{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,17]],"date-time":"2026-04-17T16:20:48Z","timestamp":1776442848641,"version":"3.51.2"},"reference-count":46,"publisher":"Wiley","issue":"7","license":[{"start":{"date-parts":[[2019,5,20]],"date-time":"2019-05-20T00:00:00Z","timestamp":1558310400000},"content-version":"vor","delay-in-days":0,"URL":"http:\/\/onlinelibrary.wiley.com\/termsAndConditions#vor"}],"funder":[{"DOI":"10.13039\/501100009878","name":"Regione del Veneto","doi-asserted-by":"publisher","award":["Static analysis for the safety and security of Android systems for automotive infotainment"],"award-info":[{"award-number":["Static analysis for the safety and security of Android systems for automotive infotainment"]}],"id":[{"id":"10.13039\/501100009878","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["onlinelibrary.wiley.com"],"crossmark-restriction":true},"short-container-title":["Softw Pract Exp"],"published-print":{"date-parts":[[2019,7]]},"abstract":"<jats:title>Summary<\/jats:title><jats:p>Smartphone and automotive technologies are rapidly converging, letting drivers enjoy communication and infotainment facilities and monitor in\u2010vehicle functionalities, via on\u2010board diagnostics (OBD) technology. Among the various automotive apps available in playstores, Android Auto infotainment and OBD\u2010II apps are widely used and are the most popular choice for smartphone to car interaction. Automotive apps have the potential of turning cars into <jats:italic>smartphones on wheels<\/jats:italic> but can be also the gateway of attacks. This paper defines a static analysis that identifies potential security risks in Android infotainment and OBD\u2010II apps. It identifies a set of potential security threats and presents an actual static analyzer for such apps. It has been applied to most of the highly rated infotainment apps available in the Google Play store, as well as on the available open\u2010source OBD\u2010II apps, against a set of possible exposure scenarios. Results show that almost 60% of such apps are potentially vulnerable and that 25% pose security threats related to the execution of JavaScript. The analysis of the OBD\u2010II apps shows possibilities of severe controller area network injections and privacy violations, because of leaks of sensitive information.<\/jats:p>","DOI":"10.1002\/spe.2698","type":"journal-article","created":{"date-parts":[[2019,5,20]],"date-time":"2019-05-20T10:27:07Z","timestamp":1558348027000},"page":"1131-1161","update-policy":"https:\/\/doi.org\/10.1002\/crossmark_policy","source":"Crossref","is-referenced-by-count":25,"title":["Static analysis of Android Auto infotainment and on\u2010board diagnostics II apps"],"prefix":"10.1002","volume":"49","author":[{"given":"Amit Kr","family":"Mandal","sequence":"first","affiliation":[{"name":"Ca' Foscari University of Venice  Venice Italy"},{"name":"BML Munjal University  Gurugram India"}]},{"given":"Federica","family":"Panarotto","sequence":"additional","affiliation":[{"name":"University of Verona  Verona Italy"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-0946-5440","authenticated-orcid":false,"given":"Agostino","family":"Cortesi","sequence":"additional","affiliation":[{"name":"Ca' Foscari University of Venice  Venice Italy"}]},{"given":"Pietro","family":"Ferrara","sequence":"additional","affiliation":[{"name":"JuliaSoft Srl  Verona Italy"}]},{"given":"Fausto","family":"Spoto","sequence":"additional","affiliation":[{"name":"University of Verona  Verona Italy"}]}],"member":"311","published-online":{"date-parts":[[2019,5,20]]},"reference":[{"key":"e_1_2_9_2_1","unstructured":"BudnickN.Largest distracted driving behavior study.http:\/\/blog.zendrive.com\/distracted-driving\/. Accessed January 4 2019."