The development of smartphone technology is blossoming at the speed of light, especially over the course of the last five years or so, however, although they are certainly making our lives much easier, smartphones do have some issues and several serious problems developers are constantly facing. The smarter the phone the more glitches it can cause, it would appear.
Advanced computing abilities and connectivity of latest smartphones, have dramatically changed the basis of the computing world, adding a whole new dimension to the computing landscape. Smartphones of today completely run on operating system software which provides a standardized interface and platform for a large number of applications in the marketplaces such as the Apple App Store, Android Market, and Amazon App Store. But with great apps, comes great responsibility.
Hacking Hyenas Lurking In The Dark
Android Market is currently the most popular app store among commercial developers and the users can easily and quickly download new apps and games, with millions of apps being downloaded daily. Now, this popularity and accessibility of smartphone applications has, naturally, drawn the attention of attackers. Studies indicate that the number of malicious applications in app repositories has increased with increasing the rate of downloading apps, which makes privacy and security of apps one of the most important issues for smartphone users.
According to the latest research done by University of New Haven’s Cyber Forensics Research and Education Group, “anyone who uses the affected applications is at risk of confidential data breaches. Depending on the app, user locations, passwords, chat logs, images, video, audio, and sketches can be viewed by people invading the user’s privacy.”
Ibrahim Baggili, assistant professor of computer science at UNH’s Tagliatela College of Engineering, stated his concerns about the fact that private communications can now be seen by third parties and the security of our data might as well be at huge risk.
“Although all of the data transmitted through these apps is supposed to go securely from just one person to another, we have found that private communications can be viewed by others because the data is not being encrypted and the original user hasn’t got a clue.”
So, on the one hand we have the majority of oblivious users who believe that downloading applications from the app repository is secure and risk-free because of the existing security controls in the app repository, and on the other hand, we have skillful attackers waiting for their window of opportunity. Vast majority of smartphone users simply ignore all those annoying security messages during application installation, and the only reason is the lack of security awareness.
This is exactly why ‘educating an average user’ is paramount. The average user needs to enhance their knowledge on the security practices and learn how to run security tests on their own.
Pitfalls And Possible Solutions
Even though some major security companies have already introduced certain security solutions (anti-virus, firewalls, rootkit detectors, intrusion detection system (IDS), etc) these unfortunately cannot stop or prevent the breaches from inside done by using implementation error or user unawareness. So, we have security solutions preventing only outside attacks (like malware treats), with no inside protection.
The answer might just lie in adopting other security mechanisms. Back in 2011, Jeong et al. conducted a research called “A Practical Analysis of Smartphone Security,” which introduced three possible solutions and ways to keep your smartphone secure.
“Add-on application is the easiest way. Smartphone users have to install appropriate applications (like anti-virus or SPAM filtering from appstore) to their smartphone to increase smartphone security. System add-on means system updates. Platform manufacturer and application developer provide updates for their products and this update includes both improvement of functionality and security.
So, smartphone users have to update their smartphone platform and applications periodically for smartphone security. System modification is the most expensive way to improve smartphone security, because it needs kernel configuration. However, this solution can improve entire security of smartphone platform.”
What is also important to mention is that application developers and smartphone users simply must adopt cryptographic technology (application and APIs) in order to increase confidentiality, integrity and security when it comes to smartphones. “The app stores should enforce standards for personal messaging applications that enforce developers to use encryption on those apps,” Baggili stated, and we couldn’t agree more.