Evaluating Smartphone Application Security: A Case Study on Android

Currently, smart phones are becoming indispensable for meeting the social expectation ofalways staying connected and the need for an increase inproductivity are the reasons for the increase in smartphone usage. One of the leaders of the smart phone evolution is Google2019;s Android operating system. It ishighly likely that Android is going to be installed in manymillions of cell phones during the near future. With thepopularity of Android smart phones everyone finds it convenient to make transactions through these smartphones because of the openness of Android applications. The malware attacks are also significant. Androidsecurity is complex and we evaluate an applicationdevelopment environment which is susceptible tomalware attacks. This paper evaluates Android securitywith the purpose of identifying a secure applicationdevelopment environment for performing securetransactions on Android-based smart phones

Detection and Prevention of Android Malware Attempting to Root the Device

Every year, malefactors continue to target the Android operating system. Malware which root the device pose the greatest threat to users. The attacker could steal stored passwords and contact lists or gain remote control of the phone. Android users require a system to detect the operation of malware trying to root the phone. This research aims to detect the Exploid, RageAgainstTheCage, and Gingerbreak exploits on Android operating systems. Reverse-engineering 21 malware samples lead to the discovery of two critical paths in the Android Linux kernel, wherein attackers can use malware to root the system. By placing sensors inside the critical paths, the research detected all 379 malware samples trying the root the system. Moreover, the experiment tested 16,577 benign applications from the Official Android Market and third party Chinese markets which triggered zero false positive results. Unlike static signature detection at the application level, this research provides dynamic detection at the kernel level. The sensors reside in-line with the kernel\u27s source code, monitoring network sockets and process creation. Additionally, the research demonstrates the steps required to reverse engineer Android malware in order to discover future critical paths. Using the kernel resources, the two sensors demonstrate efficient asymptotic time and space real-world monitoring. Furthermore, the sensors are immune to obfuscation techniques such as repackaging

Success model for BYOD implementation considering human and security perspectives in Malaysia government environment

Currently, the most benefits of BYOD implementation is to provide mobility and flexibility in workplaces with the use of compact mobile devices makes it stressfree to bring it everywhere. Although the concept is easy for the user, it introduces a new threat to the security of information technology. The network will be vulnerable to threats such as data leakage, complex security governance, lack of personal mobile devices control management, and incompetent employees in such technology. In this study, the most significant factors of BYOD implementation success model in Malaysian government environment are investigated by considering security perspective. This proposed model is to assist the government to develop a secure success model for implementing BYOD based on baseline theory models such as DeLone & McLean and other information system effectiveness theories. This study used a mixed-method convergent design by combining qualitative and quantitative approaches. The data collected is through interview sessions with the selected government’s employees including the expert team and using questionnaires for verification. The quantitative data gathered has been analysed by computer software named Statistical Package for the Social Sciences. The findings of this study are to pay attention to the security perspective of the BYOD implementation. The proposed success model will valuable to IT leaders and decision makers in implementing the BYOD technology securely and appropriate security controls can be incorporated by government agencies in Malaysia as well as embrace the consumerization of IT trend in the workplace to provide employees with a modest, ubiquitous access capability whether at the office, home or abroad, regardless of their computing devices

Privacidade no sistema Android

Mestrado em Engenharia Eletrónica e TelecomunicaçõesComputational development has, in recent years, led to a massive spread of mobile devices, these devices are highly evolved not only computationally as also in the ability to access and store all types of data, thus, the possibility of system or privacy attacks increases. Android is among the most used operating systems on mobile devices, with a very significant market share. This system takes advantage of using open source software, relying with a tremendous evolution, however, as in all operating systems, it is necessary to adapt and upgrade it to meet the market demands. With regard to security, Android has some flaws and this added to the number of ordinary users constantly increasing or the need to adapt the system security to a enterprise level, is required to make Android more secure, building mechanisms to ensure user’s privacy. This operating system allows to install applications from a variety of sources, this, and free applications, often implies costs to the user’s privacy since these applications access the private resources that do not require. The aim of this work is to study mechanisms of confinement and illusion offering individual and efficient control over which applications access certain content or physical resource. For this purpose, we create a false profile but coherent and as realistic as possible, granting or denying access to the data we want to applications that attempt to access private information without the need for their normal functioning.O desenvolvimento computacional tem, nos últimos anos, conduzido a uma massificação da utilização de dispositivos móveis, dispositivos estes muito evoluidos não só em poder computacional como também na capacidade de consultar e armazenar todo o tipo de dados e, com isto, a possibilidade de ataque ao sistema e à privacidade do utilizador aumenta. Entre os sistemas operativos mais usados nos dispositivos móveis encontra-se o Android, com uma quota de mercado muito significativa. Este sistema aproveita as enormes vantagens da utilização de código aberto, contando assim com uma evolução tremenda, no entanto, como em todos os sistemas operativos, torna-se necessário adaptar e atualizar o sistema para corresponder às exigências do mercado. No que diz respeito à segurança, o Android tem algumas falhas, e sendo que por um lado, o número de utilizadores comuns não pára de crescer, por outro lado, existe a necessidade de adaptar a segurança do sistema ao mercado empresarial bem como, instituições e organismos governamentais que possuem padrões de segurança elevados. Nesta linha de pensamento, e fazendo uma análise ao sistema operativo, é obrigatório tornar o Android mais seguro construindo mecanismos que permitam zelar pela privacidade do utilizador. Este sistema operativo permite que se instalem aplicações das mais variadas fontes e isto, aliado a uma disponibilização gratuita das mesmas, acarreta muitas vezes custos à privacidade do utilizador já que estas aplicações acedem a recursos privados de que não necessitam. Pretende-se então com este trabalho estudar mecanismos de confinamento e ilusão que ofereçam um controlo individual e eficiente sobre que aplicações acedem a determinado conteúdo ou recurso físico. Criando para esse efeito, um perfil falso e distinto do perfil do utilizador, mas coerente e o mais realista possível, passando apenas as informações desejadas às aplicações que tentam aceder a informações privadas sem que delas necessitem para o seu normal funcionamento

A framework to manage sensitive information during its migration between software platforms

Software migrations are mostly performed by organisations using migration teams. Such migration teams need to be aware of how sensitive information ought to be handled and protected during the implementation of the migration projects. There is a need to ensure that sensitive information is identified, classified and protected during the migration process. This thesis suggests how sensitive information in organisations can be handled and protected during migrations by using the migration from proprietary software to open source software to develop a management framework that can be used to manage such a migration process.A rudimentary management framework on information sensitivity during software migrations and a model on the security challenges during open source migrations are utilised to propose a preliminary management framework using a sequential explanatory mixed methods case study. The preliminary management framework resulting from the quantitative data analysis is enhanced and validated to conceptualise the final management framework on information sensitivity during software migrations at the end of the qualitative data analysis. The final management framework is validated and found to be significant, valid and reliable by using statistical techniques like Exploratory Factor Analysis, reliability analysis and multivariate analysis as well as a qualitative coding process.Information ScienceD. Litt. et Phil. (Information Systems