A Survey On Security Threats in Mobile Operating Systems and Existing Solutions
A Survey On Security Threats in Mobile Operating Systems and Existing Solutions
Volume 8, Issue 11, November – 2023 International Journal of Innovative Science and Research Technology
ISSN No:-2456-2165
A Survey on Security Threats in Mobile Operating
Systems and Existing Solutions
1 2
K.G.Kaushalya Abeywardhane D.V.D.S.Abeysinghe
Faculty of Computing Faculty of Computing
General Sir John Kotelawala Defence University General Sir John Kotelawala Defence University
Colombo, Sri Lanka Colombo, Sri Lanka
Abstract:- Using electronic devices has shown a [2] Mobile security-related threats such as mobile mali-
significant increase in popularity in recent years all over cious codes are also increasing rapidly. Therefore,
the world. Mobile devices have taken the highest place researchers and other mobile device companies have paid
among other electronic devices. Mobile security threats attention to protecting applications that were developed for
also have become a vast problem with coming new mobile devices from the threats of vulnerabilities of mobile
vulnerabilities of mobile devices. Here I conduct a applications. I will work on this research to reveal the
literature review to recognize the existing threats based existing threats and what are the appropriate solutions and
on different kinds of mobile operating systems and practices to overcome the different kinds of mobile threats.
discuss the existing solutions for those threats. Another When comparing the mobile operating systems, the
objective is to find current authentication methods used popularity of using Android-based mobile devices is higher
by mobile device users to protect mobile devices. in the world including developing countries. [2] Therefore, I
conducted a literature review to find the existing mobile
Keywords:- Mobile, Operating System, Security, Threats. threats which were faced especially Android mobile users
day by day and make a vulnerability analysis of Android-
I. INTRODUCTION based mobile applications and reveal the factors that can
occur in the vulnerability in mobile devices.
The attractive features of the mobile devices are able to
catch the child, teenagers and also elders in same manner.
These features are varies from day by day according to
newest technologies in the world. The mobile devices are
based on different kinds of operating systems: Android,ISO,
etc. and enabled to user to select the mobile devices with
preferred operating system. User have the ability to select
install varies kinds of applications. [15] The different kinds
of social and demo graphical factors such as age [6] and
gender and other technical factors like operating system
features caused the usage of the different kinds of mobile
devices. According to the Ericson mobility report, figure 1
shows the growth of the number of mobile subscribers and
mobile subscriptions year-wise. That also proves that usage
of mobile devices is increasing in billions the year to year.
[7]
Fig 1 Subscriptions and Subscribers (Billion)
II. BACKGROUND OF STUDIES
III. LITERATURE REVIEW
Mobile Devices are considered as their personal device
and use to perform day today operations. Therefore, they According to Kim, the security threats of smart devices
used to store private and sensitive data in mobile devices are increasing because of increasing the usage of smart
without thinking deeper about their security. It is easier to devices in the world. According to his analyzed results,
install different kinds of mobile applications in various vulnerabilities of applications in mobile devices are mostly
kinds of operating systems such as iOS, Android, etc. caused for security threats. He used 9 mobile applications
Nowadays there is a big competition among mobile which were used by public Institutions and companies for
application providers and there are the newest more and security checks experi- ments. He has revealed that mobile
more customized applications in today’s market. Most applications which were used by a public institution have
smartphone users have practiced getting instant services been used in MD5 encryption tools that may be vulnerable
through various kinds of mobile applications by inserting because of a short number of bits of MD5 and they have not
their very sensitive data: bank account numbers, credit card properly managed the sessions of mobile applications also.
numbers and health information, etc. Those kinds of user Then he has proposed to produce various security check
behaviors can also increase the vulnerabilities in this field. methods when developing applications for mobile devices.
IJISRT23NOV2139 www.ijisrt.com 2000
Volume 8, Issue 11, November – 2023 International Journal of Innovative Science and Research Technology
ISSN No:-2456-2165
He has suggested being made those kinds of security checks Around 40 percent of people make their online
applications from the government side. [9] The authors in transac- tions through mobile devices.
