This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.
Over a period of time, Smart Phone Applications have attracted a lot of companies for investment due to their access to vast number of cell phone users.
Different kind of Mobile Phones
Due to the fast internet speed because of 3G and 3.5 G technologies it is much more convenient for users to book their train/flight tickets, use mobile banking services, access GPS information, check out the city alerts etc. through their personal smart phones. As more and more people are shifting to smart phones for using business applications it is obvious that hackers will try to get hold of sensitive data in the smart phones through dummy applications which an innocent user may download considering it as a game or some utility application. More and more hackers are trying to attack through malicious dummy applications as through one application they can reach a vast number of users due to reasons specified before. Moreover due to the vast variety of Smart Phones available in the market running on different types of OS there are no uniform security guidelines followed. Each Smart Phone OS has their own way of dealing with security which may or may not be fully efficient. Through the malicious third party applications installed in the smart phone of which the users may not be aware of, hackers can get hold of all the important contacts, Sms , Mms and can even remotely control all the features of the smart phone.
The smart phone security features can be broadly classified into three major categories :
1) Data privacy and confidentiality
2) Techniques of Access Control
3) Device Based Security.
Data privacy and confidentiality is somewhat managed by using HTTPS, SSL protocols and several data encryption mechanisms. Still these mechanisms are not full proof to ensure that sensitive data being exchanged in the applications is secured. Out of the above three the third one is the main grey area as the smart phones devices can be easily stolen. Locking the sensitive data on device if it gets stolen are the preventive measures currently being adopted. Still there are several ways used by hackers to get hold of sensitive data from a stolen device. Providing safety for on device Information is the most important challenge we face today.
Hence, due to this hot market of smart phone applications ,keeping sensitive and important data in a Smartphone safe is a major area of concern. Thus, Mobile applications require more flexible but stringent and quite optimized security mechanisms to deal with malicious threats.
The main drawback in incorporating strict security features on a smart phone mobile platform is the limited processing power on the same. Due to the limited processing power, more secured mobile applications such as mobile banking, ticketing applications tend to run very slowly on the smart phone causing frustration for the users. Because of this, mobile application developers are using simple cryptographic algorithms such as Bouncy castle algorithms in the applications to improve their performance and compromising on security. Moreover by using advanced cryptographic algorithms in order to make the application more secure, the footprint of the applications increase due to which the number of smart phones supporting the application reduce. Thus to increase the amount of revenue (to increase the number of users) safety measures are sometimes compromised by the mobile application developers. In a plethora of different smart phone applications available, no safety guidelines or precautionary measures are followed by the millions of users while downloading the same. Users must be made aware of the different ways through which the virus can attack the smart phones so that proper care can be taken for the same.
Smart Phone Platform is prone to different kinds of attacks through different mediums. As smart phone OS is accessible to such different kind of protocols, it should adopt separate security mechanisms in order to deal with this variety of threats. The following figure shows the different ways through which virus can attack smart phone OS .
Thus as described in the figure hazardous threats can creep in to the Smart phone while it is connected to a laptop or is connected to another phone through Bluetooth or while it is connected to unsecured Internet services or through a malicious MMS or through a malfunctioning memory card .
Symbian OS has adapted quite stringent security procedures of getting the smart phone applications certified and signed before it can be installed in the smart phone through which it has reduced quite a large number of virus attacks. 
Several Stored Data Encryption Mechanisms are also being adapted by different Smart Phone platforms such as Blackberry, Android in order to secure the sensitive data from the versatile threats. Moreover Different Smartphone Manufacturers are trying to make the users aware about the different techniques to deal with unsigned applications and also developed smart phone software black and white lists .
Gostev has analysed and listed the various different kinds of Mobile malwares and viruses along with their dangerous effects and also discussed several innovative techniques to encounter such harmful viruses (such as for being allowed to use the web the Mobile Os should provide their SIM IDs to Wi-Fi Access Points ).
 describes a power dependent threat detection framework which supervises, catches and analyses quite unknown but dangerous energy related malware. This could have been quite beneficial and effective but it cannot be practically used on all the smart phone platforms.
Thus, through the above points we can see that several measures and initiatives are being taken to strengthen the smart phone platform but still several effective techniques need to be devised and tested in order to secure the smart phone from malicious unsigned applications.
Various Available Smart Phone Platforms:
Out of the vast variety of Smart Phone OS, some of the quite prominent Smart phone OS and their brief explanation is given below:
Symbian OS is an open smart phone platform which supports all the Nokia smartphone devices and major chunk of Motorolla devices and Sony Ericsson Devices. It is an OS which was developed specifically for smartphones. Series S -40 phones are the Symbian phones for CDMA family while Series S-60 phones are the Symbian phones for Nokia.UIQ series is the Symbian Edition for Sony Ericsson Devices.Although Symbian is quite secure platform for smartphone applications ,still there are some security loopholes which I will be addressing further in the report.
Windows Mobile OS
Smart phones supporting Windows Mobile OS have ARM based processor. Windows Mobile OS has been adapted from Windows CE(Compact Edition) which was in turn developed for Embedded Devices. It provides the features of preemptive multitasking and up to 32 processes are supported on the same . The latest version is Windows Mobile 7.0 which has been released in the market. Applications are developed for Windows Mobile OS using Microsoft .Net Framework and Microsoft Visual Studio as the Integrated Development Environment .
