U dont want this all things, u want change the topic as mobile security not android security we should discuss about mobile security and add more examples and pictures for 1 ,2 example u mentioned parts. Add more example pictures
and reduce pages to 20 pages and reference that IEEE style. 1
Mobile Security
Student Name
University Affiliation
Course
Professor
Date
2
Abstract
Mobile security is categorized approaches that are used in the provision of security to different
mobile devices. Mobile security has been encouraged due to the increased use of technology in
the organizations and meeting the need of the consumers. Mobile security breaches have
significantly grown since 2004 due to increased use of mobile devices and need for accessing
different personal information. Personal information is known to be very valuable and most of
the time hackers are targeting this information. Android security has been achieved through the
use of different approaches such as App sandbox, authentication, app signing, encryption,
biometrics and also the use of security-enhanced Linux and keystore. There are different
incidences of mobile security breaches that have occurred in the past such as slack attack,
amazon ring neighbor’s app and also ShareIT app. Mobile security breaches tend to have a major
business impact and social impact when it occurs. Some of the impacts that are noted include
psychological effects, increased disruption in organizations, changing the regulatory landscape,
consumer mistrust, revenue losses, damaging organizational reputation and also leading to
intellectual property loss. Hence, it is important that an organization embraces mobile security to
meet the different consumer demands and remain competitive in its operations.
3
Table of Content
Abstract …………………………………………………………………………………………………………………………. 2
Table of Content ……………………………………………………………………………………………………………… 3
Introduction ……………………………………………………………………………………………………………………. 5
Analysis of growth in all mobile security breaches ……………………………………………………………… 6
a) New Zealand ………………………………………………………………………………………………………… 6
b)
Rest of the world ……………………………………………………………………………………………….. 7
Android Security …………………………………………………………………………………………………………….. 9
i.
App sandbox ………………………………………………………………………………………………………… 9
ii. Authentication …………………………………………………………………………………………………….. 10
iii.
App signing …………………………………………………………………………………………………….. 10
iv.
Encryption ………………………………………………………………………………………………………. 10
v.
Biometrics ………………………………………………………………………………………………………….. 10
vi.
Security -Enhanced Linux …………………………………………………………………………………..11
vii.
Keystore …………………………………………………………………………………………………………..11
Explanation or discussion of any security breaches in the past world and any solutions …………..11
Explanation or discussion of any security breaches in News Zealand and compare to the rest of
the worlds and any solutions to these breaches …………………………………………………………………. 12
Business and social impact of mobile security breaches …………………………………………………….. 14
4
Psychological effects …………………………………………………………………………………………………. 14
Increased disruption …………………………………………………………………………………………………… 14
Changing regulatory landscape ……………………………………………………………………………………. 15
Revenue loss …………………………………………………………………………………………………………….. 15
Damaging brand reputation…………………………………………………………………………………………. 16
Losing intellectual property ………………………………………………………………………………………… 16
Conclusion …………………………………………………………………………………………………………………… 16
References ……………………………………………………………………………………………………………………. 18
5
Introduction
In different organizations today, it is notable that different aspects are being implemented
to ensure the organization can meet the different consumer demands. For instance, most
organizations are known to focus on remote working as this has been known to be the new
approach used in different organizations to meet consumer needs. Hence, this has become a new
norm for various organizations, such as healthcare organizations and other organizations, such as
banking (Mendel & Toch,2019). With the increase in the use of mobile devices in the
organization, it is notable that it demands that organizations also focus on improving their
security to ensure that they can meet the different demands of the consumers. This report
discusses mobile security in different organizational settings and why it is significant for all
organizations.
Mobile security has been categorized as a critical approach taken in different
organizations to ensure that the different mobile devices are free from any risks of the dangers of
asset loss or data loss through the use of mobile computers and other communication hardware
(Mos & Chowdhury, 2020). In general, mobile security can be characterized as an approach used
to protect the tablets, smartphones, laptops and any other portable computer devices in an
organization together with the network that they connect to, from different vulnerabilities and
threats related to wireless computing. These activities have been noted in various organizations
due to the increased use of laptops and other portable devices to meet the different demands of
consumers and companies.