[12] have revealed security issues and threats in Android
Operating System-based devices. According to their survey, The researchers have found that the global mobile data
there is a permission-based security mechanism in the traffic has increased by 30 exabytes per month. All these
Android system to regulate the access of third-party Android factors prove that the users of mobile devices are rapidly
applications. That permission-based mechanism is affected developing, and the following details show that mobile
to the security of the device also. They have proven that threats are also increasing with this growth.
there may be information leakage in the Android systems
when users grant resources without caring about any V. MOBILE DEVICE SECURITY
restriction from the OS. CHALLENGES
According to the review, article which was written by The Growth of usage of Mobile Devices is Caused to
Pawel Wichbroth and Lukasz Lysik, they have identified Create Various Kinds of Security Challenges also. There
and analyzed existing threats for mobile devices and best can be Cate- Gorized few Prominent Security
practices for avoiding the mobile threats. They have Challenges because of threats and Vulnerabilities. [10]
analyzed the cur- rent mobile attacks and related security
codes for preventing those mobile attacks. The world Unsafe Data Storage – There may be a huge
economic forum of 2019 has presented 3 technologies: 5G problem when losing a mobile device or affect
networks and infrastructure, artificial intelligence, and bio- mobile application by some malicious code because
metrics technology to prevent mobile threats. [15] of losing sensitive data including personal
According to Nageen Saleem and four others have proposed information: name, address, banking information,
a solution to security threats that occur in the Android social network addresses, work information:
operating system. They have implemented architecture of company name, work position, and other official
quantum key distribution for Android-based op- erating docu- ments. [10]
systems to increase their efficiency of them. According to Mobile Browsing – most of the users use mobile
their system, the quantum key distribution method works as devices because of the feature of mobile browsing.
a guard to the Android operating system and can be used in But normally the users are unable to see the full web
the case of run-time kernel compromise to ensure the address or URL. Therefore, the users are unable to
security of the systems. [13] determine whether the URL or web address is safe
or unsafe. 32
Martin Butler and Rika Butler have done research to Multiple User Login – With the rapid growth of
reveal, how to affect the different kinds of mobile operating usage of social media, its’ single sign-on (SSO)
system users’ behaviors to threat of mobile security. They feature is created insecure status in mobile devices.
have conducted a study to investigate the behavior of mobile Hackers can obtain, login credentials of websites or
users in South Africa and reveal the different kinds of apps when users use the same login for multiple
operating systems like Android, iOS impact user behaviors. social network applications.
According to their analyzing results, the Android operating Client-Side Injection - Client-Side injection: Html
system is used widely all over the world, although there are injec- tion, SQL injection also may be caused by to
technical issues in the Android operating system. There are execution of some malicious programs on mobile
common different kinds of unsafe behavior among Android devices. These kinds of injections can harm target
users. They revealed that there was a considerable difference files or applications on mobile devices.
between users who use different kinds of operating systems
and age, gender, and frequency of mobile phone use are VI. MOBILE THREATS AND
caused to decide the behavior of mobile users. They prove VULNERABILITIES
that threat appraisal and a coping appraisal are influenced
mobile users’ threat avoidance. [2] Both capabilities of the hackers to hack the mobile
oper- ating systems and mobile companies’ security
IV. USAGE OF MOBILE DEVICES mechanisms are widening day by day. Therefore, advanced
mobile security policies should be implemented to protect
According to the Researchers . [7], [5], [3] the following mobile devices from various kinds of mobile threats. Some
Reasons are found to use Mobile Devices and can be kinds of mobile threats can be categorized as follows.
Categorized as follows.
Physical Threats
73 percent of people have used mobile devices to
open emails. Bluetooth –
Around 95 percent of users have logged into their The short-range radio technology (Bluetooth)
Face- book accounts and social media accounts which provides wireless technology for the short-range
from mobile phones. is caused to make many potential threats and
80 percent of people use mobile devices to search vulnerabilities. When two mobile devices connect and
some information from the internet. pair the security PIN, the malicious data can be
IJISRT23NOV2139 www.ijisrt.com 2001
Volume 8, Issue 11, November – 2023 International Journal of Innovative Science and Research Technology
ISSN No:-2456-2165
exchanged from device to device. [1] Mobile Vulnerabilities
Here the attacker recognizes the weak points of mobile
Lost Mobile Devices – applications and then access the flow of the device and start
The malicious applications are in- cluded in the exploits.
lost mobile devices and resold to the market. This will
affect to spread the of malicious programs to the Rootkit - Rootkit malicious infects the mobile
market. [8] operating system by installing applications with
malicious codes to the mobile devices.
Application based Threats Worm - The worm is created copies of itself and
There are more downloadable applications over the spread one device to another device.
internet to perform day-to-day activities through mobile Trojan Horse - Trojan Horse automatically install
devices. The malicious applications are attached to these ma- licious programs to mobile devices and collects
kinds of apps and spread the malicious codes. The users’ sensitive data through those applications.
application-based threats can be categorized as follows.
