Embedded.com Tech Focus Newsletter (7-21-14): Securing Android on nextgen embedded IoT & mobile apps

There are serious security challenges in the Android platform that must be addressed if it is to remain the dominant smartphone OS and to be useful in a growing number of consumer IoT apps as well as in embedded medical, automotive, and robotics designs.

The authors describe the software development of an FDA compliant Class III medical software application that was successfully ported from a Windows CE environment to an Android 4.1 tablet platform.

Remote control of devices using the Android mobile platform to run group of server programs on the mobile device that were connected to the network or USB interface, depending on availability.

A Body Area Network (BAN) gateway to Android mobile phones for mobile health applications based on a Secure Digital Input Output (SDIO) interface.

An analysis of vendor customizations of Android devices and an assessment of their impact on overall Android security and the sources of those issues

An analysis of more than 1,200 malware samples from existing Android malware families collected during 2011.

A systematic analysis of the interplay among the different layers of Android to provide a simple security model of the interaction among the components of the Android Security Framework.

An overview of the the major Android security problems in its message passing system which while designed to create rich, collaborative apps, also introduces the potential for attacks.

A security framework for Android which consists of both mandatory access control (MAC) in the kernel layer and role-based access control (RBAC) in the framework layer.

An open test suite for evaluating the effectiveness and accuracy of taint-analysis tools specifically for Android apps.

How a static analyzer, called SCANDAL, can be used to detect privacy leaks in Android applications.

A framework for exposing the functionality and security threats of a mobile app through a combination of static and dynamic program analysis that attempts to explore all available execution paths including libraries.

A data-centric model for protecting against smartphone vulnerabilities and malware threats that uses multiple and different layers to restrict and control access.