Abstract

Among the most significant smartphone operating systems that have arisen recently is Google’s Android framework. Google’s Android is a software framework for mobile communication devices. The Android framework includes an operating system, middleware and a set of key applications. Designed as open, programmable, networked devices, Android is vulnerable to various types of threats. This paper provides a security assessment of the Android framework and the security mechanisms incorporated into it. In addition, a review of recent academic and commercial solutions in the area of smartphone security in general and Android in particular is presented.

Keywords

Mobile devices Google Android Security 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Piercy, C.: Embedded devices next on the virus target list. Electronic Systems and Software 2(6), 42–43 (2005)CrossRefGoogle Scholar
  2. 2.
    Frost, Sullivan: World mobile anti-malware products markets. Frost and Sullivan Report # M154-74 (2007)Google Scholar
  3. 3.
    Papathanasiou, C., Percoco, N.J.: This is not the droid you’re looking for. In: DEF CON 18 (2010)Google Scholar
  4. 4.
    Pelino, M.: Predictions 2010: Enterprise Mobility Accelerates Again. Forrester (2009)Google Scholar
  5. 5.
    Lawton, G.: Is It Finally Time to Worry about Mobile Malware? Computer 41(5), 12–14 (2008)CrossRefGoogle Scholar
  6. 6.
    Enck, W., Ongtang, M., McDaniel, P.: Understanding Android Security. IEEE Security and Privacy 7(1), 50–57 (2009)CrossRefGoogle Scholar
  7. 7.
    Burns, J.: Developing Secure Mobile Applications for Android. Technical Report, iSEC (2008)Google Scholar
  8. 8.
    Shabtai, A., Fledel, Y., Kanonov, U., Elovici, Y., Dolev, S., Glezer, C.: Google Android: A Comprehensive Security Assessment. IEEE Security and Privacy 8(2), 5–44 (2010)CrossRefGoogle Scholar
  9. 9.
    Shabtai, A., Fledel, Y., Kanonov, U., Elovici, Y., Dolev, S.: Google Android: A State-of-the-Art Review of Security Mechanisms. CoRR abs/0912.5101 (2009)Google Scholar
  10. 10.
  11. 11.
    Emm, D.: Mobile Malware – New Avenues. Network Security 2006(11), 4–6 (2006)CrossRefGoogle Scholar
  12. 12.
    Schmidt, A.D., et al.: Enhancing Security of Linux-based Android Devices. In: 15th International Linux Kongress, Germany (2008)Google Scholar
  13. 13.
    Shabtai, A., Kanonov, U., Elovici, Y.: Intrusion Detection on Mobile Devices Using the Knowledge Based Temporal-Abstraction Method. Journal of Systems and Software 83(8), 1524–1537 (2010)CrossRefGoogle Scholar
  14. 14.
    Shabtai, A., Elovici, Y.: Applying Behavioral Detection on Android-Based Devices. In: Cai, Y., Magedanz, T., Li, M., Xia, J., Giannelli, C. (eds.) Mobilware 2010. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol. 48, pp. 235–249. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  15. 15.
    Shabtai, A., Fledel, Y., Elovici, Y.: Securing Android-Powered Mobile Devices Using SELinux. IEEE Security and Privacy 8(3), 36–44 (2010)CrossRefGoogle Scholar
  16. 16.
    Ni, X., Yang, Z., Bai, X., Champion, A.C., Xuan, D.: DiffUser: Differentiated User Access Control on Smartphones. In: Proceedings of the 5th IEEE International Workshop on Wireless and Sensor Networks Security (2009)Google Scholar
  17. 17.
    Nauman, M., Khan, S.: Design and Implementation of a Fine-grained Resource Usage Model for the Android Platform. To appear in International Arab Journal of Information Technology (2010)Google Scholar
  18. 18.
    Enck, W., Ongtang, M., McDaniel, P.: On lightweight mobile phone application certification. In: Proceedings of Computer and Communications Security Conference, pp. 235–245 (2009)Google Scholar
  19. 19.
    Ongtang, M., McLaughlin, S., Enck, W., McDaniel, P.: Semantically Rich Application-Centric Security in Android. In: Proceedings of the 25th Annual Computer Security Applications Conference, Honolulu, Hawaii (2009)Google Scholar
  20. 20.
    Shabtai, A., Fledel, Y., Elovici, Y.: Automated Static Code Analysis for Classifying Android Applications Using Machine Learning. In: International Conference on Computational Intelligence and Security, Nanning, China (2010)Google Scholar
  21. 21.
    Chaudhuri, A.: Language-Based Security on Android. In: Proceesings of the ACM Workshop on Programming Languages and Analysis for Security, pp. 1–7 (2009)Google Scholar
  22. 22.
    Mulliner, C., Miller, C.: Fuzzing the Phone in your Phone, Black Hat USA (2009)Google Scholar

Copyright information

© ICST Institute for Computer Science, Social Informatics and Telecommunications Engineering 2012

Authors and Affiliations

  • Yuval Fledel
    • 1
  • Asaf Shabtai
    • 1
  • Dennis Potashnik
    • 1
  • Yuval Elovici
    • 1
  1. 1.Deutshce Telekom LaboratoriesBen-Gurion UniversityBeer-ShavaIsrael

Personalised recommendations