Designing a comprehensive security framework for smartphones and mobile devices

This work investigates issues and challenges of cyber security, specifically malware targeting mobile devices. Recent advances in technology have provided high CPU power, large storage, broad bandwidth and integrated peripheral devices such as Bluetooth, Wi-Fi, 3G/4G to mobile devices, making them popular computing and communication devices. Mobile malware has been targeting mobile devices more than ever and seems to be shifted from their traditional host, the personal computers, to more vulnerable victims. In this study, we mainly focus on malware for Android-based mobile devices. We analyze and discuss related malware and recognize its trends and challenges. We also present a comprehensive security solution that addresses the security from malware threats

Android Security: A Survey of Issues, Malware Penetration, and Defenses

Smartphones have become pervasive due to the availability of office applications, Internet, games, vehicle guidance using location-based services apart from conventional services such as voice calls, SMSes, and multimedia services. Android devices have gained huge market share due to the open architecture of Android and the popularity of its application programming interface (APIs) in the developer community. Increased popularity of the Android devices and associated monetary benefits attracted the malware developers, resulting in big rise of the Android malware apps between 2010 and 2014. Academic researchers and commercial antimalware companies have realized that the conventional signature-based and static analysis methods are vulnerable. In particular, the prevalent stealth techniques, such as encryption, code transformation, and environment-aware approaches, are capable of generating variants of known malware. This has led to the use of behavior-, anomaly-, and dynamic-analysis-based methods. Since a single approach may be ineffective against the advanced techniques, multiple complementary approaches can be used in tandem for effective malware detection. The existing reviews extensively cover the smartphone OS security. However, we believe that the security of Android, with particular focus on malware growth, study of antianalysis techniques, and existing detection methodologies, needs an extensive coverage. In this survey, we discuss the Android security enforcement mechanisms, threats to the existing security enforcements and related issues, malware growth timeline between 2010 and 2014, and stealth techniques employed by the malware authors, in addition to the existing detection methods. This review gives an insight into the strengths and shortcomings of the known research methodologies and provides a platform, to the researchers and practitioners, toward proposing the next-generation Android security, analysis, and malware detection techniques