Blackberry OS is a proprietary OS which been developed by a company called Research in Motion . It is really very beneficial for the users who require to be connected to the net all the time and want to use their smart phone for business applications. Blackberry Phones have their own exclusive communication networks built through the service provider in order to provide all the advanced features of connectivity like push to talk, very fast internet surfing speeds etc. Through this sound framework users can control their mail boxes on their personal handset. Due to this flexibility in communication for Blackberry Networks, several hackers have tried to attack the architecture but due to the sophisticated signing and certifying mechanisms used by Blackberry, the success rate in such kind of attacks is very less.
Brew Mobile Platform
Brew (Binary Runtime Environment for Wireless) Mobile Platform is a proprietary platform for the Qualcomm CDMA Devices .The hardware in the BREW handsets is customized to be compatible with BREW Platform. BREW applications run as a single threaded process. BREW Mobile platform is quite light weight and requires very little amount of memory for storing the entire OS version.
The iPhone OS is a proprietary OS which has been developed by Apple Inc. for the iphone and ipod devices. Although this OS is quite new but it has attracted a vast number of users due to the sophistication in its User Interface features and a plethora of versatile iphone applications. The usability features are smooth and user friendly as compared to different OS but the security features still require a lot of improvement. Due to the availability of third party iphone applications ,this platform is still quite vulnerable to the different threats posed by such applications.
Palm OS is a proprietary OS developed for Palm manufactured smart phones, PDAs by Palm Inc .Palm handheld devices are currently not much popular in the market due to the limited flexibility provided by the platform. Several measures are currently being taken by Palm Inc. to increase the popularity of the Palm Devices in the market by refurbishing all its features.
Android Mobile Platform
Features of the Android platform will be covered in detail further in this technical report.
Through this project we have highlighted that security is a major area of concern for smart phone application development. We have developed certain applications through which sensitive data can be manipulated and misused indicating the vulnerability of Smart phone OS such as Symbian and Blackberry. We have also discussed the complex security features of Android in detail and developed simple applications to indicate that if security mechanisms are not used stringently then there are several ways to threaten the security model of Android.
Different Java Applications :
Flight Booking Application
Contacts Operation Application
Locations Info Application
Database Operation Application
File Operations Application
Android Smart Phone Platform :
What is Android?
Android is one of the most popular Smart Phone Operating System. Android has been conceptualized considering all the drawbacks of the available mobile platforms such as limited flexibility in application development, versatile available models which makes it difficult for the developers to build similar kind of applications for different handsets supporting the same OS .Open Handset Alliance comprising Google and 33 other companies like HTC, LG, Motorola, Samsung etc. are behind the release of Android .
Features of Android Framework :
Through an Open development platform , Android provide developers the required flexibility to develop versatile and innovative applications for Smartphone. Android Framework comprises of Operating System, Middleware and important applications also with a group of Open Source API libraries (E.g. SQLite,WebKit,OpenGL etc.)for developing mobile applications which can design the look, feel and function of Smart phones. OS kernel(Linux) for Android provides low-level interface with the memory management and process control highly optimized for Smart phones.
Basic Building Blocks of Android Application :
Broad Cast Receivers
Means of Communication between the components :
Android's Security Features
Mobile Applications developed for other platform cannot run on Android but as Android is open source ,users are free to download any OTA application or load any application using USB which makes the OS vulnerable. Each Android application is assigned a Unique User ID , thus creating a sandbox and preventing the same from interacting with other applications and also minimizing the problems of programming flaws. There are four protection levels which are normal, dangerous, signature and signatureorsystem for permissions which can be enforced at different places during an operation of a program . Android uses a simple technique of permission labels or framework to control the interaction with other resources and with special APIs also.
Enforcing Security Features Using Android Manifest.xml
The main drawback or security loophole in Android Platform is that while developing an application if the permissions are not enforced using Android Manifest.xml then such an application can be a threat to the sensitive data on the device or it may misuse the same.
The following screenshot describes the way a customized permission can be developed using AndroidManifest.xml 
Permissions pertaining to an "activity" restrict and secure the way an activity is created; Permissions pertaining to a "service" restrict the way it is created and gets binded to an associate entity; Permissions pertaining to a "Broadcast Receivers" restrict the technique broadcasts are sent to an associated receiver; Permissions pertaining to a "Content Provider" restrict the access to the content.
Thus, Permissions must always be used for interaction between the components in order to secure the access and restrict the resources from the attack of any malicious applications
Android Applications evaluating the security features
When the call is made on the simulator one receiver gets initialized and broadcasts the custom intent which is in turn received by another receiver.
Thus through this project we have indicated the major areas of concern for Smartphone OS such as Symbian ,Blackberry through the unsigned Java applications which can be easily installed in the smartphones and can manipulate the sensitive data as per the developer's convenience. We have also evaluated the security mechanisms of Android Platform and indicated through simple applications that although, Android is quite secure but if the security features of this framework are not used correctly then it gives the opportunity for the threats to creep in. Hence, Smart Phone Security is very important issue in today's times and we are making efforts to improve it by highlighting the loopholes through which threats can creep in and proposing different ways to nullify these defects.
Future Work :