A number of researchers have analyzed large collections of
apps across multiple markets. The results of these experiments,
including detection of malware [28], privacy leaks [11], and
poor developer practices [13] would be good candidates for
inclusion in a Meteor application database.
Perspectives [27] (and related projects such as Conver-
gence [20]) uses a set of “notary hosts” which monitor
web servers’ public keys from multiple vantage points on
the Internet. Clients query the notaries to detect man-in-the-
middle-attacks or changes to public keys. Information sources
in Meteor play a role somewhat similar to Perspectives’
notaries, but app information is collected by more than passive
monitoring (e.g., experts actively trying apps and submitting
reviews).
Meteor shares similarities with browser-based ad blocking
tools such as Adblock Plus [1], which allow users to subscribe
to ad blocking lists maintained by experts around the web.
Similar to Meteor information sources, each ad blocking list
filters specific types of advertisements (e.g., region-specific,
content-specific), allowing users to build a custom filter set
tailored to their needs.
Aggregate and personalized ratings from users in a social
circle can be helpful to find inappropriate apps, as users in
the same social circle tend to have similar definitions of
appropriateness [8]. However, detecting malicious applications
generally requires experts, who may not be present in all social
circles. Meteor attempts to create domain-specific services that
can individually crowdsource information. However, Meteor
does not specify how to deal with the problem of expert
recruiting or “fame management” [10]. We defer this aspect
to each information source.
VIII. CONCLUSION
In this paper, we have drawn attention to new security
concerns introduced by multi-market environments and single-
click software installation. We have proposed Meteor as a
scalable security-enhancing software installation architecture
designed to bridge the gap between non-cooperating appli-
cation markets. Each component in Meteor (i.e., UAppIDs,
developer registries, application databases and kill switch
authorities) plays a key role in providing security semantics
similar to those achieved in single-market environments while
retaining the benefits of multi-market environments. Future
work includes exploring usability issues of Meteor and de-
veloping a policy language to further minimize novice user
involvement.
ACKNOWLEDGEMENTS
We thank Michelle Burrows and Michael Doherty for their
contributions to the Meteor app. We also thank Patrick Traynor
for his valuable feedback. This research is supported by
the Natural Sciences and Engineering Research Council of
Canada (NSERC)—the first author through a Canada Graduate
Scholarship; and the third author through a Discovery Grant
and as Canada Research Chair in Authentication and Computer
Security. We also acknowledge support from NSERC ISSNet.
REFERENCES
[1] Adblock Plus. https://adblockplus.org, June 2011.
[2] Android Market. March 2011 Security Issue. http://googlemobile.
blogspot.ca/2011/03/update-on-android-market-security.html, Mar.
2011.
[3] Apple Inc. Apple’s App Store Downloads Top 10 Billion. http://www.
apple.com/pr/library/2011/01/22appstore.html, Jan. 2011.
[4] D. Barrera, W. Enck, and P. van Oorschot. Seeding a Security-Enhancing
Infrastructure for Multi-market Application Ecosystems. Technical
Report TR-11-06, Carleton University, School of Computer Science, Apr
2011.
[5] D. Barrera and P. Van Oorschot. Secure software installation on
smartphones. IEEE Security and Privacy, 9(3):42–48, 2011.
[6] R. Cannings. Exercising Our Remote Application Removal
Feature. http://android-developers.blogspot.com/2010/06/
exercising-our-remote-application.html, June 2010.
[7] B. X. Chen. Want Porn? Buy an Android Phone, Steve Jobs Says.
Wired Gadget Lab, Apr. 2010. http://www.wired.com/gadgetlab/2010/
04/steve-jobs-porn/.
[8] P. Chia, A. Heiner, and N. Asokan. Use of Ratings from Personalized
Communities for Trustworthy App. Installation. In Proceedings of the
15th Nordic Conference in Secure IT Systems (Nordsec), Oct 2010.
[9] B. Chor, O. Goldreich, E. Kushilevitz, and M. Sudan. Private information
retrieval. In Proceedings of the IEEE Annual Symposium on Foundations
of Computer Science (FOCS ’95), pages 41–50, 1995.
[10] A. Doan, R. Ramakrishnan, and A. Halevy. Crowdsourcing systems on
the World-Wide Web. Communications of the ACM, 54(4):86–96, 2011.
[11] W. Enck, D. Octeau, P. McDaniel, and S. Chaudhuri. A study of Android
application security. In USENIX Security, 2011.
[12] Federal Communications Commission. Letter to Apple regarding Google
Voice and related iPhone applications. DA 09-1736, July 2009. http:
//hraunfoss.fcc.gov/edocs public/attachmatch/DA-09-1736A1.pdf.
[13] A. Felt, E. Chin, S. Hanna, D. Song, and D. Wagner. Android
permissions demystified. In ACM CCS, 2011.
[14] Google. Platform Versions - Android Developers. http://developer.
android.com/resources/dashboard/platform-versions.html, Feb. 2012.
[15] G. H. Kim and E. H. Spafford. The Design and Implementation of
Tripwire: A File System Integrity Checker. In ACM CCS, 1994.
[16] H. Lockheimer. Android and Security. http://googlemobile.blogspot.
com/2012/02/android-and-security.html, Feb. 2012.
[17] Lookout. Security Alert: Geinimi, Sophisticated New Android Tro-
jan Found in Wild. http://blog.mylookout.com/2010/12/geinimi trojan/,
Dec. 2010.
[18] P. McDaniel and W. Enck. Not So Great Expectations: Why Application
Markets Haven’t Failed Security. IEEE Security & Privacy Magazine,
8(5):76–78, September/October 2010.
[19] A. Menezes, P. van Oorschot, and S. Vanstone. Handbook of applied
cryptography. CRC, 1997.
[20] Moxie Marlinspike. Convergence (Beta). http://convergence.io/index.
html, Aug. 2011.
[21] S. Oaks. Java Security. Chapter 12. Digital signatures. O’Reilly Media,
2001.
[22] J. Oberheide, E. Cooke, and F. Jahanian. Rethinking antivirus: Exe-
cutable analysis in the network cloud. In USENIX HotSec, 2007.
[23] J. Oberheide, E. Cooke, and F. Jahanian. CloudAV: N-version antivirus
in the network cloud. In USENIX Security, 2008.
[24] S. Perez. Smartphones Outsell PCs. The New York Times,
Feb. 2011. http://www.nytimes.com/external/readwriteweb/2011/02/08/
08readwriteweb-smartphones-outsell-pcs-74275.html.
[25] J. Samuel, N. Mathewson, J. Cappos, and R. Dingledine. Survivable key
compromise in software update systems. In ACM CCS, pages 61–72,
2010.
[26] P. van Oorschot and G. Wurster. Reducing unauthorized modification
of digital objects. IEEE Transactions on Software Engineering, 38(1),
2012.
[27] D. Wendlandt, D. Andersen, and A. Perrig. Perspectives: Improving
SSH-style host authentication with multi-path probing. In USENIX
Annual Technical Conference, 2008.
[28] Y. Zhou, Z. Wang, W. Zhou, and X. Jiang. Hey, you, get off of my
market: Detecting malicious apps in official and alternative Android
markets. In NDSS, 2012.