Skip to main content
SpringerLink
Log in

User privacy and modern mobile services: are they on the same path?

  • Original Article
  • Published:
Personal and Ubiquitous Computing Aims and scope Submit manuscript

Abstract

Perhaps, the most important parameter for any mobile application or service is the way it is delivered and experienced by the end-users, who usually, in due course, decide to keep it on their software portfolio or not. Most would agree that security and privacy have both a crucial role to play toward this goal. In this context, the current paper revolves around a key question: Do modern mobile applications respect the privacy of the end-user? The focus is on the iPhone platform security and especially on user’s data privacy. By the implementation of a DNS poisoning malware and two real attack scenarios on the popular Siri and Tethering services, we demonstrate that the privacy of the end-user is at stake.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9

Similar content being viewed by others

References

  1. Dafir Ech-Cherif El Kettani M, En-Nasry B (2011) MIdM: an open architecture for mobile identity management. J Converg 2(2):25–32

    Google Scholar 

  2. Luo H, Shyu ML (2011) Quality of service provision in mobile multimedia—a survey. Human-centric Comput Inf Sci 1:5

    Article  Google Scholar 

  3. Chuan D, Lin Y, Linru M, Yua C (2011) Towards a practical and scalable trusted software dissemination system. J Converg 2(1):53–60

    Google Scholar 

  4. Halbronn C, Sigwald J (2010) iPhone security model & vulnerabilities. In: Proceedings of Hack in the box sec-conference. Kuala Lumpur, Malaysia

  5. Burns J (2009) Exploratory android surgery. In: Proceedings of Black Hat, USA

  6. Miller C (2011) Inside iOS code signing. In: Proceedings of symposium on security for Asia network (SyScan)

  7. Damopoulos D, Kambourakis G, Gritzalis S (2011) iSAM: an iPhone stealth airborne malware. In: Proceedings of IFIPSec 2011, vol 354. Springer, Berlin, pp 17–28

  8. Lookout Mobile Security, Mobile Threat Report (2012) https://www.mylookout.com/mobile-threat-report. Accessed 10 Mar 2012

  9. Lookout Mobile Security, DroidDream (2012) http://blog.mylookout.com/droiddream/. Accessed 10 Mar 2012

  10. Pod2g, Corona (2012) http://pod2g-ios.blogspot.com/2012/01/details-on-corona.html. Accessed 10 Mar 2012

  11. The iPhone Wiki, MobileSubstrate (2012) http://iphonedevwiki.net/index.php/MobileSubstrate. Accessed 10 Mar 2012

  12. The iPhone Wiki, Theos (2012) http://iphonedevwiki.net/index.php/Theos. Accessed 10 Mar 2012

  13. DumasLab, Inside Siri (2012) http://dumaslab.com/2011/11/inside-siri/. Accessed 10 Mar 2012

  14. Lamonica P, SiriProxy (2012) https://github.com/plamoni/SiriProxy. Accessed 10 Mar 2012

  15. Felt AP et al (2011) A survey of mobile malware in the wild. In: Proceedings of ACM CCS (SPSM), Chicago, USA

  16. La Polla M, Martinelli F, Sqandurra D (2012) A survey on security for mobile devices, technical report, http://puma.isti.cnr.it/dfdownload.php?ident=/cnr.iit/2011-TR-026&langver=en&scelta=Metadata. Accessed 10 Mar 2012

  17. Schmidt A, Albayrak S (2012) Malicious software for smartphones, technical report TUB-DAI 02/08-01, Technische Universitat Berlin, DAI-Labor, Feb 2008. http://www.dai-labor.de. Accessed 10 Mar 2012

  18. Seriot N (2010) iPhone privacy. In: Proceedings of Black Hat, USA

  19. Mulliner C, Miller C (2009) Fuzzing the phone in your phone. In: Proceedings of the Black Hat, USA

  20. Porras P, Saidi H, Yegneswara V (2009) An analysis of the Ikee.B (Duh) iPhone botnet, SRI International Computer Science Laboratory, technical report

  21. Esser S (2011) iOS kernel exploitation—IOKit edition. In: Proceedings of symposium on security for Asia network, Taiwan

  22. Android Security Test, CarrierIQ, http://androidsecuritytest.com/features/logs-and-services/loggers/carrieriq. Accessed 10 Mar 2012

Download references

Acknowledgments

This research is partially supported by Seoul National University of Science and Technology.

Author information

Authors and Affiliations

  1. Department of Information and Communication Systems Engineering, University of the Aegean, Samos, Greece

    D. Damopoulos, G. Kambourakis, M. Anagnostopoulos & S. Gritzalis

  2. Department of Computer Science and Engineering, Seoul National University of Science and Technology, Seoul, Republic of Korea

    J. H. Park

Authors
  1. D. Damopoulos
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. G. Kambourakis
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. M. Anagnostopoulos
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. S. Gritzalis
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. J. H. Park
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to D. Damopoulos.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Damopoulos, D., Kambourakis, G., Anagnostopoulos, M. et al. User privacy and modern mobile services: are they on the same path?. Pers Ubiquit Comput 17, 1437–1448 (2013). https://doi.org/10.1007/s00779-012-0579-1

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s00779-012-0579-1

Keywords

Search

Navigation