SECURITY CONTROLS AGAINST MOBILE APPLICATION THREATS

Abstract

In the ever developing world of technology, mobile applications are increasing day by day alongside with mobile cyber threats. This fact is valid as a result of shifts from e-government to m-government and classical e-business to m-business solutions. Therefore the electronic structure of government services can be accessed from mobile apps using mobile signatures. The main threat is personal data that can be captured by malicious codes and hence dangerous results can be faced. In this paper, malicious software and security techniques of the mobile applications are analyzed in addition to protection systems from user, developer aspects and even Google Play. The main issue of this paper is providing sets of counter controls for covering vulnerabilities of mobile applications.

Keywords

• Cyber security,
• Android application security
• malicious software, mobile security.

SECURITY CONTROLS AGAINST MOBILE APPLICATION THREATS

Abstract

Sürekli gelişen teknoloji dünyasında mobil siber tehditlerle birlikte mobil uygulamalar da gün geçtikçe artmaktadır. Bu gerçek, e-devletten m-devlete ve klasik e-ticaretten m-iş çözümlerine geçişlerin bir sonucu olarak geçerlidir. Bu nedenle, devlet hizmetlerinin elektronik yapısına mobil imzalar kullanılarak mobil uygulamalardan erişilebilir. Ana tehdit, kötü niyetli kodlar tarafından ele geçirilebilen ve dolayısıyla tehlikeli sonuçlarla karşılaşılabilen kişisel verilerdir. Bu çalışmada kullanıcı, geliştirici ve hatta Google Play'den koruma sistemlerine ek olarak mobil uygulamaların zararlı yazılımları ve güvenlik teknikleri incelenmiştir. Bu makalenin ana konusu, mobil uygulamaların güvenlik açıklarını kapatmak için bir dizi karşı kontrol sağlamaktır.

Keywords

• Siber güvenlik
• Android uygulama güvenliği,
• kötü amaçlı yazılım, mobil güvenlik.

References

1. [1] T. Vidas, N. Christin, and L. F. Cranor, Curbing Android Permission Creep, in In Proceedings of the 2011 Web 2.0 Security and Privacy Workshop (W2SP 2011), 2011.
2. [2] P. Felt, E. Chin, S. Hanna, D. Song, and D. Wagner, Android permissions demystified, in Proceedings of the 18th ACM conference on Computer and communications security - CCS 11, 2011, p. 627.
3. [3] Dynamic Analysis vs. Static Analysis, Intel, 2013. [Web]. Retrieved from: https://software.intel.com/sites/products/documentati on/doclib/
4. [4] Burguera, U. Zurutuza, and S. Nadjm-Tehrani, Crowdroid: behavior-based malware detection system for Android, Science (80-. )., pp. 1525, 2011
5. [5] M. Grace, Y. Zhou, Q. Zhang, S. Zou, and X. Jiang, RiskRanker: Scalable and Accurate Zero-day Android Malware Detection, in Proceedings of the 10th international conference on Mobile systems, applications, and services - MobiSys 12, 2012, pp. 281294.
6. [6] G. Portokalidis, P. Homburg, K. Anagnostakis, and H. Bos, Paranoid Android: Versatile Protection For Smartphones, in Annual Computer Security Applications Conference (ACSAC), 2010, pp. 347 356.
7. [7] M. Guido, J. Ondricek, J. Grover, D. Wilburn, T. Nguyen, and A. Hunt, Automated identification of installed malicious Android applications, Digit. Investig., vol. 10, pp. 96104, 2013.
8. [8] G. Dini, F. Martinelli, A. Saracino, and D. Sgandurra, MADAM: A Multi-level Anomaly Detector for Android Malware, in Computer Network Security, vol. 7531, I. Kotenko and V. Skormin, Eds. Berlin, Heidelberg: Springer Berlin Heidelberg, 2012, pp. 240 253.

9. [9] Barrera, P. C. Van Oorschot, and A. Somayaji, A Methodology for Empirical Analysis of Permission-Based Security Models and its Application to Android Categories and Subject Descriptors, in Proceedings of 17th ACM Conference on Computer and Communications Security, 2010, pp. 7384.
10. [10] D.-J. Wu, C.-H. Mao, T.-E. Wei, H.-M. Lee, and K.P. Wu, DroidMat: Android Malware Detection through Manifest and API Calls Tracing, in 2012 Seventh Asia Joint Conference on Information Security, 2012, pp. 6269.
11. [11] Butler, M. (2011). Android: Changing the Mobile Landscape. IEEE Pervasive Computing, 10(1), pp.4-7.
12. [12] Holla, S. and Katti, M. (2012). Android Based Mobile Application Development and its Security. International Journal of Computer Trends and Technology, 3(3), pp.486-490. http://ijcttjournal.org/Volume3/issue-3/IJCTT-V3I3P130.pdf
13. [13] Arslan, B., Gunduz, M. and Sagiroglu, . (2014). Current Mobile Threats and Precautions to Be Taken.
14. [14] Kabakus, A., Dogru, I. and Cetin, A. (2015). Android Malware Detection and Protection System. Erciyes University Journal of the Institute of Science and Technology, 31(1), pp.9-16.
15. [15] Gokce, K., Sahinaslan, E. and Dincel, S. (2014). Cyber Security Approach in Mobile Life. 7th International Conference on Information Security and Cryptology.
16. [16] (March, 2017). Android Security 2016 Year In Review. Google.
17. [17] (2016). Mobile Threat Report Whats on the Horizon for 2016. Intel Security.
18. [18] https://www.owasp.org/index.php/OWASP_Mobile_Security_Project#Secure_M-Development
19. [19] https://www.owasp.org/index.php/OWASP_Mobile_Security_Project#Top_10_Mobile_Risks
20. [20] He, D., Chan, S., & Guizani, M. (2015). Mobile application security: malware threats and defenses. IEEE Wireless Communications.
21. [21] Rygaard, C. A. (2006). Patent No. Mobile application peer-to-peer security system and method. US 7046995 B2.
22. [22] Swarnpreet Singh Saini, R. B. (2012). Architecture of Mobile application, Security issues and Services involved in Mobile Cloud Computing Environment. IJCER.
23. [23] https://mbatraveller.wordpress.com/
24. [24] White Paper of 2017 Application Security Research http://files.asset.microfocus.com/9395/en/9395.pdf