Security Analysis of Android Automotive
In-vehicle infotainment (IVI) platforms are getting increasingly connected. Besides OEM apps and services, the next generation of IVI platforms are expected to offer third-party application integration. Under this business model, vehicular sensor and event data can be collected and shared with selected third-party apps. To this end, Google is pushing towards standardization among proprietary IVI operating systems with their Android Automotive platform which is running natively on the vehicle’s IVI platform. Unlike Android Auto’s limited functionality of display-mirroring certain smartphone apps to the IVI screen, Android Automotive will have access to the in-vehicle network (IVN) and be able to read and share various sensor data from the car with third-party apps. This increased connectivity opens new business opportunities for both the car manufacturer as well as third-party entities, but also introduces a new attack surface on the vehicle.