Trust aWare: identifying the creators is fundamental
Once again, we share an analysis produced by the experts of the Trust aWare Consortium on cybersecurity [see: Challenges in Software Attribution: The Case of Android Apps].
Juan Tupiador, Professor at the Departmentof Computer Science at the “Carlo III” University of Madrid and Director of the Computer Security Lab, helps us understand why it is important to identify the creators of software and how aspect of transparency is fundamental for user security.
“The attribution is fundamental for software analysis, platform measurements, threat analysis, transparency, and the application of regulations. It allows us to automatically study the practices of developers, improve the responsibility of software, and efficiently identify dangerous, cloned, and deceptive apps.
The article concentrates on critical issues with the Android system, which implements a more permissive attribution scheme. The final recommendation is that it is necessary to abandon self-signed certificates and check the information released in app market profiles. Other important software ecosystems have implemented securer mechanisms, like Apple that releases valid certificates for its Appstore and Windows which relies on a PKI. Although they are not perfect, these approaches limit the number of certificates with incomplete and invalid information, raising the security threshold against infringements.”