Abstract
Perhaps, the most important parameter for any mobile application or service is the way it is delivered and experienced by the end-users, who usually, in due course, decide to keep it on their software portfolio or not. Most would agree that security and privacy have both a crucial role to play toward this goal. In this context, the current paper revolves around a key question: Do modern mobile applications respect the privacy of the end-user? The focus is on the iPhone platform security and especially on user’s data privacy. By the implementation of a DNS poisoning malware and two real attack scenarios on the popular Siri and Tethering services, we demonstrate that the privacy of the end-user is at stake.
Similar content being viewed by others
References
Dafir Ech-Cherif El Kettani M, En-Nasry B (2011) MIdM: an open architecture for mobile identity management. J Converg 2(2):25–32
Luo H, Shyu ML (2011) Quality of service provision in mobile multimedia—a survey. Human-centric Comput Inf Sci 1:5
Chuan D, Lin Y, Linru M, Yua C (2011) Towards a practical and scalable trusted software dissemination system. J Converg 2(1):53–60
Halbronn C, Sigwald J (2010) iPhone security model & vulnerabilities. In: Proceedings of Hack in the box sec-conference. Kuala Lumpur, Malaysia
Burns J (2009) Exploratory android surgery. In: Proceedings of Black Hat, USA
Miller C (2011) Inside iOS code signing. In: Proceedings of symposium on security for Asia network (SyScan)
Damopoulos D, Kambourakis G, Gritzalis S (2011) iSAM: an iPhone stealth airborne malware. In: Proceedings of IFIPSec 2011, vol 354. Springer, Berlin, pp 17–28
Lookout Mobile Security, Mobile Threat Report (2012) https://www.mylookout.com/mobile-threat-report. Accessed 10 Mar 2012
Lookout Mobile Security, DroidDream (2012) http://blog.mylookout.com/droiddream/. Accessed 10 Mar 2012
Pod2g, Corona (2012) http://pod2g-ios.blogspot.com/2012/01/details-on-corona.html. Accessed 10 Mar 2012
The iPhone Wiki, MobileSubstrate (2012) http://iphonedevwiki.net/index.php/MobileSubstrate. Accessed 10 Mar 2012
The iPhone Wiki, Theos (2012) http://iphonedevwiki.net/index.php/Theos. Accessed 10 Mar 2012
DumasLab, Inside Siri (2012) http://dumaslab.com/2011/11/inside-siri/. Accessed 10 Mar 2012
Lamonica P, SiriProxy (2012) https://github.com/plamoni/SiriProxy. Accessed 10 Mar 2012
Felt AP et al (2011) A survey of mobile malware in the wild. In: Proceedings of ACM CCS (SPSM), Chicago, USA
La Polla M, Martinelli F, Sqandurra D (2012) A survey on security for mobile devices, technical report, http://puma.isti.cnr.it/dfdownload.php?ident=/cnr.iit/2011-TR-026&langver=en&scelta=Metadata. Accessed 10 Mar 2012
Schmidt A, Albayrak S (2012) Malicious software for smartphones, technical report TUB-DAI 02/08-01, Technische Universitat Berlin, DAI-Labor, Feb 2008. http://www.dai-labor.de. Accessed 10 Mar 2012
Seriot N (2010) iPhone privacy. In: Proceedings of Black Hat, USA
Mulliner C, Miller C (2009) Fuzzing the phone in your phone. In: Proceedings of the Black Hat, USA
Porras P, Saidi H, Yegneswara V (2009) An analysis of the Ikee.B (Duh) iPhone botnet, SRI International Computer Science Laboratory, technical report
Esser S (2011) iOS kernel exploitation—IOKit edition. In: Proceedings of symposium on security for Asia network, Taiwan
Android Security Test, CarrierIQ, http://androidsecuritytest.com/features/logs-and-services/loggers/carrieriq. Accessed 10 Mar 2012
Acknowledgments
This research is partially supported by Seoul National University of Science and Technology.
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Damopoulos, D., Kambourakis, G., Anagnostopoulos, M. et al. User privacy and modern mobile services: are they on the same path?. Pers Ubiquit Comput 17, 1437–1448 (2013). https://doi.org/10.1007/s00779-012-0579-1
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s00779-012-0579-1