In the recent past, securing mobile devices has become vital as the number of different
mobile devices and the manner in which those devices are used in an organization increased
significantly (Husni et al., 2021). It becomes a significant problem for most organizations when
6
different employee-owned devices are featured to be connected to the corporate network. Also,
the increased storage and the use of corporate data on different mobile devices has been known
for increasing the interest of cybercriminals, known for targeting the devices and back-end
systems in an organization so that they can tap into the different mobile malware. Hence, this has
increased the work of the IT departments to ensure that they establish different policies on the
acceptable use of mobile devices and enforce other guidelines that ensure that mobile security is
enhanced in an organization (Mitrea & Borda, 2020). Therefore, without implementing mobile
security measures in any given organization, it is notable that the companies will be very
vulnerable to different malicious software, mobile threats, and data leakages. When security
breaches occur, they significantly affect the organization’s operation, leading to business
disruptions.
Analysis of growth in all mobile security breaches
a) New Zealand
Just as in other parts of the World, it is important to mention that New Zealand faces
different mobile security threats. It demands that organizations are supposed to ensure that they
can protect their data. Different organizations are known to use data in the organization to meet
the demands of the consumers. This has significantly increased the need for the implementation
of mobile security and ensures that cybercriminals are prevented from executing their attacks on
different organizations (Barra et al., 2019). Over the past and present, it is notable that New
Zealand has seen different forms of attacks that have demanded that the organization protect its
data from different forms of attack. Hence, this has seen companies demanding to improve data
security and ensure that mobile security is achieved.
7
In New Zealand, it is featured to data retention is noted to be an emerging issue and a key
issue in various recent domestic and global attacks, such as the Latitude Financial breach. It has
been mentioned that data retention is the sleeping giant of any given data security. Companies
are known for facing different challenges when they try to hold data for a long time. For
instance, companies are supposed to ensure that they do not collect and hold onto different
information for a long time. This is known for leading to more risk to the organization and
customers when companies hold the information for a long time (Bojjagani et al., 2023). It is
known that hackers tend to make their fortune when they hack different data in an organization.
Hence, it is vital that organizations hold data for a short period of time, and the data is supposed
to be useful for meeting the demands of the consumers.
It is also important that agencies should not be focusing on collecting and retaining any
personal information unless it is significant for a lawful reason connected with their activity or
function. It is important that all agencies are supposed to have a personal retention schedule that
is reviewed regularly to ensure that data in the organization cannot be compromised. This is
important as it ensures that the company and the customers do not lose important data due to data
breaches occurring occasionally (Tangari et al., 2021). Hence, data retention has been
categorized as the major reason for increased mobile security breaches in New Zealand.
b) Rest of the World
Significantly, mobile security is known to have become of concern starting June 2004.
This occurred when the professional virus and the worm coder group called 29A were known to
have created a virus called Cabir. This virus was developed for Symbian OS, which was known
to run on an ARM processor. This kind of OS and processor is known to be operating on Nokia
phones (Tangari et al., 2021). This virus is known to have been used for targeting different
8
mobile phones. This was the first virus that was noted for mobile phones. Secondly, the skull was
another form of mobile security threat that was also referred to as Trojan. It was used for
targeting Series 60 mobile phones. This virus is known to have worked by overriding the system
application of the device by creating new files using the same name and same folder.
Thirdly, FakePlayer was also another major virus that was noted in 2010. This was
categorized to be the first wild Android malware that Denis Maslennikov reported. It is known to
have worked through sending SMS messages, and each message is known to have demanded
about $5. It was manually installed by the users on different devices. The application was
referred to as Media Player. In 2016, HummingBad was noted. A Chinese advertising company
created it to generate revenue for the company mentioned above by automatically clicking on the
intrusive ads (Ahmed et al., 2021). Hence, this malware targeted individuals to click on the link.