VII. DEFENSE MECHANISM
Spyware -
These kinds of threats collect users’ data without There should be urgent attention to the current security
knowing their knowledge. Spyware targets to stole problems and security mechanism of mobile devices to
users’ private data including contact lists, financial protect those devices from different kinds of threats.
information, browser history, and call history data. The Therefore, there should be ensured security in all stages
stolen data are used for making financial fraud. [8] of the developing life cycle. Different kinds of user
authentication mechanisms are shown in figure 5. Biometric
Malware – authentication, token-based authentication, and knowledge-
Malware makes some malicious actions after based authentication are the three fundamental approaches to
installed to the mobile devices automatically without all security access. Biometric IDs, physical keys, digital
user approval. These types of threats are caused to certificates, smart cards are used for the above security
make adding charges to phone bills and send unwanted approaches. The problem is that applying those security
messages to users. [8] methods is requiring high memory capacity and requesting
high cost at present.
Vulnerable Applications –
Vulnerable applications make changes that attack
to perform unwanted activities by entering users’
mobile devices. [8]
Privacy Threats –
Some special features in the mobile devices global
positioning system (GPS) help to attacker find the
user’s current location exactly. [11]
Network-based Threats
Some kinds of network-based threats can be
categorized as follows.
Denial of Service Attack (DoS) –
In these types of attacks, the attacker prevents
access to applications on mobile devices. Even one Fig 2 Different Kinds of user Authentication Mechanisms
attacker can make insecure the whole device by using
small effort. VIII. MOBILE SECURITY BEST
PRACTICES OF USERS
Network Exploits –
When the mobile device is connected to the The Best Practices that Mobile users should be followed
internet, the attacker installs malicious software on can be Summarized as follows.
the user’s mobile device without the approval of the
users. Putting multi-factor authentication security
methods: screen lock and unlock with PIN,
Mobile Network Services – fingerprint, and face recognition are considered as
The attacker uses mobile network services: MM, best practices to protect users’ data.
SMS, Voice Calls to gain the users’ sensitive data or It is mandatory to update the mobile operating
business data. [8] systems and mobile applications. Some kinds of
applications provide regular updates to users that
resolve recent vul- nerabilities and mobile threats.
IJISRT23NOV2139 www.ijisrt.com 2002
Volume 8, Issue 11, November – 2023 International Journal of Innovative Science and Research Technology
ISSN No:-2456-2165
Backing up is another approach to prevent data loss
and deletion. Those kinds of activities should be
done on regular basis. The user can backup the
data in private or public cloud storage also
Users can use encryption features to store data on
their mobile devices. Then the authorized persons
only access the data if it is needed. Survey results
which were done by the authors of [14] According
to the analysis report, biometric authentication
methods such as fingerprint, face recognition, and
iris scans provide the highest level of security.
According to the analysis which was done by the
authors in [4], percent of 92 mobile users use a password or
biometric protection to control the security of their
smartphones. Only a percent of 37 mobile respondents
disabled Bluetooth when it is not in use. Only percent of
19, downloaded and installed antivirus software on their Fig 3 Percentages of Security Methods that use
phones. Percent of 14, respondents have downloaded and Mobile Device
installed encryption software on their phones. According to
their analysis, most smartphones are using biometric IX. CONCLUSION
security methods to protect their data in smartphones. That
means smartphone users pay attention to protecting their The mobile application market is growing day by day.
data or smartphones from their closest ones: family Accordingly, the mobile security authentication mechanism
members, friends, etc. They have no proper knowledge also has more strength to protect mobile devices from at-
about the vulnerabilities which come from using the internet tackers and hackers. Therefore, it is the responsibility of
or paring files via Bluetooth etc. Even they have not enough mobile device operators to apply proper security
knowledge of what is the reason for updating the mobile mechanisms for mobile operating systems. They should
operating systems. According to the survey report which make a mobile operating system with mandatory security
was published by [15], they revealed the following features which must be followed by the mobile device users.
percentages of security methods (shown in figure 3) that use As well as it is the responsibility of every mobile user to
mobile device users for their data protection. This research practice authentication methods to protect their sensitive
analysis shows that most mobile device users (percent 53.3), data on mobile devices. Another factor is that all mobile
follow biometric security methods to protect their mobile users do have not proper knowledge about the security of
devices. Mobile de- vices are handheld devices. Therefore, the sensitive data which they stored on their mobile
most users follow less time-consuming security methods to devices. They used to get the service of mobile apps:
protect their data in those devices without thinking about mobile banking apps, online transaction apps only.
