wip

1_introduction/main.typ

@@ -1,4 +1,4 @@
-#import "../lib.typ": todo, epigraph
+#import "../lib.typ": todo, epigraph, eg
 
 = Introduction <sec:intro>
 
@@ -10,8 +10,13 @@
 Android is the most used mobile operating system since 2014, and since 2017, it even surpasses Windows all platforms combined#footnote[https://gs.statcounter.com/os-market-share#monthly-200901-202304].
 The public adoption of Android is confirmed by application developers, with 1.3 millions apps available in the Google Play Store in 2014, and 3.5 millions apps available in 2017#footnote[https://www.statista.com/statistics/266210]. 
 Its popularity makes Android a prime target for malware developers. 
-For example, various applications have been shown to steal personal information~@shanSelfhidingBehaviorAndroid2018.
+Various applications have been shown to behave maliciously, from stealing personal informations~@shanSelfhidingBehaviorAndroid2018 to hijacking the phone computing ressources to mine cryptocurrency~@adjibi_devil_2022.
-Consequently, Android has also been an important subject for security research. 
+
+Considering the importance of Android in the everyday live of so many people, Google, the company that develops Android, defined a very strong security model that addresses an extensive threat model~@mayrhofer_android_2021.
+This threat model goes as far as to consider that an adversarie can have physical access to an unlocked device (#eg an abusive partner, or a border control). // Americaaaaa
+On the device, this security model imply the sandboxing of each applications, with a system of permissions to allow the applications to perform potentially unwanted actions.
+For example, an applications cannot access the contact list without requesting the permission to the user first.
+Android keep improving its security version from version, be it by improving the sandboxing (#eg starting with Android 10, application can no longer access the clipboard if they are not focused) or safer default (#eg since Android 9, by default, all network connection must use TLS).
 
 /*
 * A mettre qqp:
@@ -41,3 +46,4 @@ Consequently, Android has also been an important subject for security research.
 
 #todo[3) savent pas gerer le chargement dyn et reflection]
 
+

bibliography.bib

@@ -1158,3 +1158,39 @@ month = aug
 	file = {Snapshot:/home/histausse/Zotero/storage/E4949JUV/7413692.html:text/html;Submitted Version:/home/histausse/Zotero/storage/CPJLKBNJ/Abraham et al. - 2015 - GroddDroid a gorilla for triggering malicious behaviors.pdf:application/pdf},
 }
 
+
+@inproceedings{adjibi_devil_2022,
+	title = {The {Devil} is in the {Details}: {Unwrapping} the {Cryptojacking} {Malware} {Ecosystem} on {Android}},
+	shorttitle = {The {Devil} is in the {Details}},
+	url = {https://ieeexplore.ieee.org/abstract/document/10006806},
+	doi = {10.1109/SCAM55253.2022.00023},
+	abstract = {This paper investigates the various technical and non-technical tools and techniques that software developers use to build and disseminate crypto mining apps on Android devices. Our study of 346 potential Android mining apps, collected between April 2019 and May 2022, has revealed the presence of more than ten mining apps on the Google Play Store, with at least half of those still available at the time of writing this (June 2022). We observed that many of those mining apps do not conceal their usage of the device's resource for mining which is considered a violation of the store's policies for developers. We estimate that more than ten thousand users have run mining apps downloaded directly from the Google Play Store, which puts the supposedly “stringent” vetting process into question. Furthermore, we prove that covert mining apps tend to be embedded into supposedly free versions of premium apps or pose as utility apps that provide valuable features to users. Finally, we empirically demonstrate that cryptojacking apps' resource consumption and malicious behavior could be insignificant. We presume that typical users, even though they might be running a mobile antivirus solution, could execute a mining app for an extended period without being alerted. We expect our results to inform the various actors involved in the security of Android devices against the lingering threat of cryptojacking and help them better assess the problem.},
+	urldate = {2025-07-29},
+	booktitle = {2022 {IEEE} 22nd {International} {Working} {Conference} on {Source} {Code} {Analysis} and {Manipulation} ({SCAM})},
+	author = {Adjibi, Boladji Vinny and Mbodji, Fatou Ndiaye and Bissyandé, Tegawendé F. and Allix, Kevin and Klein, Jacques},
+	month = oct,
+	year = {2022},
+	note = {ISSN: 2470-6892},
+	keywords = {android, cryptojacking, Ecosystems, google play store, Internet, malware, Malware, manual analysis, Operating systems, Safety, Source coding, Writing},
+	pages = {153--163},
+	file = {Snapshot:/home/histausse/Zotero/storage/BAIMVA8E/10006806.html:text/html;Submitted Version:/home/histausse/Zotero/storage/QZ4CZAJL/Adjibi et al. - 2022 - The Devil is in the Details Unwrapping the Cryptojacking Malware Ecosystem on Android.pdf:application/pdf},
+}
+
+
+@article{mayrhofer_android_2021,
+	title = {The {Android} {Platform} {Security} {Model}},
+	volume = {24},
+	issn = {2471-2566},
+	url = {https://dl.acm.org/doi/10.1145/3448609},
+	doi = {10.1145/3448609},
+	abstract = {Android is the most widely deployed end-user focused operating system. With its growing set of use cases encompassing communication, navigation, media consumption, entertainment, finance, health, and access to sensors, actuators, cameras, or microphones, its underlying security model needs to address a host of practical threats in a wide variety of scenarios while being useful to non-security experts. The model needs to strike a difficult balance between security, privacy, and usability for end users, assurances for app developers, and system performance under tight hardware constraints. While many of the underlying design principles have implicitly informed the overall system architecture, access control mechanisms, and mitigation techniques, the Android security model has previously not been formally published. This article aims to both document the abstract model and discuss its implications. Based on a definition of the threat model and Android ecosystem context in which it operates, we analyze how the different security measures in past and current Android implementations work together to mitigate these threats. There are some special cases in applying the security model, and we discuss such deliberate deviations from the abstract model.},
+	number = {3},
+	urldate = {2025-07-29},
+	journal = {ACM Trans. Priv. Secur.},
+	author = {Mayrhofer, René and Stoep, Jeffrey Vander and Brubaker, Chad and Kralevich, Nick},
+	month = apr,
+	year = {2021},
+	pages = {19:1--19:35},
+	file = {Full Text PDF:/home/histausse/Zotero/storage/I6H4B9IU/Mayrhofer et al. - 2021 - The Android Platform Security Model.pdf:application/pdf},
+}
+