Skip to main content
SpringerLink
Log in

A Survey of Android Mobile Phone Authentication Schemes

  • Published:
Mobile Networks and Applications Aims and scope Submit manuscript

Abstract

The Android operating system is the most popular mobile operating system resulting in a great number of applications being developed for the platform. This makes them vulnerable to security threats such as social engineering, shoulder surfing and Malware. Therefore, Android devices require a secure authentication scheme in order to control access to the device. This paper briefly discusses the mobile security threats, the authentication protocols and Android Security. Then the paper presents an analysis of some of the authentication schemes that are used in mobile devices and some of the threats and technical issues faced. Authentication schemes discussed include password/pin, pattern based authentication, fingerprint recognition, facial recognition, vocal recognition and iris based authentication. In discussing the various authentication methods, it was observed that while biometric based authentication schemes offered the greatest level of security, there was always a trade-off between computational complexity and ease of use/implementation/cost that ensured that more traditional authentication schemes, while not as secure as biometric schemes, are still widely used in mobile devices.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5

Similar content being viewed by others

References

  1. Kharpal A (2016) Google Android hits market share record with nearly 9 in every 10 smartphones using it. [Online]. Available: https://www.cnbc.com/2016/11/03/google-android-hits-market-share-record-with-nearly-9-in-every-10-smartphones-using-it.html. [Accessed: 13 May 2018]

  2. Schlöglhofer R, Sametinger J (2012) Secure and usable authentication on mobile devices. In: Khalil I (ed) Proceedings of the 10th International Conference on Advances in Mobile Computing & Multimedia (MoMM ‘12), p 257–262

  3. Hashizume K, Rosado DG, Fernández-Medina E, Fernandez EB (2013) An analysis of security issues for cloud computing. J Internet Serv Appl 4(1):1–13

    Article  Google Scholar 

  4. Nagpal D, Sharma D (2016) Survey on threats attacks and implement ation of security in cloud infrastructure. Int J Res Comput Appl Robot 4(5):55–61

  5. Patel SN, Pierce JS, Abowd GD (2004) A gesture-based authentication scheme for untrusted public terminals. In: Proceedings of the 17th annual ACM symposium on User interface software and technology - UIST ‘04

  6. Maydebura SV, Jeong DH, Yu B (2013) Understanding environmental influences on performing password-based mobile authentication. In: 2013 IEEE 14th International Conference on Information Reuse & Integration (IRI), p 728–731

  7. Greitzer FL, Strozer JR, Cohen S, Moore AP , Mundie D, Cowley J (2014) Analysis of unintentional insider threats deriving from social engineering exploits. In: Proceedings - IEEE Symposium on Security and Privacy, vol. 2014–January, p 236–250

  8. Chantal M, Lee SW, Kim KH (2017) A security analysis and reinforcement design adopting fingerprints over drawbacks of passwords based authentication in remote home automation control system. In: Proceedings of the 6th International Conference on Informatics, Environment, Energy and Applications - IEEA ‘17, New York, New York, USA, p 71–75

  9. Singh V, Sharma K (2016) Smartphone security. In: Proceedings of the Second International Conference on Information and Communication Technology for Competitive Strategies - ICTCS ‘16, New York, New York, USA, p 1–3

  10. Krupskiy A, Blessinga R, Scholte J, Jansen S (2017) Mobile software security threats in the software ecosystem, a call to arms. In: International Conference of Software Business. Springer, Cham, pp 161–175

  11. Shen J, Gui Z, Ji S, Shen J, Tan H, Tang Y (2018) Cloud-aided lightweight certificateless authentication protocol with anonymity for wireless body area networks. J Netw Comput Appl 106:117–123

    Article  Google Scholar 

  12. Lin Q, Yan H, Huang Z, Chen W, Shen J, Tang Y (2018) An ID-based linearly homomorphic signature scheme and its application in Blockchain. IEEE Access 6:20632–20640

    Article  Google Scholar 

  13. Al-Riyami SS, Paterson KG (2003) Certificateless public key cryptography. Springer, Berlin, Heidelberg, pp 452–473

    MATH  Google Scholar 

  14. Li J, Sun L, Yan Q, Li Z, Srisa-an W, Ye H (2018) Significant permission identification for machine learning based android malware detection. In: IEEE Transactions on Industrial Informatics. IEEE. https://doi.org/10.1109/TII.2017.2789219

  15. Schmidt A, Schmidt H, Clausen J, Camtepe A, Albayrak S (2008) Enhancing security of linux-based android devices. In: Proceedings of 15th International Linux Kongress

  16. Android Open Source Project (2017) Android open source project. [Online]. Available: https://source.android.com/. [Accessed: 13-May-2018]

