21 June 2024
Vinuri Bandara, a PhD student at IMDEA Networks, has been awarded the prize for the best Master’s thesis at the SISTEDES Awards for her outstanding research entitled “In-depth analysis of the Android supply chain: vendor customizations on critical networking components”. This thesis was co-supervised by Dr. Srdjan Matic (IMDEA Software) and Dr. Narseo Vallina (IMDEA Networks). The awards ceremony was held on June 19, at the Arao Auditorium of the PALEXCO complex in La Coruña.
The SISTEDES Awards recognize the best Bachelor’s and Master’s theses in the field of new methodologies and tools for software development. Bandara’s thesis stood out for its thorough analysis of the Android ecosystem and manufacturer customizations, and their impact on the security and privacy of users.
The Android Open Source Project (AOSP) allows manufacturers to customize their devices, thus seeking differentiation and innovation. However, this freedom often compromises users’ security and privacy. Bandara’s thesis addresses this issue using advanced static analysis on a large dataset that includes more than 48,500 devices from 300 vendors.
The research findings reveal significant security vulnerabilities caused by deviations from standard AOSP configurations. Among these issues are the use of outdated software packages, failure to apply critical security patches, and insecure cryptographic practices. These vulnerabilities are prevalent in both certified and non-certified Android vendors, demonstrating deficiencies in Android supply chain management.
Bandara’s study underscores the need for stronger regulatory measures and increased vendor compliance to improve the security of the Android supply chain. The findings of her work have the potential to influence future policies and practices in the mobile device industry, promoting a safer environment for Android users worldwide.
This recognition of Bandara’s thesis not only highlights her research capabilities, but also the relevance and impact of her work in the field of software development and mobile security.
Recent Comments