Smartphone Security Issues And The Potential Pitfalls

Smartphone Security Issues

Smartphones, with advanced computing ability and connectivity, have dramatically changed the computing landscape. Smartphones run complete operating system software that provides a standardized interface and platform for a large number of applications in the marketplaces such as the Apple App Store, Android Market, and Amazon App Store. Android Market is the most popular app store among commercial developers. Google Play is the premier store for distributing Android apps. Users can easily and quickly download new apps and games. This popularity of smartphone applications has drawn the attention of attackers. There are several demonstrated Malware attacks on the Android platform. Studies indicate that the number of malicious applications in app repositories has increased with increasing the rate of downloading apps. Therefore, Privacy and security of apps are important issues for smartphone users.

According to new research by University of New Haven’s Cyber Forensics Research and Education Group (UNHcFREG), “anyone who uses the affected applications is at risk of confidential data breaches. Depending on the app, user locations, passwords, chat logs, images, video, audio, and sketches can be viewed by people invading the user’s privacy”. Moreover, Ibrahim Baggili, assistant professor of computer science at UNH’s Tagliatela College of Engineering stated that “although all of the data transmitted through these apps is supposed to go securely from just one person to another, we have found that private communications can be viewed by others because the data is not being encrypted and the original user has not clue.” Unfortunately, most smartphone users believe that downloading applications from the app repository is risk-free or secure because of existing security controls in the app repository. Hence, majority of smartphone users ignore security messages during application installation due to the lack of security awareness. Therefore, educating users and enhancing their knowledge about the security practices is paramount. “They should learn to run security tests on their own”.

Although several security companies have introduced some security solutions for smartphones (e.g. anti-virus, firewalls, rootkit detectors, intrusion detection system (IDS), and other useful tools) that can be run on the smartphone and smartphone user can take these applications in online market, they cannot prevent attacks from inside caused by using implementation error or user unawareness. They can only prevent attacks from outside like malware. Therefore, users should adopt other security mechanisms to enhance security of their smartphone.

Jeon et al. (2011) conducted a study on smartphone security called A Practical Analysis of Smartphone Security and introduced three ways to keep smartphone secure. They are as follows:

  • Add-on application is easiest way. Smartphone users have to install appropriate applications (like anti-virus or SPAM filtering from appstore ) to their smartphone to increase smartphone security. In fact, this way can’t ensure security improvement.
  • System add-on means system updates. Platform manufacturer and application developer provide updates for their products and this update includes both improvement of functionality and security. So, smartphone users have to update their smartphone platform and applications periodically for smartphone security.
  • System modification is most expensive way to improve smartphone security, because it needs kernel configuration. However, this way can improve entire security of smartphone platform.”

In addition, application developers and smartphone users should adopt cryptographic technology (application and APIs) to enhance confidentiality and integrity in smartphones. In line with this idea, Baggili suggests that “the app stores should have enforced standards for personal messaging applications that enforce developers to use encryption on those apps.”

By Mojgan Afshari

Answer To Everything.png
David Fletcher Blown Image
Holiday Access.png
The Manuscript.png
Bitcoin electricity
Bitcoin Heating? Bitcoin mining or cryptocurrency mining has been widely vilified for it’s environmental impact. Why it does draw a huge amount of energy, more and more of it is coming from renewable sources and ...
Gilad David Maayan
Cloud Security Posture Management Cloud Security Posture Management (CSPM) enables you to secure cloud data and resources. You can integrate CSPM into your development process, to ensure continuous visibility. CSPM is particularly beneficial for DevOps ...
Rajesh Khanna
Implement Hyperautomation to Scale Automation Programs by 3X Most Digital Service Providers (DSPs) struggle to accelerate their path to Hyperautomation due to the complex processes with legacy systems and applications. Although Robotic Process Automation (RPA) plays a ...
Rakesh Soni
5 Common Myths About Cloud Computing Cloud computing has offered new horizons to businesses embarking on a digital transformation journey. However, no matter how appealing, it’s also a reason to worry. With cloud computing, businesses ...
Metasploit-Penetration-Testing-Software-Pen-Testing-Security
Vulnerability Scanners Cyber security vulnerabilities are a constant nuisance and it certainly doesn't help with the world in a current state of disarray and uncertainty. Vulnerabilities leave businesses and individuals subject to a wide range ...
  • Plural Site

    Pluralsite

    Pluralsight provides online courses on popular programming languages and developer tools. Other courses cover fields such as IT security best practices, server infrastructure, and virtualization.

  • Isc2

    ISC2

    (ISC)² provides IT training, certifications, and exams that run online, on your premises, or in classrooms. Self-study resources are available. You can also train groups of 10 or more of your employees. If you want a job in cybersecurity, this is the route to take.

  • App Academy

    App Academy

    Immersive software engineering programs. No experience required. Pay $0 until you're hired. Join an online info session to learn more

  • Cybrary

    Cybrary

    CYBRARY Open source Cyber Security learning. Free for everyone, forever. The world's largest cyber security community. Cybrary provides free IT training and paid IT certificates. Courses for beginners, intermediates, and advanced users are available.