi10.17863/CAM.27064
rioxxterms.versionofrecord10.1145/2808117.2808118
rioxxterms.versionAM
rioxxterms.licenseref.urihttp://www.rioxx.net/licenses/all-rights-reserved
rioxxterms.licenseref.startdate2015-10-12
dc.contributor.orcidThomas, Daniel [0000-0001-8936-0683]
dc.contributor.orcidBeresford, Alastair R [0000-0003-0818-6535]
dc.contributor.orcidRice, Andrew [0000-0002-4677-8032]
rioxxterms.typeConference Paper/Proceeding/Abstract
pubs.funder-project-idEngineering and Physical Sciences Research Council (EP/M020320/1)
pubs.funder-project-idEPSRC (1453439)
cam.issuedOnline2015-10-12
pubs.conference-name5th Annual ACM CCS Workshop on Security and Privacy in Smartphones and Mobile Devices,


Files in this item

Thumbnail

This item appears in the following Collection(s)

Show simple item record