Android Security Issues A Comprehensive Solution Computer Science Essay

Published:

This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.

Kernel: The kernel is a program that constitutes the central core of a computer operating system. It has complete control over everything that occurs in the system. Android uses Linux kernel [1] .

Malware - Software that gets installed on your machine and performs unwanted tasks, often for some third party's benefit [2] .

Adware - Software that is financially supported (or financially supports another program) by displaying ads when you're connected to the Internet2.

Spyware - Software that surreptitiously gathers information and transmits it to interested parties. Types of information that is gathered includes the Websites visited, browser and system information, and your computer IP address2.

Virus - Software that can replicate itself and spread to other computers or are programmed to damage a computer by deleting files, reformatting the hard disk, or using up computer memory2.

Background

A smartphone redefined the meaning of a phone. A phone used to be a device which could just make and receive calls. Since the beginning of the smartphone era, the difference between a phone and a computer started to vanish. As a matter of fact, the most recent smartphone is way better than the desktop computer we used to use five years ago in terms of performance, resolution, touch screen controls etc. Smartphones are being used for many tasks than for just calling and texting. There are applications for almost everything such as Mobile banking, email, social networking, games, and many more. This increased utilization means that more personal and secure information is available on the phones. Furthermore, the concept of BYOD (Bring Your Own Device) is becoming increasingly popular with the companies. All these make smartphones make them vulnerable and hence, hot targets for the bad guys.

The core of any smartphone is the mobile operating system (OS). There are many mobile operating systems available in the market today and the most popular are Android from Google, iOS from Apple, bada from Samsung, Blackberry OS from RIM, Symbian from Nokia etc. The table below released by comScore shows the top mobile platforms.[1] As it can be seen, out of 121.3 million smartphone users in the U.S., 53.6% use Android, while Apple's iOS occupies 34.3% of the market share. With a market share of over 87% combined, it is so obvious that these two platforms are attacked more often than the rest.

Mobile OS

Share (%) of Smartphone Subscribers

Google

53.6%

Apple

34.3%

RIM

7.8%

Microsoft

3.2%

Nokia

0.6%

Fig 1: Top Smartphone Platforms by Oct'12 [1]

There are 3 reasons why I chose Android over iOS:

Android is an open source platform: This means that the applications that are available on the Internet are not monitored for vulnerabilities. Hackers make use of this loophole to build app containing malicious functions which are difficult to detect. It is up to the users to decide if the app they want to download is malicious or not. Here is the graph that shows the number of malware targeting Android OS in Q2 2012 as per the report by Kaspersky [2]. As it is evident below, the malware levels rose almost threefold in Q2 2012.

http://www.securelist.com/en/images/vlill/q2malware2012_pic01_all.png

Fig 2: The number of malware modifications targeting Android OS [2]

Android has all the tools in place: Google's flexible rules allow any developer or researcher to easily test the apps, root the devices, install the apps and scan the apps for malicious content. However, Apple has strict guidelines and the visibility into the phone or the apps is very limited.

Android is the most popular OS: With over 75% of the market share worldwide [1], Android is the most attacked platform to infiltrate huge information available.

Literature Review

There have been many researchers and security firms working on fixing the flaws in Android operating system. However, none of them prevented the rise in malware and viruses.

Many organizations are actively involved in the Android security research, however, a very limited research have been done by the Universities. Virginia Tech has a number of research projects underway, aimed at securing all levels of the Android operating system [3]. Here are the projects [3]:

Secure Multimode Android: This project focuses on bringing advanced security countermeasures to the Android operating system, and being able to run an Android device with multiple simultaneous modes.

Android Application Security: Virginia Tech has work underway to anti-malware tools that exist within the Android kernel and at the interface points between apps and the operating system.

Detecting Malware with Power Fingerprinting: This project seeks to conduct completely external analysis to identify the presence of malware [3].

Although the objectives of these projects are very interesting and may reduce the malware significantly, all these are work in progress and will have to wait till the results are published.

