Target Fragmentation in Android Apps

Patrick Mutchler; Yeganeh Safaei; Adam Doupe; John Mitchell

doi:10.1109/SPW.2016.31

Target Fragmentation in Android Apps

Patrick Mutchler, Yeganeh Safaei, Adam Doupe, John Mitchell

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

30 Scopus citations

Abstract

Android apps declare a target version of the Android run-time platform. When run on devices with more recent Android versions, apps are executed in a compatibility mode that attempts to mimic the behavior of the older target version. This design has serious security consequences. Apps that target outdated Android versions disable important security changes to the Android platform. We call the problem of apps targeting outdated Android versions the target fragmentation problem. We analyze a dataset of 1,232,696 free Android apps collected between May, 2012 and December, 2015 and show that the target fragmentation problem is a serious concern across the entire app ecosystem and has not changed considerably in several years. In total, 93% of current apps target out-of-date platform versions and have a mean outdatedness of 686 days, 79% of apps are already out-of-date on the day they are uploaded to the app store. Finally, we examine seven security related changes to the Android platform that are disabled in apps that target outdated platform versions and show that target fragmentation hamstrings attempts to improve the security of Android apps.

Original language	English (US)
Title of host publication	Proceedings - 2016 IEEE Symposium on Security and Privacy Workshops, SPW 2016
Publisher	Institute of Electrical and Electronics Engineers Inc.
Pages	204-213
Number of pages	10
ISBN (Electronic)	9781509008247
DOIs	https://doi.org/10.1109/SPW.2016.31
State	Published - Aug 1 2016
Event	2016 IEEE Symposium on Security and Privacy Workshops, SPW 2016 - San Jose, United States Duration: May 23 2016 → May 25 2016

Other

Other	2016 IEEE Symposium on Security and Privacy Workshops, SPW 2016
Country/Territory	United States
City	San Jose
Period	5/23/16 → 5/25/16

Keywords

Android Security
API Versions
Mobile Security
Target Fragmentation

ASJC Scopus subject areas

Safety, Risk, Reliability and Quality
Computer Networks and Communications
Artificial Intelligence

Access to Document

10.1109/SPW.2016.31

Cite this

Mutchler, P, Safaei, Y, Doupe, A & Mitchell, J 2016, Target Fragmentation in Android Apps. in Proceedings - 2016 IEEE Symposium on Security and Privacy Workshops, SPW 2016., 7527771, Institute of Electrical and Electronics Engineers Inc., pp. 204-213, 2016 IEEE Symposium on Security and Privacy Workshops, SPW 2016, San Jose, United States, 5/23/16. https://doi.org/10.1109/SPW.2016.31

@inproceedings{ddf5fc11541e441f81dc0d45ced72ef1,

title = "Target Fragmentation in Android Apps",

abstract = "Android apps declare a target version of the Android run-time platform. When run on devices with more recent Android versions, apps are executed in a compatibility mode that attempts to mimic the behavior of the older target version. This design has serious security consequences. Apps that target outdated Android versions disable important security changes to the Android platform. We call the problem of apps targeting outdated Android versions the target fragmentation problem. We analyze a dataset of 1,232,696 free Android apps collected between May, 2012 and December, 2015 and show that the target fragmentation problem is a serious concern across the entire app ecosystem and has not changed considerably in several years. In total, 93% of current apps target out-of-date platform versions and have a mean outdatedness of 686 days, 79% of apps are already out-of-date on the day they are uploaded to the app store. Finally, we examine seven security related changes to the Android platform that are disabled in apps that target outdated platform versions and show that target fragmentation hamstrings attempts to improve the security of Android apps.",

keywords = "Android Security, API Versions, Mobile Security, Target Fragmentation",

author = "Patrick Mutchler and Yeganeh Safaei and Adam Doupe and John Mitchell",

year = "2016",

month = aug,

day = "1",

doi = "10.1109/SPW.2016.31",

language = "English (US)",

pages = "204--213",

booktitle = "Proceedings - 2016 IEEE Symposium on Security and Privacy Workshops, SPW 2016",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

address = "United States",

note = "2016 IEEE Symposium on Security and Privacy Workshops, SPW 2016 ; Conference date: 23-05-2016 Through 25-05-2016",

}

TY - GEN

T1 - Target Fragmentation in Android Apps

AU - Mutchler, Patrick

AU - Safaei, Yeganeh

AU - Doupe, Adam

AU - Mitchell, John

PY - 2016/8/1

Y1 - 2016/8/1

N2 - Android apps declare a target version of the Android run-time platform. When run on devices with more recent Android versions, apps are executed in a compatibility mode that attempts to mimic the behavior of the older target version. This design has serious security consequences. Apps that target outdated Android versions disable important security changes to the Android platform. We call the problem of apps targeting outdated Android versions the target fragmentation problem. We analyze a dataset of 1,232,696 free Android apps collected between May, 2012 and December, 2015 and show that the target fragmentation problem is a serious concern across the entire app ecosystem and has not changed considerably in several years. In total, 93% of current apps target out-of-date platform versions and have a mean outdatedness of 686 days, 79% of apps are already out-of-date on the day they are uploaded to the app store. Finally, we examine seven security related changes to the Android platform that are disabled in apps that target outdated platform versions and show that target fragmentation hamstrings attempts to improve the security of Android apps.

AB - Android apps declare a target version of the Android run-time platform. When run on devices with more recent Android versions, apps are executed in a compatibility mode that attempts to mimic the behavior of the older target version. This design has serious security consequences. Apps that target outdated Android versions disable important security changes to the Android platform. We call the problem of apps targeting outdated Android versions the target fragmentation problem. We analyze a dataset of 1,232,696 free Android apps collected between May, 2012 and December, 2015 and show that the target fragmentation problem is a serious concern across the entire app ecosystem and has not changed considerably in several years. In total, 93% of current apps target out-of-date platform versions and have a mean outdatedness of 686 days, 79% of apps are already out-of-date on the day they are uploaded to the app store. Finally, we examine seven security related changes to the Android platform that are disabled in apps that target outdated platform versions and show that target fragmentation hamstrings attempts to improve the security of Android apps.

KW - Android Security

KW - API Versions

KW - Mobile Security

KW - Target Fragmentation

UR - http://www.scopus.com/inward/record.url?scp=85008602492&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85008602492&partnerID=8YFLogxK

U2 - 10.1109/SPW.2016.31

DO - 10.1109/SPW.2016.31

M3 - Conference contribution

AN - SCOPUS:85008602492

SP - 204

EP - 213

BT - Proceedings - 2016 IEEE Symposium on Security and Privacy Workshops, SPW 2016

PB - Institute of Electrical and Electronics Engineers Inc.

T2 - 2016 IEEE Symposium on Security and Privacy Workshops, SPW 2016

Y2 - 23 May 2016 through 25 May 2016

ER -

Target Fragmentation in Android Apps

Abstract

Other

Keywords

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this