Android and Smartphone Security

Review on Android and Smartphone Security
Abstract
Currently, Android controls the largest market share among operating systems for smartphones. Smartphone users have woken up to the realization that security is an issue that must be kept in mind all the time. The enhancement of performance and increase in features also multiply in tandem with risk such as virus attacks. It is possible that Android could be the most secure operating system, compared to others, currently. There are limited restrictions for developers, however. Such a blank check allows for multiple security concerns for the end-user. This paper explores Android's security model; it is the level of application and the security concerns with the operating system for smartphones.
There is no doubt that Android has exhibited truly modern smartphone features and tweaks. It is a typical open-source program. Applications from Android can use a broad range of software programs, including server and local data, networks, and other applications (Mohini, et al., 2013). To successfully run an open-source platform such as Android, one needs a highly sophisticated and anticipative approach and infrastructure. Android Operating System works with multi-layers of security precautions. It is an ideal platform for an open-source channel. Android incorporates a stack of software, with an Operating System, core application, and middleware in complete form (Kaur & Kaur, 2013).
Millions of mobile gadgets in over 190 countries across the globe use the Android Operating System. Android has been designed with architectural acumen that gives room for continuous improvement from developers from elsewhere. Indeed, the security elements have been designed to remain accommodative to developers. The developers have the window to use the versatile security buffers. There is a lack of familiarity by developers about security that applies by default. The end user's interest drives the design of the Android Operating System and the device itself. It allows users to view how applications work and manage the same applications (Mohini, et al., 2013).
Figure 1 below compiles the security aspects of Android, including what is considered at various levels. Every element assumes that the one below it is appropriately secured. If an Android OS code running as root, with the exception, any process running over the Kernel for Linux is controlled by the Application Sandbox (Mohini, et al., 2013)
Figure 1: Architecture of Android (Mohini, et al., 2013)
Android Security
i. Android is open source, thus, allows developers to enhance it (AOSP, 2013)
ii. The software for Android is for multitasking. Consequently, no software can gain serious access to OS components (AOSP, 2013)
iii. So far, UNIX is the most secure Operating System, and it is what Android uses (AOSP, 2013)
iv. If a developer wishes to publish their application on the open market, they require a unique signature to do so (AOSP, 2013).
v. iv. The developers need a unique signature to publish their application on the market (AOSP, 2013).
vi. Users have an avenue to report suspected security flaws through their Google accounts
vii. For application installation, all must seek clearance from the end-user
Security Concerns that Android Has Faced
Well, Android is not as secure as it appears, the layers of security measures notwithstanding. Some security concerns are apparent:
i. There is no security scan for Android for applications being uploaded on its customer stalls
ii. Some apps have been noted to carry the capacity to exploit the services of other apps installed on the Android system with no prior permission granted
iii. Android's permission security model offers the user the power to decide whether an app is trustworthy or not. The latter model opens many worms because there will be lapses with lay security checks by end-users.
iv. While the open-source is available for trustworthy developers, hackers can access it just as well and easily. Consequently, Android renders itself illegitimate when one wishes to install critical systems.
v. Lastly, the Android system developers give a disclaimer that they cannot be held responsible for security lapses emanating from external storage. In other words, any app on the device can access the data on other apps and the device data in a similar fashion as GSM and IDs for SIM marketers with no permission from the end-user (Mohini, et al., 2013)
Applications function as processes for Linux using their IDs. Therefore they are separated. This means that the vulnerability of one App should not necessarily affect another. Because Android offers IPC mechanisms, which must be secured, there is a second line of enforcement that materializes. Android uses a monitor for reference used to mediate access to the components of applications anchored on user permissions. If an app attempts to access a different component, it must be cleared by the end-user through the end-user permission security gateway. Such permissions must be granted at the time of installation (AOSP, 2013).
Requests for plain text provide leakage of phone identifiers. Phone identifiers function as the fingerprints of the user phones. IMEI is specifically used to track individual phone users. IMEI is embedded in the PII, which is personally identifiable information. Some phone identifiers do not use leads to screen users. It is common for phone users to send phone identifiers to analytic advertiser servers.
