Understanding and Improving App Installation Security Mechanisms Through Empirical Analysis of Android
The authors provide a detailed analysis of two largely unexplored aspects of the security decisions made by the Android operating system during the app installation process: update integrity and UID assignment. To inform their analysis, they collect a dataset of Android application metadata and ex-tract features from these binaries to gain a better under-standing of how developers interact with the security mechanisms invoked during installation. Using the dataset, they find empirical evidence that Android's current signing architecture does not encourage best security practices. They also find that limitations of Android's UID sharing method force developers to write custom code rather than rely on OS-level mechanisms for secure data transfer between apps.