Visible to the public Profiling Vulnerabilities Threatening Dual Persona in Android Framework

TitleProfiling Vulnerabilities Threatening Dual Persona in Android Framework
Publication TypeConference Paper
Year of Publication2020
AuthorsSiddiquie, K., Shafqat, N., Masood, A., Abbas, H., Shahid, W. b
Conference Name2019 International Conference on Advances in the Emerging Computing Technologies (AECT)
KeywordsAndroid (operating system), Android 5, android encryption, Android for Work, Android Lollipop release, Android platform, Android security model, Android smartphones, Android vulnerabilities, Android vulnerability Website, Androids, BYOP, certificate forging, checksum collisions, crafted MMS, CYOD, dual persona, EMM, Encryption, FUM score, Google, GSuite, Human Behavior, inter-process communication, IPC, Kernel, Malware, managed profiles, Market research, Metrics, mobile computing, National Vulnerability Database NVD, Pingroot, profiling vulnerabilities threatening dual persona, pubcrawl, Quadroot, resilience, Resiliency, Scalability, security of data, security threat analysis, smart phones, smartphone, Stagefright, unrestricted access, vulnerable Android versions

Enterprises round the globe have been searching for a way to securely empower AndroidTM devices for work but have spurned away from the Android platform due to ongoing fragmentation and security concerns. Discrepant vulnerabilities have been reported in Android smartphones since Android Lollipop release. Smartphones can be easily hacked by installing a malicious application, visiting an infectious browser, receiving a crafted MMS, interplaying with plug-ins, certificate forging, checksum collisions, inter-process communication (IPC) abuse and much more. To highlight this issue a manual analysis of Android vulnerabilities is performed, by using data available in National Vulnerability Database NVD and Android Vulnerability website. This paper includes the vulnerabilities that risked the dual persona support in Android 5 and above, till Dec 2017. In our security threat analysis, we have identified a comprehensive list of Android vulnerabilities, vulnerable Android versions, manufacturers, and information regarding complete and partial patches released. So far, there is no published research work that systematically presents all the vulnerabilities and vulnerability assessment for dual persona feature of Android's smartphone. The data provided in this paper will open ways to future research and present a better Android security model for dual persona.

Citation Keysiddiquie_profiling_2020