However, our findings suggest a prevalent access to various user and device identifiers. The purpose of uploading such identifiers is unknown, although one plausible hypothesis is that they facilitate targeted installations programs. However, this can become problematic, from a privacy perspective, since FOTA apps are highly privileged and embedded third-party SDKs run with the same permissions.
We complemented our previous analysis with an analysis of the installation behavior of FOTA apps as observed in the NortonLifeLock telemetry. We are able to detect installation events for 20 FOTA apps. The reason for the low coverage is that the telemetry uses the PackageInstaller for obtaining the installer information, and FOTA apps may install apps via other means e. These third-party apps belong to various Google Play store app categories but most commonly to Tools , Entertainment , Communication , and Games.
This shows that FOTA apps, in addition to system updates, are used for secondary or commercial purposes — possibly for promoting third-party apps. These unwanted apps are mostly PUP, but we observed one FOTA app, from Qiku device vendor, installing instances of various malware families, including trojans like triada, necro, and guerilla.
These malware installations take place possibly due to compromised third-party vendor code included in the OEM images, such as in the case of the triada trojan that was found in the devices of several OEM vendors. This is very problematic because unwanted apps installed under the system partitions cannot be removed by users or by security tools, instead requiring an OEM update.
Our work illustrates that the presence of many different stakeholders in the FOTA ecosystem leads to a complex and fragmented ecosystem.
The use of FOTA apps makes the supply chain dynamic during the life cycle of a device, since system apps present in a device could be pre-installed or installed and patched at a later stage as part of an update. Our static analysis of FOTA apps allowed us to observe potential privacy-intrusive practices, while the telemetry analysis confirmed that FOTA apps install third-party apps beyond system updates, including in some cases, unwanted apps like adware or malware.
Security updates have always been an issue in the Android ecosystem. Although these are steps in the right direction, they do not fully solve the issues discovered in this work, which emerge from the complexities of the supply chain and the many stakeholders involved. We also encourage FOTA developers to increase transparency through public documentation.
We find that system updates are commonly implemented by various FOTA apps in the same device, with vague attribution signals. This hurts accountability in case that bad practices are observed, since it makes it hard to know where the updates come from. Innovations from Norton Labs are for research, evaluation, and consumer feedback purposes. NortonLifeLock does not give any warranties as to the suitability or usability of these prototypes and recommends safeguarding data and reviewing all terms and conditions before use.
All rights reserved. Platon's research interests lie in malware and network security. Engineered for central gateway, domain controller, FOTA, secure key management, smart antenna and high-performance central compute nodes.
Quick reference to our documentation types. For best experience this site requires Javascript to be enabled. To enable on your browser, follow our accessibility instructions. A typical FOTA system consists of three components: FOTA server: responsible for the management of vehicle software release, and optionally to customize updates for every vehicle client based on OEM policies.
FOTA client: application responsible for communication with a backend server and updating campaign management for all the other ECUs in the vehicle. Typically runs on FOTA gateway. It sometimes also runs on FOTA gateway to support self-updating. By: Leah Zitter Contributor. Dictionary Dictionary Term of the Day. Techopedia Terms. Connect with us. Sign up. Term of the Day. Best of Techopedia weekly. News and Special Offers occasional.
FOTA facilitates the following: Allows manufacturers to repair bugs in new units Allows manufacturers to remotely install new software updates, features and services - even after a device has been purchased.
0コメント