CREDENTIAL ANALYSIS FOR SECURITY CONFIGURATION ON CUSTOM ANDROID ROM

Android is an operating system with open source and consists of several layers, with the different layers its duties and responsibilities. Various parties in the customization chain such as device vendors such as Samsung, Xiaomi, Oppo, Huawei, and others, operators such as Telkomsel, Smartfren, XL, etc., and hardware manufacturers can customize one or more layers to adapt devices for different purposes, such as supporting specific hardware and providing different interfaces and services. The purpose of this study was to investigate systematically for any inconsistencies that arose as a result of the processes involved in this study and to assess their various security implications. This research runs DroidDiff to perform a substantial-balance diverse investigation on images collected by the analytical methodology. DroidDiff found a lot of differences when it comes to the selected features. The method used in this study is the method of five differential analysis algorithms. As a result, by comparing the security configurations of similar figures, important security changes that could be accidentally introduced during customization can be found. The results show that DroidDiff can be used by vendors to check the configuration of various security features in a given image. DroidDiff will extract those features from the image, and compare them to other image configuration sets, then DroidDiff will flag the inconsistent ones for further investigation by vendors who have the source code and tools to check their effect. For future work, improvements to DroidDiff to more accurately detect risky inconsistencies are highly recommended. Improving DroidDiff will help reduce the number of false positives and determine risky configurations more accurately.