USABILITY AND SECURITY OF ANDROID TRUSTED EXECUTION ENVIRONMENTS

Trusted Execution Environments (TEEs) have become a foundational security primitive in modern Android devices, offering hardware-backed isolation for sensitive operations such as cryptographic key management, biometric authentication, and secure user confirmation. Despite their widespread availability, TEE-based features remain underutilized in practice, often due to usability limitations, inconsistent vendor implementations, and widespread developer misconceptions. The purpose of this dissertation is to promote practical and secure usage of TEEs within Android applications without requiring changes that are incompatible with the ecosystem. First, it introduces SARA (Secure Android Remote Authorization), a novel TEE-backed authorization protocol that ensures only the legitimate user can approve sensitive operations, even in the presence of a compromised operating system. SARA uses a double-signing approach that combines biometric authentication and user confirmation, and is implemented as a drop-in Android library using only officially supported APIs. Its security is formally verified using ProVerif, and a controlled user study demonstrates its usability in real-world applications. Second, this work seeks to ensure the security of the underlying cryptography used by TEE-based features to provide their security guarantees. I developed AKF (Android Keymaster Fuzzer), a device-agnostic differential testing framework for Android Keymaster interface. AKF identified inconsistencies in cryptographic behavior across ten different Android Keymaster implementations, revealing dozens of vendor-specific flaws that compromise the expected security properties of TEE-backed APIs. Finally, the dissertation reports on a large-scale empirical study of how Android developers understand and use TEE-based APIs. The study highlights critical misconceptions, low adoption rates, and significant documentation gaps, even among developers of security sensitive applications. Many developers misunderstood the purpose and guarantees of these TEE-based APIs, and reported challenges in integrating them due to poor documentation and lack of clear guidance. The findings underscore the need for not just better tooling, but also clearer communication and education around secure TEE usage.