 "Researchers build security framework for Android")
Researchers from North Carolina State University and Technische Universitt Darmstadt/CASED in Germany have developed a modification to the core Android operating system that allows developers and users to plug in new security enhancements.
The new Android Security Modules (ASM) framework aims to eliminate the bottleneck that prevents developers and users from taking advantage of new security tools.
[caption id=“attachment_84389” align=“alignleft” width=“300”]
 Reuters[/caption]
“In the ongoing arms race between white hats and black hats, researchers and developers are constantly coming up with new security extensions,” said William Enck, an assistant professor of computer science at NC State and a senior author of a paper describing the new framework. “But these new tools aren’t getting into the hands of users because every new extension requires users to change their device’s firmware, or operating system (OS).”
“The ASM framework allows users to implement these new extensions without overhauling their firmware,” Enck said.
“The framework is available now for security enthusiasts. But for widespread adoption, either Google or one of the Android phone manufacturers will need to adopt the framework and incorporate it into the OS.”
The ASM framework allows the creation of custom security control modules that better protect phones owned by consumers and businesses. The custom security modules receive “callbacks” for every security-sensitive operation in the Android OS. In this context, a callback means that Android is contacting the security module to determine whether an operation should proceed.
“Our ASM framework can be used in various personal and enterprise scenarios. For instance, security modules can implement dual persona: i.e., enable users to securely use their smartphones and tablets at home and at work while strictly separating private and enterprise data,” Enck added.
“Security modules can also enhance consumer privacy. The framework provides callbacks that can filter, modify, or anonymise data before it is shared with third-party apps, in order to protect personal information.”
For instance consider an app like Whatsapp, which usually copies all your contacts to its server - which is not needed for it to function. With ASM, the user can make sure Whatsapp only gets the information it really needs.
“In addition, we designed the framework to allow apps to create their own hooks, which could be enforced by the security module. This increases flexibility for app developers and allows them to benefit from the security protections provided by the module.”
The researchers also went to great lengths to ensure that the ASM framework complies with the security guarantees Google and others make with app developers.
The researchers will present a paper on the ASM framework Aug. 22 at the USENIX Security Symposium in San Diego, California.
 "Russian drones over Poland: Trump’s tepid reaction a wake-up call for Nato?")
 "As Russia pushes east, Ukraine faces mounting pressure to defend its heartland")
 "Why Mossad was not on board with Israel’s strike on Hamas in Qatar")
 "Turkey: Erdogan's police arrest opposition mayor Hasan Mutlu, dozens officials in corruption probe")
 "Russian drones over Poland: Trump’s tepid reaction a wake-up call for Nato?")
 "As Russia pushes east, Ukraine faces mounting pressure to defend its heartland")
 "Why Mossad was not on board with Israel’s strike on Hamas in Qatar")
 "Turkey: Erdogan's police arrest opposition mayor Hasan Mutlu, dozens officials in corruption probe")
](https://images.firstpost.com/wp-content/uploads/2014/05/AndroidReuters.jpg){kind=link}