Smartphone Security Issues
Smartphones, with advanced computing ability and connectivity, have dramatically changed the computing landscape. Smartphones run complete operating system software that provides a standardized interface and platform for a large number of applications in the marketplaces such as the Apple App Store, Android Market, and Amazon App Store. Android Market is the most popular app store among commercial developers. Google Play is the premier store for distributing Android apps. Users can easily and quickly download new apps and games. This popularity of smartphone applications has drawn the attention of attackers. There are several demonstrated Malware attacks on the Android platform. Studies indicate that the number of malicious applications in app repositories has increased with increasing the rate of downloading apps. Therefore, Privacy and security of apps are important issues for smartphone users.
According to new research by University of New Haven’s Cyber Forensics Research and Education Group (UNHcFREG), “anyone who uses the affected applications is at risk of confidential data breaches. Depending on the app, user locations, passwords, chat logs, images, video, audio, and sketches can be viewed by people invading the user’s privacy”. Moreover, Ibrahim Baggili, assistant professor of computer science at UNH’s Tagliatela College of Engineering stated that “although all of the data transmitted through these apps is supposed to go securely from just one person to another, we have found that private communications can be viewed by others because the data is not being encrypted and the original user has not clue.” Unfortunately, most smartphone users believe that downloading applications from the app repository is risk-free or secure because of existing security controls in the app repository. Hence, majority of smartphone users ignore security messages during application installation due to the lack of security awareness. Therefore, educating users and enhancing their knowledge about the security practices is paramount. “They should learn to run security tests on their own”.
Although several security companies have introduced some security solutions for smartphones (e.g. anti-virus, firewalls, rootkit detectors, intrusion detection system (IDS), and other useful tools) that can be run on the smartphone and smartphone user can take these applications in online market, they cannot prevent attacks from inside caused by using implementation error or user unawareness. They can only prevent attacks from outside like malware. Therefore, users should adopt other security mechanisms to enhance security of their smartphone.
Jeon et al. (2011) conducted a study on smartphone security called A Practical Analysis of Smartphone Security and introduced three ways to keep smartphone secure. They are as follows:
- “Add-on application is easiest way. Smartphone users have to install appropriate applications (like anti-virus or SPAM filtering from appstore ) to their smartphone to increase smartphone security. In fact, this way can’t ensure security improvement.
- System add-on means system updates. Platform manufacturer and application developer provide updates for their products and this update includes both improvement of functionality and security. So, smartphone users have to update their smartphone platform and applications periodically for smartphone security.
- System modification is most expensive way to improve smartphone security, because it needs kernel configuration. However, this way can improve entire security of smartphone platform.”
In addition, application developers and smartphone users should adopt cryptographic technology (application and APIs) to enhance confidentiality and integrity in smartphones. In line with this idea, Baggili suggests that “the app stores should have enforced standards for personal messaging applications that enforce developers to use encryption on those apps.”
By Mojgan Afshari
Mojgan Afshari is a senior lecturer in the Department of Educational Management, Planning and Policy at the University of Malaya. She earned a Bachelor of Science in Industrial Applied Chemistry from Tehran, Iran. Then, she completed her Master’s degree in Educational Administration. After living in Malaysia for a few years, she pursued her PhD in Educational Administration with a focus on ICT use in education from the University Putra Malaysia.She currently teaches courses in managing change and creativity and statistics in education at the graduate level. Her research areas include teaching and learning with ICT, school technology leadership, Educational leadership, and creativity. She is a member of several professional associations and editor of the Journal of Education. She has written or co-authored articles in the following journals: Journal of Technology, Pedagogy and Education, The Turkish Online Journal of Educational Technology, International Journal of Education and Information Technologies, International Journal of Instruction, International Journal of Learning, European Journal of Social Sciences, Asia Pacific Journal of Cancer Prevention, Life Science Journal, Australian Journal of Basic and Applied Sciences, Scientific Research and Essays.