Android Device Security Database

At SSE, we see the urgent need for trustworthy and reliable information about Android devices’ security specifications. For this reason, we actively support the Android Device Security Database (ADSDB), a transparent, non-profit database of Android device security attributes and metrics.

Underestimated Information Gap

(Android) Smartphone Security Information

Modern smartphones offer a broad variety of features. Therefore, reviewing and comparing specifications is a standard procedure when buying a new smartphone. Especially in the very heterogeneous Android ecosystem, a device's specifications can vary drastically (e.g., low-budged device vs. high-end foldable). Accessing standard information, like battery runtime, display resolution or camera quality is easy. When it comes to more specific, security and privacy related information, the availability of information gets problematic. Details about built-in security hardware & features (Tamper-Resistant Hardware (TRH) type & firmware, security certifications, etc.), for example, are sparse and not publicly accessible.

As Google is raising the security requirements in every new Android release by making certain security mechanisms mandatory for devices which ship with a Play Store (Android CDD), the lack of information shrinks. Still, some key insights, like the TRH manufacturer, the THR capabilities and security certifications (e.g., Common Criteria) of smartphone models on the market are mostly unknown to the public.

This information is not only interesting for security aware power-users, but especially important for mobile solution providers (e.g., mobile electronic identification, eHealth apps or online banking apps) which must fulfil certain regulatory security requirements, like eIDAS or SCA / PSD2.

A Transparent & Non-profit Approach

Android Device Security Database

In 2020, researchers from Johannes Kepler University Linz (Austria), the University of Cambridge and the University of Strathclyde (UK) teamed up to design and build the Android Device Security Database (ADSDB), a transparent, non-profit database of Android device security attributes. In a first prototype, the security attributes were acquired from off-the-shelf smartphones in a dedicated test bed and published to a publicly accessible website.

Joined by Technische Universität Darmstadt and Fraunhofer AISEC (Germany) in 2021, the research project evolved further. Current plans involve enriching the ADSDB with further security attributes, new devices and also device attributes acquired by crowdsourcing. These activities will help to provide up-to-date information about an even broader set of smartphones, and at the same time will give insights about the overall state of smartphone security on the market.

At SSE, we see the urgent need for trustworthy and reliable information about Android devices’ security specifications. Many of our customers, especially in the public sector, suffer from not being able to selectively deploy their applications only onto devices that guarantee a certain level of security and privacy by default.

For this reason, we support the ADSDB project by hosting one of the dedicated test beds as well as contributing resources and know-how to the ongoing development in the context of our 4+1 policy (4 days project work + 1 day personal research per week).

Contact for ADSDB

Talk to Our Experts
Tim Ohlendorf
Senior Security Manager
Tim Ohlendorf is part of our Defense Security Team. He is a distinguished expert in the field of mobile device security and digital identity solutions with experience in commercial and public projects.
tim.ohlendorf@securesystems.de