Abstract
This paper studies security policies of the Android and iOS software ecosystems. These platforms have experienced security issues since their public release in 2007. This research creates an overview of the results that security issues cause and the actions available to limit security infractions based on scientific literature. Following the overview, this paper attempts to explain premises of those issues by analyzing the security recommendations of both platforms and comparing them to OWASP security guidelines. This is done by comparing development guidelines set up by both platforms and assessing the importance of each of these guidelines in the ecosystem perspective. The conclusion highlights vulnerabilities in the developer guidelines of mobile platforms and recommends appropriate action to improve the situation.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Jansen, S., Finkelstein, A., Brinkkemper, S.: A sense of community: a research agenda for software ecosystems. In: 31st International Conference on Software Engineering-Companion Volume. ICSE-Companion 2009, pp. 187–190 (2009)
Asokan, N., Davi, L., Dmitrienko, A., Heuser, S., Kostiainen, K., Reshetova, E., Sadeghi, A.R.: Mobile Platform Security Synthesis Lectures on Information Security, Privacy, and Trust. Morgan & Claypool Publishers (2013)
Jansen, S., Bloemendal, E.: Defining app stores: the role of curated marketplaces in software ecosystems. In: Herzwurm, G., Margaria, T. (eds.) ICSOB 2013. LNBIP, vol. 150, pp. 195–206. Springer, Heidelberg (2013). doi:10.1007/978-3-642-39336-5_19
Rashidi, B., Fung, C.: A survey of android security threats and defenses. J. Wirel. Mob. Netw. Ubiquitous Comput. Dependable Appl. (JoWUA) 6(3), 3–35 (2015)
Wei, X., Gomez, L., Neamtiu, I., Faloutsos, M.: Permission evolution in the android ecosystem. In: Proceedings of the 28th Annual Computer Security Applications Conference, pp. 31–40. ACM (2012)
Grace, M.C., Zhou, Y., Wang, Z., Jiang, X.: Systematic detection of capability leaks in stock android smartphones. In: NDSS, vol. 14, p. 19 (2012)
Saltzer, J.H., Schroeder, M.D.: The protection of information in computer systems. Proc. IEEE 63(9), 1278–1308 (1975)
Davi, L., Dmitrienko, A., Sadeghi, A.-R., Winandy, M.: Privilege escalation attacks on android. In: Burmester, M., Tsudik, G., Magliveras, S., Ilić, I. (eds.) ISC 2010. LNCS, vol. 6531, pp. 346–360. Springer, Heidelberg (2011). doi:10.1007/978-3-642-18178-8_30
Meng, X., Song, C., Ji, Y., Shih, M.-W., Kangjie, L., Zheng, C., Duan, R., Jang, Y., Lee, B., Qian, C., et al.: Toward engineering a secure android ecosystem: a survey of existing techniques. ACM Comput. Surv. (CSUR) 49(2), 38 (2016)
Mulliner, C., Robertson, W., Kirda, E.: VirtualSwindle: an automated attack against in-app billing on android. In: Proceedings of the 9th ACM Symposium on Information, Computer and Communications Security, pp. 459–470. ACM (2014)
Orikogbo, D., Büchler, M., Egele, M.: CRiOS: toward large-scale iOS application analysis. In: Proceedings of the 6th Workshop on Security and Privacy in Smartphones and Mobile Devices, pp. 33–42. ACM (2016)
Heider, J., El Khayari, E.: iOS keychain weakness FAQ. Frauenhofer Institute for Secure Information Technology (SIT) (2012)
Renard, M.: Practical iOS apps hacking. GreHack 2012. 14 (2012). https://papers.put.as/papers/ios/2012/GreHack-2012-paper-Mathieu_Renard_-_Practical_iOS_Apps_hacking.pdf
Han, J., Yan, Q., Gao, D., Zhou, J., Deng, R.H.: Comparing mobile privacy protection through cross-platform applications (2013)
Felt, A.P., Finifter, M., Chin, E., Hanna, S., Wagner, D.: A survey of mobile malware in the wild. In: Proceedings of the 1st ACM Workshop on Security and Privacy in Smartphones and Mobile Devices, pp. 3–14. ACM (2011)
Miller, C.: Inside iOS code signing. In: Symposium on Security for Asia Network (SyScan) (2011)
Meng, W., Luo, X., Furnell, S., Zhou, J.: Protecting mobile networks and devices: challenges and solutions (2016)
Teufl, P., Zefferer, T., Stromberger, C., Hechenblaikner, C.: iOS encryption systems: Deploying iOS devices in security-critical environments. In: 2013 International Conference on Security and Cryptography (SECRYPT), pp. 1–13. IEEE (2013)
Manikas, K., Hansen, K.M.: Software ecosystems-a systematic literature review. J. Syst. Softw. 86(5), 1294–1306 (2013)
Hoehle, H., Venkatesh, V.: Mobile application usability: conceptualization and instrument development. MIS Q. 39(2), 435–472 (2015)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 Springer International Publishing AG
About this paper
Cite this paper
Krupskiy, A., Blessinga, R., Scholte, J., Jansen, S. (2017). Mobile Software Security Threats in the Software Ecosystem, a Call to Arms. In: Ojala, A., Holmström Olsson, H., Werder, K. (eds) Software Business. ICSOB 2017. Lecture Notes in Business Information Processing, vol 304. Springer, Cham. https://doi.org/10.1007/978-3-319-69191-6_11
Download citation
DOI: https://doi.org/10.1007/978-3-319-69191-6_11
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-69190-9
Online ISBN: 978-3-319-69191-6
eBook Packages: Computer ScienceComputer Science (R0)