The Myths of and Solutions for Android OS Controlled and Secure Environment
DOI:
https://doi.org/10.17770/etr2015vol3.184Keywords:
Android, mobile computing, security, BYOD, smartphones, ICTAbstract
Android is the most popular mobile operating system nowadays both for smartphones and tablets. This fact creates many not fully recognized risks. Often even advanced users naive think that using antivirus software, firewall, encryption, updates, as well as avoiding potentially risky sites and applications are enough for security. This list is not full, but nevertheless each its item in most cases only conceals an illusion of reaching the security. Authors have summarized and pointed out several actual Android security issues and have proposed a number of possible solutions.
The practical experience as well as direct testing show that part of Android applications may contain a malware. The harmful characteristics of an application often become visible only after some runs, or after an update, or after a harmful web content is downloaded and shown by the application. It is observed that applications often try to get an unauthorized or inattentively authorized access to user data and send it outside the device.
The situation with Android applications gets more and more out of the control. The authors propose a solution to overcome the security issues, while respecting the latest Google solutions. Target group of the proposal are users that use smartphone or tablet both for private and corporate needs, i.e. Bring Your Own Device (BYOD) case.
The authors point out and compare four possible Android technical administration solutions based on the unified model for BYOD case. The authors also propose the changes to Android architecture to enhance its security. It is proposed to look at the mobile operating system as a web server. Such principle allows implementing in Android a number of security principles taken from the web servers solutions.
Downloads
References
D. Kerr. Android dominates 81 percent of world smartphone market. [Online]. Available: http://news.cnet.com/8301-1035_3-57612057-94/android-dominates-81-percent-of-world-smartphone-market/ [Accessed: Dec. 11, 2013].
P. Beuth, W. Merkels. Handy abgehört werden konnte. [Online]. Available: http://www.zeit.de/digital/datenschutz/2014-12/umts-verschluesselung-umgehen-angela-merkel-handy [Accessed: Dec. 25, 2014].
K. Nohl. Attacking phone privacy. Berlin: Security Research Labs. 2010.
OpenSignal. Android Fragmentation Visualized. [Online]. Available: http://opensignal.com/reports/2014/android-fragmentation/ [Accessed: Dec. 20, 2014].
Samsung Electronics Co. Ltd., featuring Gartner. Strategies to Solve Challenges of BYOD in Enterprise. 2013.
A. Goodloe, S. Person. NASA Formal Methods: 4th International Symposium, NFM 2012, Norfolk, VA, USA, April 3-5, 2012, Proceedings, Springer, 465 lpp.
C. Osborne. Android app malware rates jump 40 percent. [Online]. Available: http://www.zdnet.com/android-app-malware-rates-jump-40-percent-7000019093/ [Accessed: Aug. 7, 2013].
Z. Whittaker. Millions of Android users vulnerable to security threats, say feds. [Online]. Available: http://www.zdnet.com/millions-of-android-users-vulnerable-to-security-threats-say-feds-7000019845/ [Accessed: Aug. 26, 2013].
N. A. Staff. How to check the legitimacy of Android apps. [Online]. Available: http://networksasia.net/article/how-check-legitimacy-android-apps-1324343340, 11.10.2013.
P. Ducklin. Naked security. [Online]. Available: http://nakedsecurity.sophos.com/2013/05/31/android-malware-in-pictures-a-blow-by-blow-account-of-mobile-scareware/ [Accessed: May 31, 2013].
C. Castillo. McAfee Blog Central. [Online]. Available: - http://blogs.mcafee.com/mcafee-labs/phishing-attack-replaces-android-banking-apps-with-malware [Accessed: Jun. 3, 2013].
Android Smartphone Security. [Online]. Available: http://latestandroids.wordpress.com/2013/06/10/android-smartphone-security/ [Accessed: Jun. 10, 2013].
Technet. Security Options. [Online]. Available: http://technet.microsoft.com/en-us/library/jj852268.aspx [Accessed: Dec. 25, 2014].
Technet. Windows Server Security. [Online]. Available: http://technet.microsoft.com/en-us/windowsserver/windows-server-security.aspx [Accessed: Jan. 12, 2015].
Android Community. Android Security Overview. [Online]. Available: http://source.android.com/devices/tech/security/ [Accessed: Jan. 8, 2015].
Android Community. Dashboards. [Online]. Available: http://developer.android.com/about/dashboards/index.html [Accessed: Nov. 12, 2014].
Android Community. Session Initiation Protocol. [Online]. Available: http://developer.android.com/guide/topics/connectivity/sip.htm [Accessed: Nov. 12, 2014].
L. Chanhee, K. Jonghwa, C. Seong-je, C. Jongmoo, P. Yeongung. Unified security enhancement framework for the Android operating system. Supercomput 67:738–756, DOI 10.1007/s11227-013-0991-y, Springer Science+Business Media New York 2013, Published online: 6 August 2013 [Accessed: Dec. 29, 2014].
YAFFS. Overview. [Online]. Available: http://www.yaffs.net/yaffs-overview [Accessed: Dec. 19, 2014].
F-Secure Labs. Whitepappers. Mobile Threat Report. [Online]. Available: http://www.f-secure.com/static/doc/labs_global/Research/Mobile_Threat_Report_Q3_2013.pdf. [Accessed: Nov. 12, 2014].
F-Secure. (2014). Mobile Threat Report Q1 2014. [Online]. Available: https://www.f-secure.com/documents/996508/1030743/Mobile_Threat_Report_Q1_2014.pdf. [Accessed: Feb. 8, 2015].
Microsoft Corporation. Low cost devices in government and education- Windows vs. Android. [Online]. Available: http://blogs.technet.com/cfs-file.ashx/__key/communityserver-components-postattachments/00-03-59-75-35/Low-Cost-Devices-in-Government-and-Education-_2D00_-Windows-vs-Android.pdf [Accessed: Jan. 11, 2015].
T. Oh, B. Stackpole, E. Cummins, C. Gonzalez, R. Ramachandran. Best Security Practices for Android, BlackBerry, and iOS. The First IEEE Workshop on Enabling Technologies for Smartphone and Internet of Things (ETSIoT), 2012.
CERT.lv. Datorvīrusu ierobežošana. [Online]. Available: https://cert.lv/uploads/uploads/Seminari/Datorvirusu_ierobezosana.pdf [Accessed: Dec. 11, 2014].
B. Rossi. Mobile content management and BYOD: the Dropbox catch-22. [Online]. Available: http://www.information-age.com/technology/mobile-and-networking/123457826/mobile-content-management-and-byod-dropbox-catch-22 [Accessed: Mar. 20, 2014].
B. X. Chen, I. Austen. Samsung Armors Android to Take On BlackBerry. The New York Times. 2013.
Samsung Electronics Co., Ltd., Enterprise Mobility Solutions. White Paper: An Overview of Samsung KNOX 2013.
Average Large Enterprise Has More Than 2,000 Unsafe Mobile Apps Installed on Employee Devices. Veracode Press Release, March 15, 2015. [Online]. Available: http://www.veracode.com/average-large-enterprise-has-more-2000-unsafe-mobile-apps-installed-employee-devices [Accessed: Mar. 18, 2015].