},{"key":"e_1_2_9_3_1","unstructured":"Apple.Apple carplay: the ultimate copilot.https:\/\/www.apple.com\/ios\/carplay\/. Accessed August 18 2018."},{"key":"e_1_2_9_4_1","unstructured":"Google.Android auto.https:\/\/www.android.com\/auto\/. Accessed August 18 2018."},{"key":"e_1_2_9_5_1","unstructured":"GooglePlay Store.Apps for Android auto.https:\/\/play.google.com\/store\/apps\/collection\/promotion_3001303_android_auto_all?hl=en. Accessed August 18 2018."},{"key":"e_1_2_9_6_1","first-page":"260","article-title":"Adventures in automotive networks and control units","volume":"21","author":"Miller C","year":"2013","journal-title":"Def Con"},{"key":"e_1_2_9_7_1","doi-asserted-by":"crossref","unstructured":"KoscherK CzeskisA RoesnerF et al.Experimental security analysis of a modern automobile. Paper presented at: 2010 IEEE Symposium on Security and Privacy (SP);2010;Berkeley\/Oakland CA.","DOI":"10.1109\/SP.2010.34"},{"key":"e_1_2_9_8_1","doi-asserted-by":"publisher","DOI":"10.1002\/spe.2643"},{"key":"e_1_2_9_9_1","unstructured":"CheckowayS McCoyD KantorB et al.Comprehensive experimental analyses of automotive attack surfaces. Paper presented at: 20th USENIX Security Symposium;2011;San Francisco CA."},{"key":"e_1_2_9_10_1","doi-asserted-by":"publisher","DOI":"10.1109\/LES.2013.2264594"},{"key":"e_1_2_9_11_1","unstructured":"Automotive Fleet.70 percent of drivers using smartphones.https:\/\/www.automotive-fleet.com\/129558\/70-of-drivers-use-smartphones-says-at-t-study. Accessed August 18 2018."},{"key":"e_1_2_9_12_1","volume-title":"Controlling Your Connected Car: Enforcing Privacy on Telematics Data Using Cryptographic Techniques","author":"de\u00a0Graaff R","year":"2015"},{"key":"e_1_2_9_13_1","doi-asserted-by":"crossref","unstructured":"JiaYJ ZhaoD ChenQA MaoZM.Towards secure and safe appified automated vehicles. Paper presented at: IEEE Intelligent Vehicles Symposium (IV);2017;Los Angeles CA.","DOI":"10.1109\/IVS.2017.7995800"},{"key":"e_1_2_9_14_1","doi-asserted-by":"crossref","unstructured":"SchweppeH RoudierY.Security and privacy for in\u2010vehicle networks. Paper presented at: 2012 IEEE 1st International Workshop on Vehicular Communications Sensing and Computing (VCSC);2012;Seoul South Korea.","DOI":"10.1109\/VCSC.2012.6281235"},{"key":"e_1_2_9_15_1","unstructured":"MillerC ValasekC.Remote exploitation of an unaltered passenger vehicle. Black Hat USA.2015:1\u201091."},{"key":"e_1_2_9_16_1","doi-asserted-by":"publisher","DOI":"10.1109\/TVT.2018.2795384"},{"key":"e_1_2_9_17_1","doi-asserted-by":"publisher","DOI":"10.1007\/3-540-28428-1_6"},{"key":"e_1_2_9_18_1","doi-asserted-by":"crossref","unstructured":"MandalAK CortesiA FerraraP PanarottoF SpotoF.Vulnerability analysis of Android auto infotainment apps. In: Proceedings of the 15th ACM International Conference on Computing Frontiers (CF);2018;Ischia Italy.","DOI":"10.1145\/3203217.3203278"},{"key":"e_1_2_9_19_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-05755-8_12"},{"key":"e_1_2_9_20_1","doi-asserted-by":"crossref","unstructured":"CousotP CousotR.Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints. In: Proceedings of the 4th ACM SIGACT\u2010SIGPLAN Symposium on Principles of Programming Languages;1977;Los Angeles CA.","DOI":"10.1145\/512950.512973"},{"key":"e_1_2_9_21_1","first-page":"61","volume-title":"Verification, Model Checking, and Abstract Interpretation: 16th International Conference, VMCAI 2015, Mumbai, India, January 12\u201014, 2015. Proceedings","author":"Cortesi A","year":"2015"},{"key":"e_1_2_9_22_1","unstructured":"QARK.Quick Android review kit \u2010 a tool for automated Android app assessments.https:\/\/github.com\/linkedin\/qark. Accessed August 18 2018."