10th IEEE European Symposium on Security and Privacy

At EuroS&P 2025 in Venice, held from June 30 to July 4, Magdalena Steinböck presented the paper “SoK: Hardening Techniques in the Mobile Ecosystem – Are We There Yet?”, co-authored with Martina Lindorfer and researchers from Vrije Universiteit Amsterdam and the University of Twente. The work investigates the real-world adoption of mobile app hardening techniques — such as tamper prevention, jailbreak detection, and data leakage protection — recommended by the Mobile Application Security Verification Standard (MASVS).

To address the lack of systematic knowledge, the authors introduced HALY, a new framework that combines static and dynamic analysis to measure hardening adoption across platforms. Analyzing 2,646 popular Android and iOS apps, the study found that iOS apps surprisingly underperform, implementing only half as many recommended techniques as their Android counterparts—challenging the widespread perception of iOS as inherently “more secure.” The results also revealed inconsistencies, with many apps hardening only on one platform, and raised doubts about the effectiveness of single techniques that are easy to bypass.

Overall, the research highlights that while most apps employ some form of hardening, large gaps remain: 24.1% of Android apps and 85.0% of iOS apps implement fewer than half of the recommended protections, and only 4.7% of Android apps and 0.2% of iOS apps achieve full coverage. Reviewers praised HALY for providing the first large-scale comparative systematization of mobile hardening practices, positioning it as a valuable reference point for future research in app security.

Marco Squarcina and Pedro Bernardo served as members of the EuroS&P Program Committee, contributing their expertise to the review and selection of cutting-edge research in cybersecurity and privacy.