Figure 1: Mobile Malware Timeline
9
Since 2020, it is notable that mobile security threats have significantly grown for
different reasons. However, one of the major reasons as to why this has grown has been as a
result of the increased remote working in organizations that demands that the organizations work
remotely and also allow employees to bring their own devices to connect to the corporate
network (Ahmed et al., 2021). Also, the escalation of cyberattacks is also known to be a result of
more increased agile hackers and ransomware gangs that are known to be more focused on
exploiting different tools that remote workers use. This has led to increased mobile security
threats noted in different settings.
Android Security
Android security is featured as one of the major forms of security that are applied to
mobile devices to ensure that they meet the consumers’ different demands. Android security is
known to be achieved through different approaches to ensure that mobile devices work in the
most effective manner. With Android, it is notable that protection is thoughtfully built into
everything a user does (Bhat & Dutta, 2019). When a device faces anything bad, such as a bad or
harmful link, it is notable that the user will be alerted and given tips on how to protect the system
from any attacks. Some of the features that are noted in Android to meet security demands
include:
i.
App Sandbox
The Android platform is known for taking benefits of the different Linux user-based
protections for isolating and identifying app resources. Therefore, it is known for working by
assigning a unique user ID (UID) to each application and for running it in its own processes. The
UID is used for setting up a kernel-level App Sandbox.
10
ii.
Authentication
To ensure that authentication is achieved, it is notable that Android works by the use of
the idea of user-authentication-gated cryptographic keys that are known for demanding that
cryptographic key storage and the service provider, together with the user authenticators, are
achieved. On any given device that has a fingerprint sensor, it allows users to scroll one or more
fingerprints and use the same for unlocking the devices and carrying out tasks that one needs to
do. The Gatekeeper subsystem is known for performing different password or pattern
authentication in a more Trusted Execution Environment (TEE).
iii.
App signing
This is an important feature that is known for allowing developers to be able to identify
the author of a given app quickly and updating their application without creating any form of
complicated permissions or interfaces (Bhat & Dutta, 2019). Notably, any app that runs on this
platform should be signed by the particular developer.
iv.
Encryption
Anytime a device is featured to be encrypted, it is notable that all the user-created data
are also encrypted before they are stored on the disk. All reads automatically decrypt data before
transferring it to the calling process (Kumar & Shukla, 2020). Encryption is crucial as it ensures
that no unauthorized users can access the data on this platform.
v.
Biometrics
Android platform is also known for using biometrics to improve authentication into the
device’s different applications and modality-agnostic fashion. This is important as it ensures the
devices are secure and users can use their biometrics to access various applications (Bhat &
Dutta, 2019).
11
vi.
Security -Enhanced Linux
As a key feature of the Android security model, it is known that the platform uses a
Security Enhanced Linux that works by enforcing the mandatory access control (MAC) over all
the processes that take place on the platform (Kumar & Shukla, 2020). Hence, it is essential to
ensure that the processes are secure and cannot easily be accessed.
vii.
Keystore
Android is known for ensuring that they offer a hardware-backed Keystore that helps
provide a key generation, importing, and exporting the asymmetric keys. Also, it works to import
different raw symmetric keys, asymmetric encryption, and decryption with the required padding
modes and other primary keys (Garg & Baliyan, 2021).
Explanation or discussion of any security breaches in the past World and any solutions
With the Android platform, it is notable that different security breaches have been noted.
One of the security breaches is known to have involved Slack. Notably, the shared invite link in
Slack is known to have had a bug present from April 17, 2017, until when it was fixed on July
17, 2022. Notably, the bug is known to have caused the transmission of a hashed version of the
users’ password to another workspace member (Garg & Baliyan, 2021). Notably, the action was
triggered whenever an individual created or revoked a shared invite link. The reaction of Slack
was to make the password reset for all the users that were affected and fix the bug.
