A survey of security vulnerabilities in Android automotive apps
Abdul Moiz, Manar H. Alalfi
Abstract
In this study, we conduct an experiment to reproduce some of the existing vulnerabilities of Android platform in Android Auto and Android Automotive platform. Some vulnerabilities specific to automotive were also examined and verified in Android Automotive platform. In total, we examined 14 vulnerabilities out of which 11 were reproducible in Android Auto as these apps are basically Android mobile apps and run directly in user's smartphone device. Whereas for Android Automotive 9 vulnerabilities were reproducible, remaining 5 were not reproducible either due to permission restrictions or due to API deprecation in Android 9.0 (Pie). We also categorize these vulnerabilities as per their type and provided their severity levels. For some of the vulnerabilities we provided the compliant solution which can be useful to mitigate some vulnerabilities while others, like accessing precise location information and deriving speed from it, varies from app to app usage of that information.