Abstract
Increasing adoption of smartphones in recent tunes has begun to attract, mote and mote ntalware writers towards these devices Among the most, piomment and widely adopted open source software stacks for smartphones is Android that comes with a strong security infia.structure for mobile devices. However; as with any rei note platfonn, a service twovider or device owner needs assurance that the device is in a tiustworthy state before releasing sensitive information to it Trusted Computing provides a mechanism of establishing such an assurance. Through remote attestation; Tc; allows a service provider or a device owner to determine whether the device is in a trusted state before releasing pi otected data to or storing private information on the phone Flowevei; existing remote attestation techniques cannot be deployed on Android due to the unique; vm-based aiclutecture of the software stack In this paper; we present all attestation mechanism tailored specifically for Android that can measure the integrity of it device at two levels of granularity Our approach allows a challengei to verify the integrity of Android not only at the operating system level but also that of code executing on top of the VIVI We present the implementation details of our architecture and show thiough evaluation that; our architecture is feasible both in terms of time complexity and battery consumption