Another major security breach noted with mobile security is the Amazon Ring Neighbors
app. The app is known to have allowed users to share neighborhood watch information. Anytime
an individual sounded a safety alarm within the app, it is notable that an individual within a set
radius could be notified about the safety threat. However, despite the big flaw that was noted in
the application, it is notable that the incident tied to the data leak was noted. The parkmobile app
12
is another major data breach incident that was noted in 2021. This was involved with using the
Parkmobile app for cashless parking across the United States (Wodo et al., 2021). The app is
known to have been compromised, revealing more than 21 million personal information of users.
The breach was noted to have been reported by an online tech columnist who noted that the
Russian hackers were selling personal data. The company had encrypted data, and even when the
hackers managed to access the data, they could not get hold of the keys and unlock the different
passwords. Also, no credit card or parking history information was compromised.
ShareIT app is also another mobile application that was compromised. This was a popular
application on Playstore in 2019, and it was featured to have had more downloads. The app is
known to have gained its reputation, making it categorized among the best file-sharing apps due
to its compatibility with different platforms and devices such as macOS, Android, and Windows
(Belanche et al., 2020). However, by 2021, it was noted that the app had flaws that allowed
hackers to conduct malicious attacks on the user’s app easily. Some malicious acts could be
conducted, include Remote Code Execution attack. The developer of the app rectified the flaws
in the application and requested users to update their application. They published a brief
statement on the patch release that addressed the alleged vulnerabilities that were noted in the
application.
Explanation or discussion of any security breaches in New Zealand and comparison to the
rest of the worlds and any solutions to these breaches
Just as across the World, it is notable that different security breaches have been noted in
New Zealand as a result of compromising mobile security. One of the incidents that has been
noted in New Zealand as a result of mobile security breaches has been FluBot malware. It is
13
featured to be spread through text messages on Android phones and is affecting everyone in New
Zealand (Belanche et al., 2020). Some of the messages that were used include:
•
You have received a voicemail.
•
Someone is attempting to share an album of photos with you
•
You have a parcel delivery that is pending
When an individual received the texts, the individuals were asked to click on the link that
led to malware infecting the mobile phone device. An individual will then be notified to have
installed FluBot on their system. FluBot was developed to steal the banking and credit card
information and the contact list of an individual who uploads to a server to continue spreading
the malware. An individual will face financial losses when the device has been infected with the
malware (Al-Delayel, 2022). An individual can easily tell they are at risk when they receive a
suspicious text message asking them to follow a link on their Android phone.
Hence, to prevent this attack, it is notable that an individual is not supposed to click on
the link if they receive a suspicious text message and do not need to install any app or security
updates when the page asks. Also, the users were asked to forward any message to 7726 so that
the sender could be tracked. To mitigate the issue when an individual has been compromised,
they were required to factory reset their device as soon as they noted the issues. This is an
essential approach as it would delete all the data on the phone, including the personal
information of the users (Othman et al., 2022). Also, individuals are supposed to change their
passwords to all their online accounts all the time or regularly, as it will ensure that their
accounts are protected. Also, any individual who notices that their account has been
compromised is supposed to notify the bank immediately so they can take the required
14
immediate action. Hence, this has been categorized as one of the data breaches noted in New
Zealand and compromised more personal information.
Business and social impact of mobile security breaches
With mobile security breaches being common in different settings today, they are known
for having a significant impact on different organizations. Beginning with social impact, it is
notable that mobile security breaches have different impacts on individuals. Some of the
significant social impacts include:
Psychological effects
Mobile security breaches are featured to have a psychological effect on the users, just as
the cybersecurity breaches noted in different settings. For instance, when the UK’s National
Health Service was breached, it is notable that surgeries had to be rescheduled. Mobile security
breaches are known for affecting individuals, leading to increased anxiety. It is important to
consider employees’ daily professionals when discussing cybersecurity or mobile security
breaches (Othman et al., 2022). Hence, mobile security breaches are known for affecting how
individuals think and trust systems; more specifically, they are known for leading to increased
anxiety.
