In the Android ecosystem, the process of verifying the integrity of downloaded apps is left to the user. Different from other systems, e.g., Apple, App Store, Google does not provide any certified vetting process for the Android apps. This choice has a lot of advantages but it is also the open door to possible attacks as the recent one shown by Bluebox. To address this issue, we present how to enable the deployment of application certification service, we called TruStores, for the Android platform. In our approach, the TruStore client enabled on the end-user device ensures that only the applications, which have been certified by the TruStore server, are installed on the user smartphone. We envisage trusted markets (TruStore servers, which can be, e.g., corporate application markets) that guarantee security by enabling an application vetting process. The TruStore infrastructure maintains the open nature of the Android ecosystem and requires minor modications to Android stack. Moreover, it is backward-compatible and transparent for developers, and does not change the application management process on a device. In the paper we present the TruStore architecture and report the implementation details of the client part.

TruStore: Implementing a Trusted Store for Android / Zhauniarovich, Yury; Crispo, Bruno; Gadyatskaya, Olga. - ELETTRONICO. - (2013), pp. 1-18.

TruStore: Implementing a Trusted Store for Android

Yury, Zhauniarovich
Primo
;
Bruno, Crispo
Ultimo
;
Olga, Gadyatskaya
Secondo
2013-01-01

Abstract

In the Android ecosystem, the process of verifying the integrity of downloaded apps is left to the user. Different from other systems, e.g., Apple, App Store, Google does not provide any certified vetting process for the Android apps. This choice has a lot of advantages but it is also the open door to possible attacks as the recent one shown by Bluebox. To address this issue, we present how to enable the deployment of application certification service, we called TruStores, for the Android platform. In our approach, the TruStore client enabled on the end-user device ensures that only the applications, which have been certified by the TruStore server, are installed on the user smartphone. We envisage trusted markets (TruStore servers, which can be, e.g., corporate application markets) that guarantee security by enabling an application vetting process. The TruStore infrastructure maintains the open nature of the Android ecosystem and requires minor modications to Android stack. Moreover, it is backward-compatible and transparent for developers, and does not change the application management process on a device. In the paper we present the TruStore architecture and report the implementation details of the client part.
2013
Trento
Università degli Studi di Trento, Dipartimento di Ingegneria e Scienza dell'Informazione
TruStore: Implementing a Trusted Store for Android / Zhauniarovich, Yury; Crispo, Bruno; Gadyatskaya, Olga. - ELETTRONICO. - (2013), pp. 1-18.
Zhauniarovich, Yury; Crispo, Bruno; Gadyatskaya, Olga
File in questo prodotto:
File Dimensione Formato  
Binder1.pdf

accesso aperto

Tipologia: Versione editoriale (Publisher’s layout)
Licenza: Tutti i diritti riservati (All rights reserved)
Dimensione 947.61 kB
Formato Adobe PDF
947.61 kB Adobe PDF Visualizza/Apri

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11572/358962
 Attenzione

Attenzione! I dati visualizzati non sono stati sottoposti a validazione da parte dell'ateneo

Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus ND
  • ???jsp.display-item.citation.isi??? ND
  • OpenAlex ND
social impact