Study into the Implications of Smartphone Operating System Security

Recommendations

Info

Study into the implications of Smartphone operating system security What does it protect against? Third-party Smartphone security products are reliant on the security framework (Application Programming Interfaces - APIs) of the platform in terms of what functionality is supported. Each platform will have security APIs that allow some security functionality and features to be supported. As the security model and system architecture of the Smartphone operating system varies between platforms there will be variations in what security functionality can be supported. This means that Apple iOS, BlackBerry and Windows Phone operating systems have limited support for third-party security apps whilst Android offers a richer set of security features to be supported. As a result of this, the bulk of the products and market for third-party Smartphone security apps is for Android devices. In fact, when we talk about the market for Smartphone security apps and services we are in effect talking about the market for Android security apps and services, and to a lesser degree Symbian Smartphones. Some vendors have even taken the strategic step of developing apps and tools primarily for Android. There are a handful of Apple iOS security apps with limited functionality, mainly aimed at the lost and stolen device problem but also including public WiFi protection and cloud backup. Some of these features are add-ons to existing iOS operating system features. For instance from iOS, Apple provided cloud backup and the ‘Find My iPhone’ feature to locate the device if lost and stolen and then to initiate a remote deletion of the data. As with the desktop security business some security vendors will offer a free (the ‘freemium’ model) versions of their security apps. The free versions will include base functionality but still offer basic protection. ANDROID MOBILE SECURITY APPS Android mobile security solutions protect against a wide-variety of threats and commonly they provide the following features (Please note that as this is a competitive market there will be variations to these features): Anti-Malware Anti-Theft (usually associated with some sort of location-based service utilising GPS and includes remote lock and wipe) Data Backup Personal Firewall There are other features that are usually confined to the premium versions that include: File encryption Web browser protection (URL checking against blacklists) QR Code validation Ad network detection (although the legality of this has been questioned) Goode Intelligence © 2013 P a g e | 93 www.goodeintelligence.com
Study into the implications of Smartphone operating system security Privacy controls App reputational services Android mobile security products operate in a similar fashion to their desktop cousins with background processing, where the platform supports it, signature-file checking, regular signature file updates (usually OTA) and checks on messaging, removable media, mobile internet and mobile App installation and execution. How effective are they? There has been debate as to the effectiveness of mobile security apps but it all depends on what you are trying to protect against. Using a locate and wipe app to find a Smartphone after it has been lost and stolen and then to wipe the data on it is a useful utility whether it is a native (part of the operating system) or provided by a third party. Although there have been questions as to how effective these services are and whether they are reliant on the SIM card still being present in the device for location purposes – Note: one of the first things that a phone thief may do is to pull out the SIM card from the device and to disable the WiFi services. The fiercest debate has been around the effectiveness of anti-malware on the device. Executives at Apple and Google have long criticised the anti-virus industry stating that the security of the operating system and ecosystem is more effective at preventing the spread of malicious code. The security vendors themselves will admit that there are problems in running anti-malware services on the Smartphone. In an interview with Rapid 7, a security vendor, their CEO and Founder Giri Sreenivas stated that there is a “weakness in mobile anti-malware products in that they cannot be run in a privileged state on the device restricting their ability to detect all malware and vulnerabilities”. A further problem is with the limited battery life of Smartphones. Lookout Mobile Security’s CTO and Co-Founder, Kevin Mahaffey, told Goode Intelligence that “Smartphone battery life is an issue for us as it prevents us from continuously checking for Malware. We don’t want to drain the battery so we have to resort to other techniques such as scanning for Malware when a user downloads or updates an App”. The German-based independent anti-virus test organisation, AV Test, have been testing Android anti-malware products and their recent study of 22 products was published in January 2013 93 . The good news is that only one of the products failed the test and did not receive the AV Test certificate. The products are tested for protection usability and additional security functions. Top points were awarded to products from TrustGo, Lookout, Symantec and Trend Micro. 93 The full test results can be found here (http://www.av-test.org/fileadmin/pdf/avtest_2013- 01_android_testreport_english.pdf) in PDF format from the AV Test website Goode Intelligence © 2013 P a g e | 94 www.goodeintelligence.com
Page 1 and 2:
www.goodeintelligence.com £ Study
Page 3 and 4:
Study into the implications of Smar
Page 5 and 6:
Page 7 and 8:
Page 9 and 10:
Page 11 and 12:
Page 13 and 14:
Page 15 and 16:
Page 17 and 18:
Page 19 and 20:
Page 21 and 22:
Page 23 and 24:
Page 25 and 26:
Page 27 and 28:
Page 29 and 30:
Page 31 and 32:
Page 33 and 34:
Page 35 and 36:
Page 37 and 38:
Page 39 and 40:
Page 41 and 42:
Page 43 and 44: Study into the implications of Smar
Page 93: Study into the implications of Smar
show all

Study into the Implications of Smartphone Operating System Security

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?