},{"key":"e_1_2_9_23_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-662-53413-7_3"},{"key":"e_1_2_9_24_1","unstructured":"dex2jar.https:\/\/github.com\/pxb1988\/dex2jar. Accessed August 18 2018."},{"key":"e_1_2_9_25_1","unstructured":"Apktool.https:\/\/ibotpeaches.github.io\/Apktool\/. Accessed August 18 2018."},{"key":"e_1_2_9_26_1","unstructured":"Google.Android auto app quality guidelines.https:\/\/developer.android.com\/docs\/quality-guidelines\/auto-app-quality. Accessed August 18 2018."},{"key":"e_1_2_9_27_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-662-48899-7_10"},{"key":"e_1_2_9_28_1","doi-asserted-by":"crossref","unstructured":"SatamP PachecoJ HaririS HoraniM.Autoinfotainment security development framework (ASDF) for smart cars. Paper presented at: 2017 International Conference on Cloud and Autonomic Computing (ICCAC);2017;Tucson AZ.","DOI":"10.1109\/ICCAC.2017.22"},{"key":"e_1_2_9_29_1","unstructured":"McClureS.Caution: malware ahead.https:\/\/trid.trb.org\/view\/1255020. Accessed August 18 2018."},{"key":"e_1_2_9_30_1","unstructured":"MazloomS RezaeiradM HunterA McCoyD.A security analysis of an in\u2010vehicle infotainment and app platform. Paper presented at: 10th USENIX Workshop on Offensive Technologies (WOOT);2016;Austin TX."},{"issue":"4","key":"e_1_2_9_31_1","first-page":"12","article-title":"Android in\u2010vehicle infotainment system (AIVI)","volume":"1","author":"Jaiswal G","year":"2014","journal-title":"Int J Innov Res Electron Commun"},{"key":"e_1_2_9_32_1","doi-asserted-by":"crossref","unstructured":"MacarioG TorchianoM ViolanteM.An in\u2010vehicle infotainment software architecture based on Google Android. Paper presented at: IEEE International Symposium on Industrial Embedded Systems (SIES);2009;Lausanne Switzerland.","DOI":"10.1109\/SIES.2009.5196223"},{"key":"e_1_2_9_33_1","doi-asserted-by":"publisher","DOI":"10.1080\/00140130410001686294"},{"key":"e_1_2_9_34_1","doi-asserted-by":"crossref","unstructured":"HeikkinenJ M\u00e4kinenE LylykangasJ PakkanenT V\u00e4\u00e4n\u00e4nen\u2010Vainio\u2010MattilaK RaisamoR.Mobile devices as infotainment user interfaces in the car: contextual study and design implications. In: Proceedings of the 15th International Conference on Human\u2010Computer Interaction With Mobile Devices and Services (MobileHCI);2013;Munich Germany.","DOI":"10.1145\/2493190.2493224"},{"key":"e_1_2_9_35_1","doi-asserted-by":"crossref","unstructured":"UdovicicK JovanovicN BjelicaMZ.In\u2010vehicle infotainment system for Android OS: user experience challenges and a proposal. Paper presented at: 2015 IEEE 5th International Conference on Consumer Electronics\u2010Berlin (ICCE\u2010Berlin);2015;Berlin Germany.","DOI":"10.1109\/ICCE-Berlin.2015.7391219"},{"key":"e_1_2_9_36_1","unstructured":"AnderssonT WarellA HolmlidS \u00d6lvanderJ.Desirability in the development of in\u2010car infotainment systems. Paper presented at: Interact 2011: 13th IFIP TC13 Conference on Human\u2010Computer Interaction;2011;Lisbon Portugal."},{"key":"e_1_2_9_37_1","doi-asserted-by":"crossref","unstructured":"PaupiahPS.Vehicle security and forensics in Mauritius and abroad. Paper presented at: 2015 International Conference on Computing Communication and Security (ICCCS);2015;Pamplemousses Mauritius.","DOI":"10.1109\/CCCS.2015.7374129"},{"key":"e_1_2_9_38_1","doi-asserted-by":"publisher","DOI":"10.1109\/MPRV.2016.14"},{"key":"e_1_2_9_39_1","unstructured":"KimH\u2010Y ChoiY\u2010H ChungT\u2010M.REES: malicious software detection framework for MeeGo\u2010in vehicle infotainment. Paper presented at: 2012 14th International Conference on Advanced Communication Technology (ICACT);2012;PyeongChang South Korea."