In English

On the road with third-party apps - Security, safety and privacy aspects of in-vehicle apps

Benjamin Eriksson ; JONAS GROTH
Göteborg : Chalmers tekniska högskola, 2018. 82 s.
[Examensarbete på avancerad nivå]

In recent years the automotive industry has started to digitise their vehicles. Traditionally cars have been equipped with radio, cassette or CD-players and more recently so-called infotainment systems. The abilities of these infotainment systems have developed over the years from only offering radio and navigation to now being a powerful Internet connected device comparable to tablets and smartphones. Recently several car manufacturers have announced the upcoming possibility to install third-party apps into these infotainment systems. With the prospect of downloading third-party code into a device that is integrated into a safety critical system, such as a vehicle with multiple environment sensors, there is a concern for both safety and user privacy. In this thesis, the safety, security and privacy aspects of in-vehicle apps are investigated. The thesis focuses on apps for the Android Automotive operating system which some car manufacturers, including Volvo Car Corporation (VCC), have opted to use in their infotainment systems. It is concluded that in-vehicle Android apps are fundamentally as secure as regular phone apps, the main differences stem from the fact that in-vehicle apps can affect road safety. The traditional Android API poses several risks to road safety while the Automotive version is more restricted it is still insufficient to not be a cause for concern. Furthermore, the added APIs in Automotive constitutes an elevated risk for user privacy. It is shown that the impact of these privacy risks can be mitigated to some extent by vetting apps with state-of-the-art static analysis tools. Finally, recommendations for security measures and vetting processes for secure in-vehicle app stores are presented.

Nyckelord: Android Automotive, security, safety, privacy, infotainment, information flow, static analysis, app stores.

Publikationen registrerades 2018-09-18. Den ändrades senast 2018-09-18

CPL ID: 255949

Detta är en tjänst från Chalmers bibliotek