Applying advanced tools to find bugs may not reveal the logical security issues such as unwelcome interactions between the phone elements. Given the ever-complex nature of emerging software, it is important for software companies to the security risks related to their code and the tools. They should, therefore, seek to understand the functionality of the program comprehensively to handle the task effectively (Berger, Bunke&Sohr, 2011)
Android Application Security Finding
Android application analysis and the finding are similar to an earlier finding of phone identifiers and location. The framework analysis allows for the observation of risky functionalities in its complex occurrences with the application context. Nevertheless, integrating the technologies into the certification process of an application process calls for overcoming logistical and technical obstacles (Enck, Octeau, McDaniel, and Chaudhuri, 2011). Improving Android devices' security based on Linux algorithms and Open Source APIs could lead to malicious and benign research that could lead to a perfect and secure smartphone platform (Schmidt et al., 2008).
L4Android: This is a generic OS framework for secure smartphones. The title was the signature when they presented a generic OS framework that allows for creating a security system for smartphones. There are three primary elements in the framework. There is a micro-kernel to provide a safe foundation. A user-time runtime platform accompanies it. VMs constitute the third component that encapsulates the current smartphone operating system. They applied the primary elements of their framework on a cellphone X86 and ARM dais. They did a framework evaluation by demonstrating how it works with the available and as an Open source L4 to handle four challenges in the security of smartphones such as secure smartcards and unified corporate and private smartphones (Lackorzynski, Lange, Warg, Liebergeld, Peter, 2011).
Researches identified two fundamental causes of the attacks in WebView: TCB and sandbox weakening. They have demonstrated that the requirement for launching attacks on smartphone software is mature already. They also show that the potential victims are in great numbers. They are growing solutions in their current work. They create solutions to secure WEbView (Luo, Hao, Du, Wang, & Yin, 2011). The users of Android phones need to find a way to establish if the applications are releasing private information to unauthorized recipients. They developed a mapping between API calls and access rights they must be granted to execute. The App, Android Leaks, can analyze 24,350 within 30 hours. The App reduces the application numbers drastically, even the traces that an auditor has t confirm manually (Gibler, Crussell, Erickson & Chen, 2012).
The Open Source software of Android and the programmable framework behavior exposes it to virus attack possibilities. The title considers the fact that Smartphones are battery, memory, and speed constrained, thus, maximizing the use of the cloud to run the reputation index computation of a specific app. The model will alert users on the application risk before its installation by referring to the computed matrix of reputation inbuilt via a specified app. Applications can be grouped as extremely risky, of medium risk, less risk, and genuine. These ratings will all be based on the cloud reputation they have built. The experimental outcomes indicate that some applications should be viewed as highly risky. Thus, users should be warned to avoid installing such applications before improving their security standing by going past the threshold set by the reputation-based model for security (Mohini, et al., 2013).
Privilege Escalation
Threats from privilege escalation are used taking advantage of kernel vulnerabilities of Android that are freely accessible gain higher or complete access to user or application that is a typically protected resource. Such a threat can result from unauthorized events from applications given extra privileges than intended. These can easily trigger sensitive information leakages. To gain access to critical privileges and permissions, the exported components of Android can be exploited (Ahmed & Sallow, 2019).
Colluding
The threat collision is occurring from the user side. Users use a range of applications bearing the same certificate and grant a wide range of permissions that could be sensitive or not. The applications can access all resources after they have been installed. They can get permissions by utilizing an IUD that is shared (Ahmed & Sallow, 2019)..
The danger of malware for smartphones
Android gadgets are complicated, attractive, and vulnerable attacker targets due to their domain that accommodates broad application. The need to strongly protect Android is clear, preferably by using multiple and diverse invasion detection mechanisms. The security model presented runs detection of attacks on servers that are remote and in the cloud location where the phone software is reflected on a virtual machine (Mohini, et al., 2013).
There is also the malware danger facing Smartphones. APIs available publicly can generate fresh malware that extracts a range of private data, including executing an action that is harmful to devices infected. The first and most important data on Smartphones is private data and other cellphones. Thus, if it is lost or modified, it will harm the person that is infected. However, as fewer critical malware show up, considerations of security appear to lose their importance. However, such a stance is a grave mistake. It is wrong to underestimate Smartphone malware because it can cause irreparable damage and loss, not just relating to privacy matters but in a general sense and on security grounds (Schmidt et al., 2008.
SmartSiren: virus detection and alert for smartphones
Just as it is the era of Smartphones, so is the era of viruses. The vulnerability of Smartphones cannot be overemphasized. These devices are vulnerable since they are versatile in their communication options. They are also hard to harness because of their constraints in resources and intermittent connectivity on the network. Consequently, the viruses can spread and cripple smartphone users and cell phone users (Mohini, et al., 2013).
