A security configuration assessment for android devices

Abstract: The wide spreading of mobile devices, such as smartphones and tablets, and their always-advancing capabilities makes them an attractive target for attackers. This, together with the fact that users frequently store critical personal information in such devices and that many organizations currently allow employees to use their personal devices to access the enterprise information infrastructure and applications, makes the assessment of the security of mobile devices a key issue. This paper proposes an approach … Show more

“…The User-defined Security Configuration Assessment tool (uSEA) focuses on identifying Android device misconfigurations based on the CIS recommendations. 8 The uSEA tool can automatically extract the value for the 41 security configurations and store them in a cloud database, providing relevant recommendations for improving each device's configuration and data for performing deeper analyses of the most common Android misconfigurations.…”

The Perils of Android Security Configuration

“…The User-defined Security Configuration Assessment tool (uSEA) focuses on identifying Android device misconfigurations based on the CIS recommendations. 8 The uSEA tool can automatically extract the value for the 41 security configurations and store them in a cloud database, providing relevant recommendations for improving each device's configuration and data for performing deeper analyses of the most common Android misconfigurations.…”

The Perils of Android Security Configuration

“…The identification of a list of best configuration practices that can be used to enhance the security of Android devices (see Chapter 3), this list was gathered from the literature and can be used to evaluate device's security level. A great part of these configurations was extracted from the CIS [27] security benchmarks and from [10,13,51] (published on [95]);…”

“…The tool supports the active search for configuration issues that may lead to security vulnerabilities in the devices under testing, providing information that can be used for improving the security of the assessed targets and for assessing the proneness of those targets to security attacks. The tool is currently available on Google Play [94]) and was initially introduced in [95].…”

“…It should be complete, representative and verifiable enabling the characterization of the SUB security level. Works in the literature [27,95], including our proposal presented in Chapter 3, already provide sets of security configurations for Android and iOS. In practice, those can be used as a starting point towards the definition of the security configuration set that should support the benchmarking process.…”

“…2. The uSEA tool can generate false-positives and false-negatives trying to identify root apps, malware and antivirus [95]. However, it provides a good estimate of the presence of these kind of applications.…”

Benchmarking user-defined security configurations of Android devices

A Participatory Privacy Protection Framework for Smart-Phone Application Default Settings