Target Fragmentation in Android Apps

Patrick Mutchler, Yeganeh Safaei, Adam Doupe, John Mitchell

Research output: Chapter in Book/Report/Conference proceedingConference contribution

15 Scopus citations

Abstract

Android apps declare a target version of the Android run-time platform. When run on devices with more recent Android versions, apps are executed in a compatibility mode that attempts to mimic the behavior of the older target version. This design has serious security consequences. Apps that target outdated Android versions disable important security changes to the Android platform. We call the problem of apps targeting outdated Android versions the target fragmentation problem. We analyze a dataset of 1,232,696 free Android apps collected between May, 2012 and December, 2015 and show that the target fragmentation problem is a serious concern across the entire app ecosystem and has not changed considerably in several years. In total, 93% of current apps target out-of-date platform versions and have a mean outdatedness of 686 days, 79% of apps are already out-of-date on the day they are uploaded to the app store. Finally, we examine seven security related changes to the Android platform that are disabled in apps that target outdated platform versions and show that target fragmentation hamstrings attempts to improve the security of Android apps.

Original languageEnglish (US)
Title of host publicationProceedings - 2016 IEEE Symposium on Security and Privacy Workshops, SPW 2016
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages204-213
Number of pages10
ISBN (Electronic)9781509008247
DOIs
StatePublished - Aug 1 2016
Event2016 IEEE Symposium on Security and Privacy Workshops, SPW 2016 - San Jose, United States
Duration: May 23 2016May 25 2016

Other

Other2016 IEEE Symposium on Security and Privacy Workshops, SPW 2016
CountryUnited States
CitySan Jose
Period5/23/165/25/16

Keywords

  • Android Security
  • API Versions
  • Mobile Security
  • Target Fragmentation

ASJC Scopus subject areas

  • Safety, Risk, Reliability and Quality
  • Computer Networks and Communications
  • Artificial Intelligence

Fingerprint Dive into the research topics of 'Target Fragmentation in Android Apps'. Together they form a unique fingerprint.

  • Cite this

    Mutchler, P., Safaei, Y., Doupe, A., & Mitchell, J. (2016). Target Fragmentation in Android Apps. In Proceedings - 2016 IEEE Symposium on Security and Privacy Workshops, SPW 2016 (pp. 204-213). [7527771] Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/SPW.2016.31