This work addresses the systemic security risks arising from inconsistent cryptographic implementations in the Android ecosystem, driven by vendor and chipset heterogeneity. We present DroidCCT—the first distributed, passive testing framework designed for real-world devices—and conduct a transparent compliance assessment over trillions of Android Keystore operations spanning 500 million devices. Through large-scale passive measurement, cryptographic artifact analysis, randomness evaluation, and side-channel vulnerability detection, we uncover critical flaws across platforms, including weak random number generation and timing side channels. Our findings demonstrate that heterogeneous implementations significantly undermine cryptographic reliability, underscoring the urgent need for fault-resilient and side-channel-resistant cryptographic designs in mobile systems.

We develop DroidCCT, a distributed test framework to evaluate the scale of a wide range of failures/bugs in cryptography for end users. DroidCCT relies on passive analysis of artifacts from the execution of cryptographic operations in the Android ecosystem to identify weak implementations. We collect trillions of samples from cryptographic operations of Android Keystore on half a billion devices and apply severalanalysis techniques to evaluate the quality of cryptographic output from these devices and their underlying implementations. Our study reveals several patterns of bugs and weakness in cryptographic implementations from various manufacturers and chipsets. We show that the heterogeneous nature of cryptographic implementations results in non-uniform availability and reliability of various cryptographic functions. More importantly, flaws such as the use of weakly-generated random parameters, and timing side channels may surface across deployments of cryptography. Our results highlight the importance of fault- and side-channel-resistant cryptography and the ability to transparently and openly test these implementations.