Vlad Tsyrklevich Twitter, GitHub, Keybase, e-mail
Announcing the Android Census

In the course of my Android research I've been lucky to have access to a wide variety of devices to test against. Running many small one off queries stopped making sense a while ago, instead I began to focus on collecting and organizing a single corpus of data on various devices. I'm releasing the results I've gathered so far and calling it the Android Census. The data set is focused primarily on low-level system configuration with some information on the app sandbox.

I've put up both of the client and server components on GitHub. The data is collected by a simple android application called censustaker that reports it to the server. If there's information you'd like to see in the Android Census, send me a pull request or ping me on twitter. I'm interested to hear how others can make use of this information.


A short time after my last blog post detailing Android manufacturers leaving input device files world accessible, The Peril of Fragmentation: Security Hazards in Android Device Driver Customizations came out at IEEE S&P detailing results similar to mine, but focusing on an even broader range of device files. (The authors collected information from system images they collected, another approach to grabbing this information.) Now that the Android Census data is public, it's trivial to combine the data set with Android's perm_checker to find a plethora of misconfigured devices.

Published on 31 Jul 2014