{"id":13372,"date":"2021-12-09T21:04:30","date_gmt":"2021-12-10T02:04:30","guid":{"rendered":"https:\/\/carleton.ca\/scs\/?page_id=13372"},"modified":"2026-06-02T14:59:23","modified_gmt":"2026-06-02T18:59:23","slug":"tr-12-01-understanding-and-improving-app-installation-security-mechanisms-through-empirical-analysis-of-android","status":"publish","type":"page","link":"https:\/\/carleton.ca\/scs\/research\/scs-technical-reports\/technical-reports-2012\/tr-12-01-understanding-and-improving-app-installation-security-mechanisms-through-empirical-analysis-of-android\/","title":{"rendered":"TR-12-01: Understanding and Improving App Installation Security Mechanisms through Empirical Analysis of Android"},"content":{"rendered":"\n<section class=\"w-screen px-6 cu-section cu-section--white ml-offset-center md:px-8 lg:px-14\">\n    <div class=\"space-y-6 cu-max-w-child-5xl  md:space-y-10 cu-prose-first-last\">\n\n            <div class=\"cu-textmedia flex flex-col lg:flex-row mx-auto gap-6 md:gap-10 my-6 md:my-12 first:mt-0 max-w-5xl\">\n        <div class=\"justify-start cu-textmedia-content cu-prose-first-last\" style=\"flex: 0 0 100%;\">\n            <header class=\"font-light prose-xl cu-pageheader md:prose-2xl cu-component-updated cu-prose-first-last\">\n                                    <h1 class=\"cu-prose-first-last font-semibold !mt-2 mb-4 md:mb-6 relative after:absolute after:h-px after:bottom-0 after:bg-cu-red after:left-px text-3xl md:text-4xl lg:text-5xl lg:leading-[3.5rem] pb-5 after:w-10 text-cu-black-700 not-prose\">\n                        TR-12-01: Understanding and Improving App Installation Security Mechanisms through Empirical Analysis of Android\n                    <\/h1>\n                \n                                \n                            <\/header>\n\n                    <\/div>\n\n            <\/div>\n\n    <\/div>\n<\/section>\n\n<p>Carleton University<br>\n<a href=\"https:\/\/carleton.ca\/scs\/research\/scs-technical-reports\/technical-reports-2012\/\">Technical Report<\/a> TR-12-01<br>\nJuly 1, 2012<\/p>\n\n\n\n<h2 id=\"understanding-and-improving-app-installation-security-mechanisms-through-empirical-analysis-of-android\" class=\"wp-block-heading tr_t1\">Understanding and Improving App Installation Security Mechanisms through Empirical Analysis of Android<\/h2>\n\n\n\n<div class=\"tr_t3\">\n<div class=\"tr_t3\">\n<div class=\"tr_t3\">\n<div class=\"tr_t3\">\n<div class=\"tr_t3\">\n<div class=\"tr_t3\">\n<div class=\"tr_t3\">\n<div class=\"tr_t3\">\n<div class=\"tr_t3\">David Barrera, Jeremy Clark, Daniel McCarney, Paul C. van Oorschot<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<div>\n<h3>Abstract<\/h3>\n<p>We provide a detailed analysis of two largely unexplored aspects of the security decisions made by the Android operating system (OS) during the app installation process: update integrity and UID assignment. To inform our analysis, we collect a dataset of Android app metadata and extract features from these binaries to gain a better understanding of how developers interact with the security mechanisms invoked during installation. Using the dataset, we find empirical evidence that Android&#8217;s current signing architecture does not encourage best security practices, and that the UID sharing method is incongruent with how developers use it. As a result of our analysis, we recommend incrementally deployable improvements, including a novel UID sharing mechanism. We additionally provide a web-interface, which we call the Android Observatory, as a front-end to our dataset allowing queries that display relationships between developers, application versions, and app market listings. Our dataset currently includes metadata, packaging and code signing information for app packages collected from 7 different sources, including app markets, filesharing networks and malware repositories.<\/p>\n<p><a href=\"https:\/\/carleton.ca\/scs\/wp-content\/uploads\/sites\/260\/TR-12-01.pdf\">TR-12-01.pdf<\/a><\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>Carleton University Technical Report TR-12-01 July 1, 2012 Understanding and Improving App Installation Security Mechanisms through Empirical Analysis of Android David Barrera, Jeremy Clark, Daniel McCarney, Paul C. van Oorschot Abstract We provide a detailed analysis of two largely unexplored aspects of the security decisions made by the Android operating system (OS) during the app [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"parent":12501,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_acf_changed":false,"_cu_dining_location_slug":"","footnotes":"","_links_to":"","_links_to_target":""},"cu_page_type":[],"class_list":["post-13372","page","type-page","status-publish","hentry"],"acf":{"cu_post_thumbnail":false},"_links":{"self":[{"href":"https:\/\/carleton.ca\/scs\/wp-json\/wp\/v2\/pages\/13372","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/carleton.ca\/scs\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/carleton.ca\/scs\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/carleton.ca\/scs\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/carleton.ca\/scs\/wp-json\/wp\/v2\/comments?post=13372"}],"version-history":[{"count":1,"href":"https:\/\/carleton.ca\/scs\/wp-json\/wp\/v2\/pages\/13372\/revisions"}],"predecessor-version":[{"id":13373,"href":"https:\/\/carleton.ca\/scs\/wp-json\/wp\/v2\/pages\/13372\/revisions\/13373"}],"up":[{"embeddable":true,"href":"https:\/\/carleton.ca\/scs\/wp-json\/wp\/v2\/pages\/12501"}],"wp:attachment":[{"href":"https:\/\/carleton.ca\/scs\/wp-json\/wp\/v2\/media?parent=13372"}],"wp:term":[{"taxonomy":"cu_page_type","embeddable":true,"href":"https:\/\/carleton.ca\/scs\/wp-json\/wp\/v2\/cu_page_type?post=13372"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}