This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.
Android is one of the best mobile operating system in the present market. Approximately, most of the people are now using the android enable smart mobile phones. In our daily life, we regularly use the email applications, bank applications, and social network applications. The data we use in these applications is very sensitive, personal and important too. Due to the advancement of the mobile operating system technology, some malicious applications can gain access over the user's sensitive, private and social information. This type of applications can gain control of the device itself. One biggest problem is that these modern devices will have continuous internet connectivity through the Wi-Fi or mobile data services. Most of the applications in the market are vulnerable such that they can easily affected Trojans and viruses, which indirectly android mobile security. And also, there are some malicious applications which directly attack the mobile file system. Thereforeitthemandatorytakeprecautionandprovidethebestsecurityforthesemobiledevicesandsecuringthedevices Security should be provided even when the device lost or stolen or damaged. This paper provides a brief insight of security breaches in android operating system level and android applications level. It also provides a successful phenomenon to overcome these security breaches.
In recent years the mobile operating system technology is advancing on the other hand it is getting easily focused for most of the various malicious attacks. According to the latest security surveys, the chance of attacking mobile operating system is becoming more through malicious exploits and executed attacks in 2011. This development can be lead to two important factors: the overwhelming user response to the android operating system and the advancement of android phone technology. Thescopemobiledevicemarketopenlynoticeablethereportsissuedthethatexplainsthestrengththemobilephonetheworld Therefore, android mobile phone technology has been constantly improving over the last decade, and constraints for both hardware and operating systems have limited attacks. Thus, android mobile operating system proves to be a turning point in malicious exploits for devices by providing the high end features and open source functionalities. From this we can observe that the share of the market among the smart phone in the US can surpass 50% of the total mobile devices market share by the end of 2011. This represents that the platform of the mobile devices is getting weaker so that malicious can be attacked easily.
In addition to these standards, now a day's android smart phones are used like personal computers. Sotheattacksapplicablecomputersindirectlyattackthesmartphonesalsovariousways So, the standard threats for computers are also application to the mobile platforms. Most of the applications we use in the android devices are developed by third party providers, so there is a chance for intrusion of various malware and other security issues can rise. The main aim of the attackers is intrude the data rather than using functionalities provided by the android devices.
In this paper i present various security threat models for the android mobile platforms. These models stress on the three key problems in android device security: goals of attackers, attack vectors and mobile malware. This threat models explains various interests and goals of the attackers which in turn leads to identify the types of attacks and area of the attack. In conclusion, the model reflects threat types applicable to android mobile platforms if the offered attack vectors are successfully employed. This paper is also includes the best practices to reduce the security issues in android devices.
2. Android Security Threat Models
This section of the paper present the overview of the challenges faced by mobile devices while the protecting the user private data. This security models are divided in to three types: attack goals, attack vectors and mobile malware, based on the analysis of attacker's goals and interests.
A. Attack Goals
Thefirstgoalsdescribedherelessharmfulwhilethelatterharmful Most of the attacks are type of attacks which perform the operations without the user detection. The use of such attacks is to interrupt the operation of the mobile phone to the possible extent and making activities which are useful to the attacker. On the other hand, harmful attacks are concentrated at disturbing the normal operation of the mobile device.
1) Collecting User's Sensitive Data
Generally, the android devices are now being used for the data storage and hub of the personal data. So they became the primary target for the breaking user's privacy. The main infected area will be the confidentiality and integrity of the stored data. A success attempt to attack can make the attacker read the SMS, MMS messages, electronic mail messages, call logs, and lastly contact details. Furthermoretheattackermakeattemptsendthefakesendandaccessinginformationpersonaldetailscontactsandcalendarevents Personal data located in devices memory, or on SD card, like documents, photos etc. can also be intruded.
2) Utilize Computing Resources
Due the advancement in functionalities in android devices, the attackers focus the attacks with target to the computing power along the broadband access. For example, high end android devices have powerful CPU speed like 1GHz, and random access memory size of 512 MB.
3) Actions with Harmful malicious activity
These actions are generally targeted in producing android device user's discomfort rather on doing useful operations for the attacker. Although this type of attacks are easily discoverable, they stress more at destroying as much as possible. The attacks results in data loss to reducing the android phones battery and other resources like hanging the android mobile phone. Finally, the by doing these attacks, one can make the device dead.
B. Attack vectors
Most of the mobile device platform offer various attack vectors for the supply of malicious content. We divide the attack vectors into four different categories: mobile network services, Internet access, Bluetooth, and access to USB and other peripheral devices.
1) Mobile network services
Android Cell phone services like SMS, MMS and voice phone calls can be used as attack vectors for android mobile devices. This type of attacks is specifically applicable to MMS messages as they support for rich content which makes the work of attacker easy i.e. embedding the hidden XML messages . Even more the android mobile phones even make the phishing attacks even simpler. Generally, there are two low lever phishing attacks over android mobile network are present. They are smishing and vishing. Smishing  is a type of phishing attack which is performed using the SMS messages. Vishing  is another type of phishing attack is carried out using voice calls. By , can user into a . The attacker can then advance sensitive information from the user by acting to be an honest entity, like a bank or protection coverage company.
2) Internet access
Almost all of the android mobile devices can access the Internet technology using Wi-Fi networks or 3G/4G cellular services provided by appropriate mobile network operators. These internet connections offer good browsing experience and also ensure that android devices are exposed to the computer related threats. Themobiledevicesconnectedthebecauseconstantlyswitched However, continuous connection to the Internet helps to make malicious attack at a better successful rate. The attacks will be successful if the device is connected to the public wireless network.
The attacks based upon the Bluetooth technology are used for the mobile to mobile malware transferring. On the successful Bluetooth connection between two android devices, one android device sends the malformed content other android device. In contrast, Bluetooth technology is a limited in the range so we cannot transfer intense malicious content due to several security factors.
4) USB and Other Peripherals
Other than the described attack vectors, android mobile devices will be compromised by using connections such as USB. To synchronize data between the android mobile device and personal computer, most preferred type of connection is USB connection. The attacker also tries to access private information and install the malicious application in the personal computers.
C. Mobile Malware
Meanwhile, the android mobile platform can also be used as personal computers the threats are transferring from personal computers to android mobile devices.
1) Trojan horse
Attacker will gain control over the android mobile device if and only if he installs the malicious mobile applications. These malicious applications will run malicious activities in the background along with running useful operations performed in the foreground. This is process of the Trojan horse, which collect the private data. Other than these Trojan can be used to perform the fatal activities like phishing.
A set of cooperated devices which can be controlled and synchronized remotely are Botnets. In order to promise various activities alternating from sending spam email to binding DOS attacks, this kind of attack policy is used with the computational power of negotiated devices. Waledac  is the best example of a botnet aimed specifically for android mobile devices.
A self-replicating malicious application which is intended to spread the malicious content separately to uninfected systems is Worm. From the introduction of Cabir , the transfer of malicious content in the form of the worm to android mobile platforms had seen more. Cabir is well known worm which is intended to attack mobile device which works on Symbian operating System. Cabir works on the Bluetooth links. The most recent Ikee.B which is for stealing financial data from jail broken iPhones, is surprisingly a worm.
Rootkit is a malicious program which increased privileges to run in a privileged mode. These types of malicious applications will cover their occurrence from the user by adjusting standard operating system operations. Recent research efforts  specify the possibility of this attack policy and classify it as an emerging threat to android mobile security.