Increased disruption
Mobile security breaches are known for leading to increased disruption in individuals’
different activities. Depending on the different nature of breaches, these disruptions are known to
be wide-ranging or localized but very frustrating for people in different ways. For instance,
ransomware is known for leading to users not to be able to access the different records that they
need or sometimes they are restricted from paying utility bills (Ismail et al., 2021). Hence, the
15
effect of mobile security breaches is that they significantly cause disruption in the provision of
different services.
Changing regulatory landscape
The social impact of mobile security breaches is known to manifest in the changing
regulatory landscape. For instance, in the US, a fractured approach through the different states is
known for increasing pressures on businesses and has significantly had an impact on the
customer experience. Also, in different organizations, Chief Information Security Officers are
forced to change the rules to meet the different innovations that are noted to take place in
different settings (Suma & Haoxiang, 2020). Therefore, organizations are supposed to factor in
different intangible effects of cyber-attacks, and increased vigilance is required to prevent the
attack.
Consumer mistrust
Mobile security breaches are known for tolling on consumer trust. For instance, 4 out of 5
Americans are known to be worried about their information breached during the holidays. This is
known for making different users not trust the use of mobile or computers to accomplish
different tasks (Tao et al., 2020). Also, it has increased the chances of consumers to engage with
different brands that they have experienced any forms of breaches.
Mobile security breaches are also known to have a major business impact when it comes.
Some of the significant business impacts that are noted with mobile security breaches include:
Revenue loss
When a mobile security breach occurs, it is notable that it leads to financial losses to the
organization. Significant losses financial losses are featured to be caused by mobile security
breaches. Most of the studies that have been carried out show that 30% of the businesses that are
16
known for facing mobile security breaches are known to end up losing revenue (Yang et al.,
2019). Hence, this is a significant aspect known with the mobile security breaches occurring in
the different organization settings.
Damaging brand reputation
Mobile security breaches are known for damaging the company’s brand reputation. A
security breach is known for impacting much more than short-term revenues, and the company’s
long-term reputation is also affected. In most cases, it is notable that customers tend to value
their privacy very much. Breaches are known to involve customer payment information that
damages a company’s brand (Chen et al., 2021). Hence, this makes customers hesitant to trust
businesses with any history of poor data security.
Losing intellectual property
Mobile security breaches are known for leading to the loss of intellectual property due to
hackers targeting the strategies, designs, and blueprints. This is noted with different businesses
within the construction and manufacturing industries. However, they are only targeted at 40%, as
60% targets are known for small businesses. This is because small businesses tend to be easier to
attack than large companies (Ahmed et al., 2021). Hence, this has also been a major business
impact for different organizations known to have been attacked, leading to the loss of significant
information.
Conclusion
In conclusion, mobile security has significantly become a concern for different
organizations for different reasons. This has been featured as a result of the increased use of
remote working in organizations and the demand to use technology to gain a competitive
advantage in the manner in which businesses operate. When competitors are able to embrace
17
technology in all that they are doing, it demands that the business can also implement the
technology to meet the different demands of the consumers. Hence, this has called for increased
use of mobile devices to meet the demands of consumers. As businesses are featured to be
implementing and using technology to meet different demands, it is notable that cybercriminals
are also targeting and improving the different approaches that they use to target different mobile
devices. Android security is known to be the standard approach that has been used for achieving
mobile security. This has been achieved through the use of authentication and biometrics, among
other approaches. Mobile security breaches are known to have a significant business and social
impact when they occur in any given environmental setting. Some of the significant impacts
include financial losses and damage to the reputation of the company.
18
References
Ahmed, W., Rasool, A., Javed, A. R., Kumar, N., Gadekallu, T. R., Jalil, Z., & Kryvinska, N.
(2021). Security in next generation mobile payment systems: A comprehensive
survey. IEEE Access, 9, 115932-115950.
