Meteor: Seeding a Security-Enhancing Infrastructure for Multi-market Application Ecosystems

Application markets providing one-click software installation have become common to smartphones and are emerging on desktop platforms. Until recently, each platform has had only one market; however, social and economic pressures have resulted in multiple-market ecosystems. Multi-market environments limit, and in some cases eliminate, valuable security characteristics provided by the market model, including kill switches and developer name consistency. We outline a novel approach to retaining single-market security semantics while enabling the flexibility and independence of a multi-market environment. We propose Meteor as a security-enhancing application installation framework that leverages information (e.g., app statistics, expert ratings, developer history) from a configurable set of security information sources. We build a proof-of-concept Android application (Meteorite) to demonstrate the technical feasibility of our proposal. The Meteor approach provides valuable decisionmaking criteria useful not only for smartphone users, but technology consumers as a whole, as new and existing computing environments converge on a market-like model for software installation.