Harvesting inconsistent security configurations in custom android ROMs via differential analysis

Yousra Aafer, Xiao Zhang, Wenliang Du

Research output: Chapter in Book/Entry/PoemConference contribution

29 Scopus citations


Android customization offers substantially different experiences and rich functionalities to users. Every party in the customization chain, such as vendors and carriers, modify the OS and the pre-installed apps to tailor their devices for a variety of models, regions, and custom services. However, these modifications do not come at no cost. Several existing studies demonstrate that modifying security configurations during the customization brings in critical security vulnerabilities. Albeit these serious consequences, little has been done to systematically study how Android customization can lead to security problems, and how severe the situation is. In this work, we systematically identified security features that, if altered during the customization, can introduce potential risks. We conducted a large scale differential analysis on 591 custom images to detect inconsistent security features. Our results show that these discrepancies are indeed prevalent among our collected images. We have further identified several risky patterns that warrant further investigation. We have designed attacks on real devices and confirmed that these inconsistencies can indeed lead to actual security breaches.

Original languageEnglish (US)
Title of host publicationProceedings of the 25th USENIX Security Symposium
PublisherUSENIX Association
Number of pages16
ISBN (Electronic)9781931971324
StatePublished - 2016
Event25th USENIX Security Symposium - Austin, United States
Duration: Aug 10 2016Aug 12 2016

Publication series

NameProceedings of the 25th USENIX Security Symposium


Conference25th USENIX Security Symposium
Country/TerritoryUnited States

ASJC Scopus subject areas

  • Information Systems
  • Safety, Risk, Reliability and Quality
  • Computer Networks and Communications


Dive into the research topics of 'Harvesting inconsistent security configurations in custom android ROMs via differential analysis'. Together they form a unique fingerprint.

Cite this