SmartSiren calls for limited assistance from the infrastructure of cellular phones. It comes with a limited cellular Smartphone overhead. Although users can be served well with targeted virus alert service, their privacy is protected too. The SmartSiren effectiveness and feasibility have been confirmed by real implementation and simulations that are driven (Mohini, et al., 2013).
MADAM framework
This framework facilitates the detection of intrusion early. It tracks the malicious activity of malware on the Android platform. The MADAM framework strategy exploits a multilevel methodology, i.e., combining the features at kernel-level and the level at which it is applied. Machine learning techniques drive it. Thus, the initial prototype for Android Smartphone has detected all the 10 real malware that was monitored. It has an effect on the experience of the user owing to the few false generated every day. To our knowledge, the results are a clear improvement to the solutions generated in the previous work; both for enhancing the rate of detection of real malware on android smartphones and also false-positive occurrences (Dini, Martinelli,Saracino&Sgandurra, 2012).
Conclusions
Billions of people are now using smartphones. This means that its usage is growing, and so it is not easy to validate if an application is legitimate or malicious. Therefore, the user must choose whether it is safe to use the application. Note that there are different types of PCs and mobile devices in the resource management mechanism, so not all solutions could be compatible with all the devices (Ahmed & Sallow, 2019). As a result, academic research and anti-malware organizations have many security methods that could help recognize and classify threats that may affect the Android operating system. Going by this proposal, methods differ and could be arranged into several classifications. This is why this paper has looked at many security methods and threats and possible solutions classification.
Note that more than a million Android devices are activated (Mohini, et al., 2013). This is because there are fewer restrictions for the developer, which increases the risk to end-users. This paper has therefore reviewed security issues in Android smartphone OS. Thus integrating technologies in the application certification process may need that you overcome technical and logical challenges. Android avails more security than any other platform could provide. Kirin is working hard to transform Android into an OS that is secure than other platforms for computing platforms for the next generation.
Other than expanding Android smartphones, the number of malware, and the quantity of Android applications, continues to grow every day. However, the malware still exploits the existing security system weakness to access the resources. Therefore, several proposals have been presented to help prevent and control vulnerabilities in the Android platform.
Bibliography
Ahmed, O. & Sallow, A. B., 2019. Android Security: A Review. Academic Journal of Nawroz University.
Android Open Source Project. 2013. Android Security Overview. http://source.android.com/devices/tech/security/index.html.
Android Open Source Project. Security and permissions. 2013. http://developer.android.com/guide/topics/security/permissi ons.html.
Android Open Source Project. 2013. Publishing on GooglePlay. http://developer.android.com/distribute/googleplay/publish/ preparing.html.
Android Open Source Project. 2013. What is Android? http://developer.android.com/about/index.html
Berger B.J., Bunke M., and Sohr K., 2011. An Android Security Case Study with Bauhaus, Working Conference on Reverse Engineering, 179–183.
Dini G., Martinelli F., Saracino A. and Sgandurra D., 2012. MADAM: a multi-level anomaly detector for android malware, http://www.iet.unipi.it/g.dini/research/papers/2012-MMMANCS.pdf
Enck W., Octeau D., McDaniel P., and Chaudhuri S., 2011. A Study of Android Application Security, The 20th USENIX Conference on Security, 21-21.
Gibler, C., Crussell J., Erickson J., and Chen H., 2012. Android Leaks: Automatically Detecting Potential Privacy Leaks In Android Applications on a Large Scale, 5th international conference on Trust and Trustworthy Computing, 291-307.
Kaur, S., and Kaur, M., 2013. Review Paper on Implementing Security on Android Application, Journal of Environmental Sciences, Computer Science and Engineering & Technology, 2(3).
Lackorzynski, A., Lange M., Warg A., Liebergeld S., Peter M., 2011. L4Android: A Generic Operating System Framework for Secure Smartphones, 18th ACM Conference on Computer and Communications Security, 39-50.
Luo, T., Hao H., Du W., Wang Y., and Yin H., 2011. Attacks on WebView in the Android System, 27th Annual Computer Security Applications Conference, 343-352.
Mohini, T., Kumar, S. A. & Nitesh, G., 2013. Review on Android and Smartphone Security. Research Journal of Computer and Information Technology Sciences, 1(6), pp. 12-19.
Schmidt A.D., Schmidt H.G., Clausen J., Camtepe A., Albayrak S., and Yuksel K. Ali and Kiraz O., 2008. Enhancing Security of Linux-based Android Devices, http://www.dailabor.de/fileadmin/files/publications/lk2008-android_security. pdf