On the road with third-party apps: Security analysis of an in-vehicle app platform
Paper in proceeding, 2019

Digitalization has revolutionized the automotive industry. Modern cars are equipped with powerful Internetconnected infotainment systems, comparable to tablets and smartphones. Recently, several car manufacturers have announced the upcoming possibility to install third-party apps onto these infotainment systems. The prospect of running third-party code on a device that is integrated into a safety critical in-vehicle system raises serious concerns for safety, security, and user privacy. This paper investigates these concerns of in-vehicle apps. We focus on apps for the Android Automotive operating system which several car manufacturers have opted to use. While the architecture inherits much from regular Android, we scrutinize the adequateness of its security mechanisms with respect to the in-vehicle setting, particularly affecting road safety and user privacy. We investigate the attack surface and vulnerabilities for third-party in-vehicle apps. We analyze and suggest enhancements to such traditional Android mechanisms as app permissions and API control. Further, we investigate operating system support and how static and dynamic analysis can aid automatic vetting of in-vehicle apps. We develop AutoTame, a tool for vehicle-specific code analysis. We report on a case study of the countermeasures with a Spotify app using emulators and physical test beds from Volvo Cars.


API Security

In-vehicle App Security

Android Automotive

Information Flow Control

Program Analysis for Security


Benjamin Eriksson

Chalmers, Computer Science and Engineering (Chalmers), Information Security

Jonas Groth

Andrei Sabelfeld

Chalmers, Computer Science and Engineering (Chalmers), Information Security

VEHITS 2019 - Proceedings of the 5th International Conference on Vehicle Technology and Intelligent Transport Systems


5th International Conference on Vehicle Technology and Intelligent Transport Systems, VEHITS 2019
Heraklion, Crete, Greece,

Subject Categories

Other Engineering and Technologies not elsewhere specified

Embedded Systems

Computer Systems



More information

Latest update