Android Smartphone Security

Our daily lives become more and more dependent on smartphones due to their high processing power and increased capabilities. Smartphones have features of both a mobile phone and a computer, allowing us to talk, text, tweet, email, browse the Internet, make purchases, manage bank accounts, and take pictures. “Smartphones’ popularity and relatively lax security have made them attractive targets for attackers to invade smartphones in various paths”.

Changes have been created in the mobile phone landscape with the introduction of smart phones running Android. Android is an open smartphone platform developed by the Google-led Open Handset Alliance. Scholars predict that the Android will control 45.4 percent of the market share by 2015 due to its open source nature and adoption by telecommunications providers worldwide. In fact, Open mobile platforms like Android provide an opportunity for consumers to access more applications. Applications can be installed on Android devices through the Android Market and other untrusted third party sites. Recent studies indicate that there are malicious applications that can be uploaded onto app stores and then successfully advertised to users. These malicious applications will access to a user’s personal information, all messages, network communication and services that cost money. Similarly, Kaspersky’s Internet security experts (2012) reported on more than 35,000 malicious Android programs. They explained the reasons for the huge growth in Android Malware:

• “The Android platform has become the most widespread operating system (OS) for new smartphones – it has over 70% market share. 
• The open nature of the Android OS, the ease with which apps can be created, and the wide variety of (unofficial) application markets all have an influence on security.”

In line with this idea, a study has been recently conducted by a group of researchers at University of New Haven (UNHeFREG) to discover security issues within the social media, chatting, and dating app market on android. They observed app network traffic to find unencrypted data transmissions. They created a test network using Windows 7’s virtual miniport adapter. Then, they connected the android phone to this network to monitor all traffic being sent and received by the android device. An iPad was connected outside the test network and was used to exchange data to the android device. With this setup, they were able to capture a great deal of sensitive user information. In addition, they conducted server storage analysis and device storage analysis to find out how apps store user data on the server and device. Finally, they reported that anyone who uses many popular android apps (such as Instagram, Okcupid, ooVoo, Tango, Klk, Nimbuzz, MeetMe, MessageMe, TextMe, Grindr, HeyWire, Hike, and textPlus) is in danger of confidential data breaches. It would seem that the current Android security architecture and operating system cannot provide adequate security for Android mobile phone users.

As discussed above, the current Android security system has multiple flaws and Android users need new ways to protect their private personal data from a malicious attack. In order to improve our smartphone security, Fraces (2014) suggested several tips as follows: Selecting strong password or pattern; Installing and updating security solutions; Downloading applications only from trusted and reliable sources; Checking our apps permissions and rights; Performing regular updates of the O.S on our device; Preparing back up from our information frequently; Encrypting our confidential information; Beware of entering sensitive information on our smartphone; and Avoiding jailbraking or rooting of the device.

By Mojgan Afshari