their security level of them. Another point is that when using Therefore, mobile developers or platform designers have
biometric security methods, the users do not memorize the more than half of the respondents to you, persons, mobile
PIN pattern or passwords. Those reasons are also affected to apps users follow security methods automatically. They
follow biometric security methods to protect the data in should understand the behaviors, and perceptions of mobile
mobile devices. The biometric technology does not need device users and implemented suitable security methods to
unnecessary effort to memorize the PIN or passwords. maintain the security and privacy of the data of users.
Additionally, biometric security methods cannot be forged. Mobile device users are on different levels. They have
But passwords and PINs can be stolen by hackers. Biometric various distances in technology or education. Therefore, by
security methods have a high ROI value thereby the considering those kinds of factors platform designers and
organization can minimize the risk of a corporate security application developers should apply some security features
breach. Those reasons are also affected to follow biometric to operating system levels or application levels or give the
security methods to protect the data in mobile devices. ability to install some plugins simply to users. This paper
presented and analyzed the mobile security challenges at
present and presented a comparison between different
authentication methods. According to the literature review,
the biometric authentication techniques guar- antee the
highest level of security comparing various security
mechanisms. The biometric authentication mechanism is
easier to capture and measure the biometric features of a
single person quickly. According to the conclusion of the
World Economic Forum of 2019, [4-106] the three
technologies: 5G network and infrastructure convergence,
artificial intelligence, and biometrics for overcoming the
cybercrime in future.
IJISRT23NOV2139 www.ijisrt.com 2003
Volume 8, Issue 11, November – 2023 International Journal of Innovative Science and Research Technology
ISSN No:-2456-2165
REFERENCES
[1]. Abhijit Bose and Kang G Shin. On mobile viruses
exploiting messaging and bluetooth services. In
2006 Securecomm and Workshops, pages 1–10.
IEEE, 2006.
[2]. Martin Butler and Rika Butler. The influence of
mobile operating systems on user security behavior.
In 2021 IEEE 5th International Conference on
Cryptography, Security and Privacy (CSP), pages
134–138. IEEE, 2021.
[3]. Asad Butt. 101 mobile marketing statistics and trends
for 2020. January 2021.
[4]. Amita G Chin, Philip Little, and Beth H Jones. An
analysis of smartphone security practices among
undergraduate business students at a regional
public university. International Journal of
Education and Development Using Information and
Communication Technology, 16(1):44–61, 2020.
[5]. Blue Corona. 75+ mobile marketing statistics for
2020 and beyond. December 2019.
[6]. Amit Das and Habib Ullah Khan. Security behaviors
of smartphone users. Information & Computer
Security, 2016.
[7]. SE-164 80 Stockholm Ericsson. Ericsson mobility
report:subscriptions mobile data traffic co-written
articles. May 2019.
[8]. Jalaluddin Khan, Haider Abbas, and Jalal Al-
Muhtadi. Survey on mobile user’s data privacy
threats and defense mechanisms. Procedia Computer
Science, 56:376–383, 2015.
[9]. Hee Wan Kim. A study on the mobile application
security threats and vulnerability analysis cases.
International Journal of Internet, Broadcasting and
Communication, 12(4):180–187, 2020.
[10]. Andrea Pasquinucci. The security challenges of
mobile devices. Com- puter Fraud & Security,
2009(3):16–18, 2009.
[11]. Bruce Potter. Mobile security risks: ever evolving.
Network Security, 2007(8):19–20, 2007.
[12]. Bahman Rashidi and Carol J Fung. A survey of
android security threats and defenses. J. Wirel. Mob.
Networks Ubiquitous Comput. Dependable Appl.,
6(3):3–35, 2015.
[13]. Nageen Saleem, Areeba Rahman, Muhammad
Rizwan, Shahid Naseem, and Fahad Ahmad.
Enhancing security of android operating system
based phones using quantum key distribution. EAI
Endorsed Transac- tions on Scalable Information
Systems, page e10, 2020.
[14]. M Sujithra. A survey on mobile device threats,
vulnerabilities and their defensive mechanism.
2012.
[15]. Paweł Weichbroth and Łukasz Łysik. Mobile
security: Threats and best practices. Mobile
Information Systems, 2020, 2020.