  17. Smalley S, Craig R (2013) Security Enhanced (SE) Android: Bringing Flexible MAC to Android. 20th Annual Network and Distributed System Security Symposium, vol. 310, p 20–38

  18. Rashidi B, Fung C (2015) A survey of android security threats and defenses. JoWUA 6(3):3–35

    Google Scholar 

  19. Ahmed O, Sallow A (2017) Android security: a review. Acad J Nawroz Univ 6(3):135–140

    Article  Google Scholar 

  20. Cai Z, Yan H, Li P, Huang ZA, Gao C (2017) Towards secure and flexible EHR sharing in mobile health cloud under static assumptions. Clust Comput 20(3):2415–2422

    Article  Google Scholar 

  21. Harbach M, De Luca A, Egelman S (2016) The anatomy of smartphone unlocking. In: Proceedings of the 2016 CHI Conference on Human Factors in Computing Systems - CHI ‘16, New York, New York, USA, p. 4806–4817

  22. Nguyen TV, Sae-Bae N, Memon N (2017) DRAW-A-PIN: authentication using finger-drawn PIN on touch devices. Comput Secur 66:115–128

    Article  Google Scholar 

  23. Ye G, Tang Z, Fangy D, Cheny X, Kimz KI, Taylorx B, Wang Z (2017) Cracking android pattern lock in five attempts. In: Proceedings 2017 Network and Distributed System Security Symposium 2017 (NDSS'17), Reston VA

  24. Uddin MN, Sharmin S, Hasnat A, Ahmed S, Hasan E (2011) A survey of biometrics security system. IJCSNS 11(10):16–23

    Google Scholar 

  25. Vazquez-Fernandez E, Gonzalez-Jimenez D (2016) Face recognition for authentication on mobile devices. Image Vis Comput 55:31–33

    Article  Google Scholar 

  26. Jakobsson M, Shi E, Golle P, Chow R (2009) Implicit authentication for mobile devices. USENIX Association

  27. Khan MK, Zhang J, Wang X (2008) Chaotic hash-based fingerprint biometric remote user authentication scheme on mobile devices. Chaos, Solitons Fractals 35(3):519–524

    Article  Google Scholar 

  28. Matsumoto T, Matsumoto H, Yamada K, Hoshino S (2002) Impact of artificial ‘gummy’ fingers on fingerprint systems. In: Proceedings of SPIE Vol. #4677, Optical Security and Counterfeit Deterrence Techniques IV, vol. 4677, p 275–289

  29. Derakhshani R, Schuckers SAC, Hornak LA, O’Gorman L (2003) Determination of vitality from a non-invasive biomedical measurement for use in fingerprint scanners. Pattern Recogn 36(2):383–396

    Article  Google Scholar 

  30. Bourlai T, Hornak LA (2016) Face recognition outside the visible spectrum. Image Vis Comput 55:14–17

    Article  Google Scholar 

  31. Dave G, Chao X, Sriadibhatla K (2010) Face recognition in mobile phones. Department of Electrical Engineering Stanford University, USA

  32. Johnson RC, Scheirer WJ, Boult TE (2013) Secure voice based authentication for mobile devices: vaulted voice verification. Proceedings of SPIE 8712, Biometric and Surveillance Technology for Human and Activity Identification X, 87120P. https://doi.org/10.1117/12.2015649

  33. Gragnaniello D, Sansone C, Verdoliva L (2015) Iris liveness detection for mobile devices based on local descriptors. Pattern Recogn Lett 57:81–87

    Article  Google Scholar 

  34. Kim D, Jung Y, Toh K-A, Son B, Kim J (2016) An empirical study on iris recognition in a mobile phone. Expert Syst Appl 54:328–339

    Article  Google Scholar 

  35. Jung Y, Kim D, Son B, Kim J (2017) An eye detection method robust to eyeglasses for mobile iris recognition. Expert Syst Appl 67:178–188

    Article  Google Scholar 

  36. Nok Nok Labs, Four barriers to adopting strong authentication. [Online]. Available: https://www.noknok.com/sites/default/files/whitepapers/4barrierswhitepaper_0.pdf. [Accessed: 20 Jun 2017]

Download references

Author information

Authors and Affiliations

  1. School of Science Engineering and Technology, Mulungushi University, P.O Box 80415, Kabwe, Zambia

    Douglas Kunda & Mumbi Chishimba

Authors
  1. Douglas Kunda
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Mumbi Chishimba
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Douglas Kunda.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Kunda, D., Chishimba, M. A Survey of Android Mobile Phone Authentication Schemes. Mobile Netw Appl 26, 2558–2566 (2021). https://doi.org/10.1007/s11036-018-1099-7

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11036-018-1099-7

Keywords

Search

Navigation