A survey of Android exploits in the wild

Abstract

The Android operating system has been dominating the mobile device market in recent years. Although Android has actively strengthened its security mechanisms and fixed a great number of vulnerabilities as its version evolves, new vulnerabilities still keep emerging. Vulnerability exploitation is a common way to achieve privilege escalation on Android systems. In order to provide a holistic and comprehensive understanding of the exploits, we conduct a survey of publicly available 63 exploits for Android devices in this paper. Based on the analysis of the collected real-world exploits, we construct a taxonomy on Android exploitation and present the similarities/differences and strength/weakness of different types of exploits. On the other hand, we conduct an evaluation on a group of selected exploits on our test devices. Based on both the theoretical analysis and the experimental results of the evaluation, we present our insight into the Android exploitation. The growth of exploit categories along the timeline reflects three trends: (1) the individual exploits are more device specific and operating system version specific; (2) exploits targeting vendors' customization grow steadily where the increase of other types of exploits slows down; and (3) memory corruption gradually becomes the primary approach to initiate exploitation.