Al-Delayel, S. A. (2022). Security Analysis of Mobile Banking Application in Qatar. arXiv
preprint arXiv:2202.00582.
Barra, S., Bisogni, C., Nappi, M., & Ricciardi, S. (2019). F-FID: fast fuzzy-based iris de-noising
for mobile security applications. Multimedia Tools and Applications, 78, 14045-14065.
Belanche, D., Flavian, M., & Perez-Rueda, A. (2020). Mobile apps use and WOM in the food
delivery sector: the role of planned behavior, perceived security and customer lifestyle
compatibility. Sustainability, 12(10), 4275.
Bhat, P., & Dutta, K. (2019). A survey on various threats and current state of security in android
platform. ACM Computing Surveys (CSUR), 52(1), 1-35.
Bojjagani, S., Sastry, V. N., Chen, C. M., Kumari, S., & Khan, M. K. (2023). Systematic survey
of mobile payments, protocols, and security infrastructure. Journal of Ambient
Intelligence and Humanized Computing, 14(1), 609-654.
Chen, L., Dai, Z., Chen, M., & Li, N. (2021, May). Research on the security protection
framework of power mobile internet services based on zero trust. In 2021 6th
International Conference on Smart Grid and Electrical Automation (ICSGEA) (pp. 6568). IEEE.
Garg, S., & Baliyan, N. (2021). Android security assessment: A review, taxonomy and research
gap study. Computers & Security, 100, 102087.
19
Husni, M., Ginardi, R. V. H., Gozali, K., Rahman, R., Indrawanti, A. S., & Senoaji, M. I. (2021).
Mobile security vehicle’s based on internet of things. Journal of Robotics and Control
(JRC), 2(6), 546-551.
Ismail, M., El-Rashidy, N., & Abdel-aziz, N. M. (2021). Mobile cloud database security:
problems and solutions. Fusion: Practice and Applications, 7(1), 15-5.
Kumar, S., & Shukla, S. K. (2020). The state of Android security. Cyber Security in India:
Education, Research and Training, 17-22.
Mendel, T., & Toch, E. (2019). My mom was getting this popup: Understanding motivations and
processes in helping older relatives with mobile security and privacy. Proceedings of the
ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies, 3(4), 1-20.
Mitrea, T., & Borda, M. (2020). Mobile security threats: a survey on protection and mitigation
strategies. In International Conference Knowledge-Based Organization (Vol. 26, No. 3,
pp. 131-135).
Mos, A., & Chowdhury, M. M. (2020, July). Mobile security: A look into Android. In 2020 IEEE
International Conference on Electro Information Technology (EIT) (pp. 638-642). IEEE.
Othman, N. A. A., Norman, A. A., & Kiah, M. L. M. (2021, January). Information system audit
for mobile device security assessment. In 2021 3rd International Cyber Resilience
Conference (CRC) (pp. 1-6). IEEE.
Suma, V., & Haoxiang, W. (2020). Optimal key handover management for enhancing security in
mobile network. Journal of trends in Computer Science and Smart technology
(TCSST), 2(04), 181-187.
20
Tangari, G., Ikram, M., Sentana, I. W. B., Ijaz, K., Kaafar, M. A., & Berkovsky, S. (2021).
Analyzing security issues of android mobile health and medical applications. Journal of
the American Medical Informatics Association, 28(10), 2074-2084.
Tao, C., Guo, H., & Huang, Z. (2020). Identifying security issues for mobile applications based
on user review summarization. Information and Software Technology, 122, 106290.
Wodo, W., Blaskiewicz, P., Stygar, D., & Kuzma, N. (2021). Evaluating the security of electronic
and mobile banking. Computer Fraud & Security, 2021(10), 8-14.
Yang, W., Li, J., Zhang, Y., & Gu, D. (2019). Security analysis of third-party in-app payment in
mobile applications. Journal of Information Security and Applications, 48, 102358.
