September 9, 2014

Smartphone Security Issues And The Potential Pitfalls

By Mojgan Afshari

Smartphone Security Issues

Smartphones, with advanced computing ability and connectivity, have dramatically changed the computing landscape. Smartphones run complete operating system software that provides a standardized interface and platform for a large number of applications in the marketplaces such as the Apple App Store, Android Market, and Amazon App Store. Android Market is the most popular app store among commercial developers. Google Play is the premier store for distributing Android apps. Users can easily and quickly download new apps and games. This popularity of smartphone applications has drawn the attention of attackers. There are several demonstrated Malware attacks on the Android platform. Studies indicate that the number of malicious applications in app repositories has increased with increasing the rate of downloading apps. Therefore, Privacy and security of apps are important issues for smartphone users.

According to new research by University of New Haven’s Cyber Forensics Research and Education Group (UNHcFREG), “anyone who uses the affected applications is at risk of confidential data breaches. Depending on the app, user locations, passwords, chat logs, images, video, audio, and sketches can be viewed by people invading the user’s privacy”. Moreover, Ibrahim Baggili, assistant professor of computer science at UNH’s Tagliatela College of Engineering stated that “although all of the data transmitted through these apps is supposed to go securely from just one person to another, we have found that private communications can be viewed by others because the data is not being encrypted and the original user has not clue.” Unfortunately, most smartphone users believe that downloading applications from the app repository is risk-free or secure because of existing security controls in the app repository. Hence, majority of smartphone users ignore security messages during application installation due to the lack of security awareness. Therefore, educating users and enhancing their knowledge about the security practices is paramount. “They should learn to run security tests on their own”.

Although several security companies have introduced some security solutions for smartphones (e.g. anti-virus, firewalls, rootkit detectors, intrusion detection system (IDS), and other useful tools) that can be run on the smartphone and smartphone user can take these applications in online market, they cannot prevent attacks from inside caused by using implementation error or user unawareness. They can only prevent attacks from outside like malware. Therefore, users should adopt other security mechanisms to enhance security of their smartphone.

Jeon et al. (2011) conducted a study on smartphone security called A Practical Analysis of Smartphone Security and introduced three ways to keep smartphone secure. They are as follows:

  • Add-on application is easiest way. Smartphone users have to install appropriate applications (like anti-virus or SPAM filtering from appstore ) to their smartphone to increase smartphone security. In fact, this way can’t ensure security improvement.
  • System add-on means system updates. Platform manufacturer and application developer provide updates for their products and this update includes both improvement of functionality and security. So, smartphone users have to update their smartphone platform and applications periodically for smartphone security.
  • System modification is most expensive way to improve smartphone security, because it needs kernel configuration. However, this way can improve entire security of smartphone platform.”

In addition, application developers and smartphone users should adopt cryptographic technology (application and APIs) to enhance confidentiality and integrity in smartphones. In line with this idea, Baggili suggests that “the app stores should have enforced standards for personal messaging applications that enforce developers to use encryption on those apps.”

By Mojgan Afshari

Mojgan Afshari

Mojgan Afshari is a senior lecturer in the Department of Educational Management, Planning and Policy at the University of Malaya. She earned a Bachelor of Science in Industrial Applied Chemistry from Tehran, Iran. Then, she completed her Master’s degree in Educational Administration. After living in Malaysia for a few years, she pursued her PhD in Educational Administration with a focus on ICT use in education from the University Putra Malaysia. She currently teaches courses in managing change and creativity and statistics in education at the graduate level.
Cloud Computing Humor
Premkumar Balasubramanian

It Can Be The Year of Right Clouding – But Avoid Potential Pitfalls

Some people are calling 2023 The Year of Cloud Repatriation. I think this is a bit inflammatory. [...]
Read more
Randy

AI Learning and Career Paths: Preparing for the Jobs of Tomorrow

AI Learning and Career Paths The Massachusetts Institute of Technology (MIT) has long been at [...]
Read more
Randy

Gain Critical AI Insights: The Oxford Artificial Intelligence Programme

Acquire Essential Skills for Success in the AI Industry The expansion of online learning within [...]
Read more
Bill Britton

Pioneering Cybersecurity Education: An Interview with Cal Poly’s CIO Bill Britton

Interview with Cal Poly’s CIO Bill Britton Welcome to CloudTweaks, where today we’re diving into [...]
Read more

CloudTweaks Q&A with BCM One CEO Geoff Bloss 

Hybrid Work Cultures: The New Norm In an era where seamless communication becomes the spine [...]
Read more
Derek Slager

2024 IT Trends: Using AI to Optimize Your First-Party Data Strategy

2024 AI Optimization Trends IT professionals are in for another challenging year thanks to advancements [...]
Read more

SPONSOR PARTNER

Unlock the power of Google Cloud with a $350 signup credit. Experience enhanced scalability, security, and innovation for your projects today!
© 2024 CloudTweaks. All rights reserved.