Candice Louw
ABSTRACT
Over the past few years smartphones have evolved from being basic devices that support stock-standard, static Operating Systems (OSs) to powerful devices that are capable of running dynamic, customizable OSs. In turn, these OSs also support the installation of additional, mobile applications (apps) on the fly. With an increase in the number of apps that users may choose to install on their smartphones, the vulnerability of the information stored on the device potentially also increases as a result. This is due to the fact that cyber criminals are able to write apps that can often gain access to not only personal user information, but also sensitive organizational information stored on these smartphone devices.
In this paper we have a look at smartphone OS trends over the past 5 years on both a global and a local scale. We subsequently identify Android as the top grossing OS in both scenarios making it the most popular OS in the world. We proceed with an investigation of various aspects relating to smartphone apps including a discussion on some of the official app distribution platforms (referred to as marketplaces), the problems experienced by marketplaces due to malicious apps being distributed and also the current techniques being employed in an attempt to minimize the publication of malicious apps. We continue our discussion on apps by looking at the typical process followed for downloading and also updating an app -- these are in turn used to form a complete user journey map of a generic app marketplace.
Finally, we focus our attention to the smartphone user. By introducing the Smartphone User Competency Evolution (SUCE) model as well as the Smartphone Application User Security Competency Evolution (SAUSCE) model, we discuss the significance of determining an individual user's level of understanding and competence relating to the usage of their smartphone and the apps installed on it.
We conclude by noting that the SAUSCE model could potentially aid individual users and/or their organizations at providing level appropriate training and awareness to aid smartphone users in their ongoing battle against smartphone abusers. The efficacy that such a model may have when used in conjunction with other best practices however, relies greatly on the successful implementation of `if the shoe fits, put it on' understanding, regulation and enforcement. As a result, it will no longer be a question of if the shoe fits, put it on, but rather, if the smartphone security level fits, put (switch) it on.
- StatCounter GlobalStats. Top 8 Mobile Operating Systems from 2010 to 2015. Retrieved June 1, 2015 from http://gs.statcounter.com/#mobile_os-ww-yearly-2010-2015.Google Scholar
- StatCounter GlobalStats. Top 8 Mobile Operating Systems in South Africa from 2010 to 2015. Retrieved June 1, 2015 from http://gs.statcounter.com/#mobile_os-ZA-yearly-2010-2015.Google Scholar
- Wu, L., Grace, M., Zhou, Y., Wu, C., and Jiang, X. 2013. The Impact of Vendor Customizations on Android Security. In CSS'13 (November 4-8, 2013, Berlin, Germany). DOI= http://dx.doi.org/10.1145/2508859.2516728. Google ScholarDigital Library
- Google. 2015. Google play. Retrieved June1, 2015 from https://play.google.com/store?hl=en.Google Scholar
- Apple. 2015. iTunes. Retrieved June 1, 2015 from https://www.apple.com/itunes/charts/free-apps/.Google Scholar
- Microsoft. 2015. Windows Phone. Retrieved June 1, 2015 from http://www.windowsphone.com/en-za/store.Google Scholar
- Hypponen, M. 2006. Malware goes Mobile. In Scientific American, 295, pp70--77. DOI= 10.1038/scientificamerican1106-70.Google ScholarCross Ref
- Viennot, N., Garcia, E., and Nieh, J. 2014. A Measurement Study of Google Play. In Proceeding of SIGMETRICS'14, June 16-20, 2014, Austin, Texas, USA. DOI= http://doi.acm.org/10.1145/2591971.2592003. Google ScholarDigital Library