},{"key":"e_1_2_9_40_1","unstructured":"NischP.Security issues in modern automotive systems.2011:1\u20106."},{"key":"e_1_2_9_41_1","doi-asserted-by":"crossref","unstructured":"AvatefipourO HafeezA TayyabM MalikH.Linking received packet to the transmitter through physical\u2010fingerprinting of controller area network. Paper presented at: IEEE Workshop on Information Forensics and Security (WIFS);2017;Rennes France.","DOI":"10.1109\/WIFS.2017.8267643"},{"key":"e_1_2_9_42_1","doi-asserted-by":"crossref","unstructured":"WangQ SawhneyS.VeCure: a practical security framework to protect the CAN bus of vehicles. Paper presented at: 4th International Conference on the Internet of Things (IOT);2014;Cambridge MA.","DOI":"10.1109\/IOT.2014.7030108"},{"key":"e_1_2_9_43_1","doi-asserted-by":"crossref","unstructured":"JaisinghK El\u2010KhatibK AkaluR.Paving the way for intelligent transport systems (ITS): privacy implications of vehicle infotainment and telematics systems. In: Proceedings of the 6th ACM Symposium on Development and Analysis of Intelligent Vehicular Networks and Applications;2016;Malta.","DOI":"10.1145\/2989275.2989283"},{"key":"e_1_2_9_44_1","unstructured":"GiroS.Android developers blog: Security \u201ccrypto\u201d provider deprecated in Android N.https:\/\/android-developers.googleblog.com\/2016\/06\/security-crypto-provider-deprecated-in.html. Accessed August 18 2018."},{"key":"e_1_2_9_45_1","unstructured":"JuliaSoft.https:\/\/www.juliasoft.com\/. Accessed August 18 2018."},{"key":"e_1_2_9_46_1","doi-asserted-by":"publisher","DOI":"10.1145\/136035.136043"},{"key":"e_1_2_9_47_1","unstructured":"Java Decompiler.JD\u2010GUI.http:\/\/jd.benow.ca\/. Accessed August 18 2018."}],"container-title":["Software: Practice and Experience"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/api.wiley.com\/onlinelibrary\/tdm\/v1\/articles\/10.1002%2Fspe.2698","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/onlinelibrary.wiley.com\/doi\/pdf\/10.1002\/spe.2698","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/onlinelibrary.wiley.com\/doi\/full-xml\/10.1002\/spe.2698","content-type":"application\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/onlinelibrary.wiley.com\/doi\/pdf\/10.1002\/spe.2698","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2023,9,10]],"date-time":"2023-09-10T09:04:22Z","timestamp":1694336662000},"score":1,"resource":{"primary":{"URL":"https:\/\/onlinelibrary.wiley.com\/doi\/10.1002\/spe.2698"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2019,5,20]]},"references-count":46,"journal-issue":{"issue":"7","published-print":{"date-parts":[[2019,7]]}},"alternative-id":["10.1002\/spe.2698"],"URL":"https:\/\/doi.org\/10.1002\/spe.2698","archive":["Portico"],"relation":{},"ISSN":["0038-0644","1097-024X"],"issn-type":[{"value":"0038-0644","type":"print"},{"value":"1097-024X","type":"electronic"}],"subject":[],"published":{"date-parts":[[2019,5,20]]},"assertion":[{"value":"2018-11-05","order":0,"name":"received","label":"Received","group":{"name":"publication_history","label":"Publication History"}},{"value":"2019-03-25","order":1,"name":"accepted","label":"Accepted","group":{"name":"publication_history","label":"Publication History"}},{"value":"2019-05-20","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}