On the Prevalence and Usage of TEE-based Features on Android

A Large-Scale Study on the Prevalence and Usage of TEE-based Features on Android

In the realm of mobile security, where OS-based protections have proven insufficient against robust attackers, Trusted Execution Environments (TEEs) have emerged as a hardware-based security technology. Despite the industry’s persistence in advancing TEE technology, the impact on end users and developers remains largely unexplored. This study addresses this gap by conducting a large-scale analysis of TEE utilization in Android applications, focusing on the key areas of cryptography, digital rights management, biometric authentication, and secure dialogs.

To facilitate our extensive analysis, we introduce Mobsec Analytika, a framework tailored for large-scale app examinations, which we make available to the research community. Through the analysis of 170,550 popular Android apps, our analysis illuminates the implementation of TEE-related features and their contextual usage.

Our findings reveal that TEE features are predominantly utilized indirectly through third-party libraries, with only 6.7% of apps directly invoking the APIs. Moreover, the study reveals the underutilization of the recent TEE-based UI feature Protected Confirmation.

The Paper

A preprint version is available on arxiv.org. You can find additional material here.

Mobsec Analytika

Our mobile app analysis tool is open-source (MIT licensed).

Try out the framework and upload your own APK file for analysis here. Or get the source code here.