- Zhou, Y. and Jiang, X. 2012. Dissecting Android Malware: Characterization and Evolution. In 2012 IEEE Symposium on Security and Privacy (SP), 20--23 May 2012, San Francisco, CA, 95--109. DOI= http://doi.acm.org/10.1109/SP.2012.16. Google ScholarDigital Library
- Zhou, W., Zhou, Y., Jiang, X., and Ning, P. 2012. Detecting Repackaged Smartphone Applications in Third-Party Android Marketplaces. In CODASPY'12, February 7--9, San Antonio, Texas, USA. Google ScholarDigital Library
- Zhang, Y., Yang, M., Xu, B., Yang, Z., Gu, G., Ning, P., Wang, X. S., and Zang, B. 2013. Vetting Undesirable Behaviors in Android Apps with permission Use Analysis. In Proceeding of CCS'13, November 4-8, 2013, Berlin, Germany. DOI= http://doi.acm.org/10.1145/2508859.2516689. Google ScholarDigital Library
- Zhou, Y., Wang, Z., Zhou, W., and Jiang, X. 2012. Hey, You, Get Off of My Market: Detecting Malicious Apps in Official and Alternative Android Markets. In NDSS, The Internet Society, 2012.Google Scholar
- Xu, Z. and Zhu, S. 2012. Abusing Notification Services on Smartphones for Phishing and Spamming. In USENIX Workshop on Offensive Technologies (WOOT), 2012. Google ScholarDigital Library
- Wu, L., Grace, M., Zhou, Y., Wu, C., and Jiang, X. 2013. The Impact of Vendor Customization on Android Security. In CCS'13, November 4-8, 2013, Berlin, Germany. DOI= 10.1145/2508859.2516728. Google ScholarDigital Library
- Davi, L., Dmitrienko, A., Sadeghi, A., and Winandy, M. 2011. Privilege Escalation Attacks on Android. In Proceedings of the 13th international conference on Information security (ISC'10), Springer-Verlag, Berlin, Heidelberg, 346--360. Google ScholarDigital Library
- Peng, H., Gates, C., Sarma, B., Li, N., Qi, Y., Potharaju, R., Nita-Rotaru, C., and Molloy, I. 2012. Using Probabilistic Generative Models for Ranking Risks of Android Apps. In CCS'12, October 16--18, 2012, Raleigh, North Carolina, USA. Google ScholarDigital Library
- Felt, A. P., Ha, E. Egelman, S., Haney, A., Chin, E., and Wagner, D. 2012. In Symposium on Usable Privacy and Security (SOUPS) 2012, July 11--13, Washington, DC. USA.Google Scholar
- Nauman, M., Khan, S., and Zhang, X. 2010. Apex: Extending Android Permission Model and Enforcement with User-defined Runtime Constraints. In ASIACCS'10, April 13--16, 2010, Beijing, China. Google ScholarDigital Library
- MalwareTips. Remove virus from Android phone (Pop-up Ads and Adware). Retrieved June 4, 2015 from http://malwaretips.com/blogs/remove-android-virus/.Google Scholar
- Amazon.com. Getting Started with the Amazon Appstore for Android. Retrieved June 4, 2015 from https://www.amazon.com/gp/feature.html?ie=UTF8&docId=1000626391.Google Scholar
- Chang, R. 2014. 10 Alternative Android App Stores. Retrieved June 4, 2015 from http://code.tutsplus.com/articles/10-alternative-android-app-stores--cms-20999.Google Scholar
- Donovan, J. 2015. How to root your Android phone or tablet in 2015(and unroot it). Retrieved June 8, 2015 from http://www.digitaltrends.com/mobile/how-to-root-android/.Google Scholar
- Allam, S. and Flowerday, S. 2010. A Model to Measure the Maturity of Smartphone Security at Software Consultancies. In Proceedings of the South African Information Security Multi-Conference (SAISMC 2010).Google Scholar
Recommendations
Android Applications Repackaging Detection Techniques for Smartphone Devices
The problem of malwares affecting Smartphones has been widely recognized by the researchers across the world. Majority of these malwares target Android OS. Studies have found that most of the Android malwares hide inside repackaged apps to get inside ...
Secure Containers in Android: The Samsung KNOX Case Study
SPSM '16: Proceedings of the 6th Workshop on Security and Privacy in Smartphones and Mobile DevicesBring Your Own Device (BYOD) is a growing trend among enterprises, aiming to improve workers' mobility and productivity via their smartphones. The threats and dangers posed by the smartphones to the enterprise are also ever-growing. Such dangers can be ...
Comments