Android Security Audit

  • Android Security Audit
  • Threats
  • Security in operating systems


Mobile security or mobile phone security has become increasingly important in mobile computing. Of particular concern is the security of personal and business information now stored on smartphones.All smartphones, as computers, are preferred targets of attacks. These attacks exploit weaknesses inherent in smartphones that can come from the communication mode—like Short Message Service (SMS, aka text messaging), Multimedia Messaging Service (MMS), wifi, Bluetooth and GSM, the de facto global standard for mobile communications. There are also exploits that target software vulnerabilities in the browser or operating system. And some malicious software relies on the weak knowledge of an average user. According to a finding by McAfee in 2008, 11.6% users had heard of someone else being affected by mobile malware, but only 2.1% had personal experience on such problem. However, this number is expected to grow.  

For Query & Registration

A smartphone user is exposed to various threats when they use their phone. In just the last two-quarters of 2012, the number of unique mobile threats grew by 261%, according to ABI Research. These threats can disrupt the operation of the smartphone, and transmit or modify user data. So applications must guarantee privacy and integrity of the information they handle. In addition, since some apps could themselves be malware, their functionality and activities should be limited (for example, restricting the apps from accessing location information via GPS, blocking access to the user's address book, preventing the transmission of data on the network, sending SMS messages that are billed to the user, etc.).
There are three prime targets for attackers:
Data: smartphones are devices for data management, and may contain sensitive data like credit card numbers, authentication information, private information, activity logs (calendar, call logs);
Identity: smartphones are highly customizable, so the device or its contents can easily be associated with a specific person. For example, every mobile device can transmit information related to the owner of the mobile phone contract,[citation needed] and an attacker may want to steal the identity of the owner of a smartphone to commit other offenses;
Availability: attacking a smartphone can limit access to it and deprive the owner of its use.
The source of these attacks are the same actors found in the non-mobile computing space: Professionals, whether commercial or military, who focus on the three targets mentioned above. They steal sensitive data from the general public, as well as undertake industrial espionage. They will also use the identity of those attacked to achieve other attacks;
Thieves who want to gain income through data or identities they have stolen. The thieves will attack many people to increase their potential income;
Black hat hackers who specifically attack availability. Their goal is to develop viruses, and cause damage to the device.In some cases, hackers have an interest in stealing data on devices.
Grey hat hackers who reveal vulnerabilities. Their goal is to expose vulnerabilities of the device. Grey hat hackers do not intend on damaging the device or stealing data.

The first layer of security in a smartphone is the operating system (OS). Beyond needing to handle the usual roles of an operating system (e.g. resource management, scheduling processes) on the device, it must also establish the protocols for introducing external applications and data without introducing risk.
A central paradigm in mobile operating systems is the idea of a sandbox. Since smartphones are currently designed to accommodate many applications, they must have mechanisms to ensure these applications are safe for the phone itself, for other applications and data on the system, and for the user. If a malicious program reaches a mobile device, the vulnerable area presented by the system must be as small as possible. Sandboxing extends this idea to compartmentalize different processes, preventing them from interacting and damaging each other. Based on the history of operating systems, sandboxing has different implementations. For example, where iOS will focus on limiting access to its public API for applications from the App Store by default, Managed Open In allows you to restrict which apps can access which types of data. Android bases its sandboxing on its legacy of Linux and TrustedBSD.