Journal of Information Security Research Simon James Fong 17 2 2026 https://doi.org/10.6025/jisr/2026/17/2/91-105 https://www.dline.info/jisr/fulltext/v17n2/jisrv17n3_1.pdf The proliferation of Android devices across diverse hardware architectures and software configurations introduces significant variability in cryptographic execution performance, directly impacting security readiness and protocol optimization. Despite extensive research on cloud security and malware detection, device-level computational heterogeneity remains underexplored. This study presents an unsupervised learning framework to characterize Android devices based on their intrinsic cryptographic benchmark profiles. Analyzing a curated dataset of 17 devices across 140 cryptographic timing features, we apply log transformation, standardization, and Principal Component Analysis (PCA), which captures 77.4% of variance in two dimensions. Three clustering algorithms K-means, hierarchical clustering, and DBSCAN are systematically evaluated. Results reveal a natural three-tier performance stratification, with K-means providing the most interpretable partition (Silhouette score: 0.325). Feature importance analysis demonstrates that public-key operations, particularly ECDSA and large-key RSA benchmarks, are the primary performance differentiators due to their computational intensity and sensitivity to hardware acceleration. Hierarchical analysis confirms this macro-structure and highlights gradual performance transitions among boundary devices, while DBSCAN effectively identifies tight local similarities. These findings establish a methodological foundation for performance-aware security assessment, enabling dynamic cryptographic parameter selection, optimized resource allocation, and targeted threat modeling. Furthermore, the framework is extended with proposed anomaly detection techniques for fine grained security monitoring. Ultimately, this research underscores the critical need for hardware aware intelligence in mobile cybersecurity, bridging device-level performance profiling with adaptive security analytics across heterogeneous Android ecosystems.