Related papers: Data Security on Mobile Devices: Current State of the Art, Open Problems, and Proposed Solutions

Data Security on Mobile Devices: Current State of the Art, Open Problems, and Proposed Solutions

URL: http://arxiv.org/abs/2105.12613v1
Date: Wed, 26 May 2021 15:08:42 GMT
Title: Data Security on Mobile Devices: Current State of the Art, Open Problems, and Proposed Solutions
Authors: Maximilian Zinkus, Tushar M. Jois, Matthew Green (Johns Hopkins University)
Abstract summary: We present definitive evidence, analysis, and (where needed) speculation to answer the questions. We examine the two major platforms in the mobile space, iOS and Android. We make recommendations for improving data security on these devices.
Score: 4.1359299555083595
License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
Abstract: In this work we present definitive evidence, analysis, and (where needed) speculation to answer the questions, (1) Which concrete security measures in mobile devices meaningfully prevent unauthorized access to user data? (2) In what ways are modern mobile devices accessed by unauthorized parties? (3) How can we improve modern mobile devices to prevent unauthorized access? We examine the two major platforms in the mobile space, iOS and Android, and for each we provide a thorough investigation of existing and historical security features, evidence-based discussion of known security bypass techniques, and concrete recommendations for remediation. We then aggregate and analyze public records, documentation, articles, and blog postings to categorize and discuss unauthorized bypass of security features by hackers and law enforcement alike. We provide in-depth analysis of the data potentially accessed via law enforcement methodologies from both mobile devices and associated cloud services. Our fact-gathering and analysis allow us to make a number of recommendations for improving data security on these devices. The mitigations we propose can be largely summarized as increasing coverage of sensitive data via strong encryption, but we detail various challenges and approaches towards this goal and others. It is our hope that this work stimulates mobile device development and research towards security and privacy, provides a unique reference of information, and acts as an evidence-based argument for the importance of reliable encryption to privacy, which we believe is both a human right and integral to a functioning democracy.

Related papers

A Survey of Privacy-Preserving Model Explanations: Privacy Risks, Attacks, and Countermeasures [50.987594546912725]
Despite a growing corpus of research in AI privacy and explainability, there is little attention on privacy-preserving model explanations. This article presents the first thorough survey about privacy attacks on model explanations and their countermeasures.
arXiv Detail & Related papers (2024-03-31T12:44:48Z)
Toward an Android Static Analysis Approach for Data Protection [7.785051236155595]
This paper motivates the need to explain data protection in Android apps. The data analysis will recognize personal data sources in the source code. App developers can then address key questions about data manipulation and data manipulation derived data.
arXiv Detail & Related papers (2024-02-12T18:52:39Z)
A Narrative Review of Identity, Data, and Location Privacy Techniques in Edge Computing and Mobile Crowdsourcing [2.5944208050492183]
This review focuses on the need for privacy protection in mobile crowdsourcing and edge computing. We present insights and highlight advancements in privacy-preserving techniques, addressing identity, data, and location privacy. This review also discusses the potential directions that can be useful resources for researchers, industry professionals, and policymakers.
arXiv Detail & Related papers (2024-01-20T19:32:56Z)
Fact-Saboteurs: A Taxonomy of Evidence Manipulation Attacks against Fact-Verification Systems [80.3811072650087]
We show that it is possible to subtly modify claim-salient snippets in the evidence and generate diverse and claim-aligned evidence. The attacks are also robust against post-hoc modifications of the claim. These attacks can have harmful implications on the inspectable and human-in-the-loop usage scenarios.
arXiv Detail & Related papers (2022-09-07T13:39:24Z)
A Non-Intrusive Machine Learning Solution for Malware Detection and Data Theft Classification in Smartphones [0.06999740786886537]
Successful mobile malware attacks could steal a user's location, photos, or even banking information. There is a need besides just detecting malware intrusion in smartphones to also identify the data that has been stolen to assess, aid in recovery and prevent future attacks. We propose an accessible, non-intrusive machine learning solution to not only detect malware intrusion but also identify the type of data stolen for any app under supervision.
arXiv Detail & Related papers (2021-02-12T13:31:27Z)
Privacy and Robustness in Federated Learning: Attacks and Defenses [74.62641494122988]
We conduct the first comprehensive survey on this topic. Through a concise introduction to the concept of FL, and a unique taxonomy covering: 1) threat models; 2) poisoning attacks and defenses against robustness; 3) inference attacks and defenses against privacy, we provide an accessible review of this important topic.
arXiv Detail & Related papers (2020-12-07T12:11:45Z)
Detecting Cross-Modal Inconsistency to Defend Against Neural Fake News [57.9843300852526]
We introduce the more realistic and challenging task of defending against machine-generated news that also includes images and captions. To identify the possible weaknesses that adversaries can exploit, we create a NeuralNews dataset composed of 4 different types of generated articles. In addition to the valuable insights gleaned from our user study experiments, we provide a relatively effective approach based on detecting visual-semantic inconsistencies.
arXiv Detail & Related papers (2020-09-16T14:13:15Z)
Urban Sensing based on Mobile Phone Data: Approaches, Applications and Challenges [67.71975391801257]
Much concern in mobile data analysis is related to human beings and their behaviours. This work aims to review the methods and techniques that have been implemented to discover knowledge from mobile phone data.
arXiv Detail & Related papers (2020-08-29T15:14:03Z)
Mind the GAP: Security & Privacy Risks of Contact Tracing Apps [75.7995398006171]
Google and Apple have jointly provided an API for exposure notification in order to implement decentralized contract tracing apps using Bluetooth Low Energy. We demonstrate that in real-world scenarios the GAP design is vulnerable to (i) profiling and possibly de-anonymizing persons, and (ii) relay-based wormhole attacks that basically can generate fake contacts.
arXiv Detail & Related papers (2020-06-10T16:05:05Z)
A review of information security aspects of the emerging COVID-19 contact tracing mobile phone applications [0.0]
This paper discusses the aspects of data reliability and user privacy for the emerging practice of mobile phone based contact tracing for the COVID-19 pandemic. Various countries and large technology companies have already used or plan to design and use mobile phone based solutions.
arXiv Detail & Related papers (2020-05-31T14:10:14Z)
SeMA: Extending and Analyzing Storyboards to Develop Secure Android Apps [0.0]
SeMA is a mobile app development methodology that builds on existing mobile app design artifacts such as storyboards. An evaluation of the effectiveness of SeMA shows the methodology can detect and help prevent 49 vulnerabilities known to occur in Android apps.
arXiv Detail & Related papers (2020-01-27T20:10:52Z)

This list is automatically generated from the titles and abstracts of the papers in this site.