Security firms like Lookout, Norton etc., have their own commercial apps like Lookout security, Norton Antivirus etc. All these applications play a significant role in blocking most of the significant threats. They have features like Anti-Malware, Anti-Theft, Web Protection etc. But, most of the features are available as part of the premium plan and a user has to pay around $50 an year to use these premium services. Furthermore, there are a few more vulnerabilities, which cannot be detected by these Antivirus agents such as rootkit vulnerabilities, Web Vulnerability scanner, Kernel vulnerability scanner etc. that are the core components of Android security architecture [4]. A user will end up installing all these 10-15 apps shown below to stay protected to a significant extent.G:\Fall'12\Capstone-I\Final PPR\Screenshot_2012-12-13-14-07-32.png

Fig 3. Screenshot from my own Android phone

Google, with the latest Android version, released a malware scanner codenamed "Bouncer" to automatically scan and detect the malicious apps in the market without disrupting user experience [4]. However, researchers probed the vulnerabilities in the software and proved that it could not detect many of the trojans, spyware, and malware [5].

Research Methodology

As has been explained above, most of the research done to reduce Android security issues have been have been effective only to a certain extent. There is no "one app for all" solution to prevent attacks on the vulnerabilities. In my research, I will address this issue by build an app that would perform all the functions as shown in the figure below.

Fig 4: App to solve the above security issues in Android

This project is different from the other security solutions available in the following ways:

The application is free for all the android users and will be made open source after the project. This helps the developers and researchers to contribute and customize as per their needs.

This app will perform all the functions as the premium antivirus apps do. In addition to that, this app looks for vulnerabilities in Kernel, spyware, adware, malicious activities from the apps installed, and most importantly this would look for web vulnerabilities such as SQL injection, cross-site scripting etc., in the browser. Later, it alerts the user to take an action [delete, ignore, quarantine etc.].

The app will procure data form from various sources especially from Android Malware Genome Project, started by researchers of North Carolina State University [6]. This project characterizes the existing malware collected from many parts of the world [6]. These signatures will be used by the app to remove the malware.

Since this is a real-time application, my research methodology would involve creating a laboratory setup with a laptop installed with Android sdk and a phone. Then, I would understand the Security Architecture of Android OS and how applications work based on user input [7]. The next would be to analyze the existing apps and their functionalities. Based on the analysis, I would prepare a plan about the areas where these apps can't scan. The next phase in my research would be to gather all the existing vulnerabilities that affected smartphones and also computers like SQLi etc., from various open source threat intelligence sources available. All the sources, stored in a database saved in the cloud, will then be used to develop the app which communicates with the database that contains the gathered threat intelligence content. I will measure the app by testing the app over multiple Android phones and analyzing the performance based on battery usage, detection rate, notifications and bandwidth usage. Based on the feedback, I would make necessary changes to get a refined end product.

Writing Services

Essay Writing
Service

Find out how the very best essay writing service can help you accomplish more and achieve higher marks today.

Assignment Writing Service

From complicated assignments to tricky tasks, our experts can tackle virtually any question thrown at them.

Dissertation Writing Service

A dissertation (also known as a thesis or research project) is probably the most important piece of work for any student! From full dissertations to individual chapters, we’re on hand to support you.

Coursework Writing Service

Our expert qualified writers can help you get your coursework right first time, every time.

Dissertation Proposal Service

The first step to completing a dissertation is to create a proposal that talks about what you wish to do. Our experts can design suitable methodologies - perfect to help you get started with a dissertation.

Report Writing
Service

Reports for any audience. Perfectly structured, professionally written, and tailored to suit your exact requirements.

Essay Skeleton Answer Service

If you’re just looking for some help to get started on an essay, our outline service provides you with a perfect essay plan.

Marking & Proofreading Service

Not sure if your work is hitting the mark? Struggling to get feedback from your lecturer? Our premium marking service was created just for you - get the feedback you deserve now.

Exam Revision
Service

Exams can be one of the most stressful experiences you’ll ever have! Revision is key, and we’re here to help. With custom created revision notes and exam answers, you’ll never feel underprepared again.