Data Security on Mobile Devices: Current State of the Art, Open Problems, and Proposed Solutions

• URL: http://arxiv.org/abs/2105.12613v1
• Date: Wed, 26 May 2021 15:08:42 GMT
• Title: Data Security on Mobile Devices: Current State of the Art, Open Problems, and Proposed Solutions
• Authors: Maximilian Zinkus, Tushar M. Jois, Matthew Green (Johns Hopkins University)
• Abstract summary: We present definitive evidence, analysis, and (where needed) speculation to answer the questions. We examine the two major platforms in the mobile space, iOS and Android. We make recommendations for improving data security on these devices.
• Score: 4.1359299555083595
• License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
• Abstract: In this work we present definitive evidence, analysis, and (where needed) speculation to answer the questions, (1) Which concrete security measures in mobile devices meaningfully prevent unauthorized access to user data? (2) In what ways are modern mobile devices accessed by unauthorized parties? (3) How can we improve modern mobile devices to prevent unauthorized access? We examine the two major platforms in the mobile space, iOS and Android, and for each we provide a thorough investigation of existing and historical security features, evidence-based discussion of known security bypass techniques, and concrete recommendations for remediation. We then aggregate and analyze public records, documentation, articles, and blog postings to categorize and discuss unauthorized bypass of security features by hackers and law enforcement alike. We provide in-depth analysis of the data potentially accessed via law enforcement methodologies from both mobile devices and associated cloud services. Our fact-gathering and analysis allow us to make a number of recommendations for improving data security on these devices. The mitigations we propose can be largely summarized as increasing coverage of sensitive data via strong encryption, but we detail various challenges and approaches towards this goal and others. It is our hope that this work stimulates mobile device development and research towards security and privacy, provides a unique reference of information, and acts as an evidence-based argument for the importance of reliable encryption to privacy, which we believe is both a human right and integral to a functioning democracy.

Related papers

• A Survey of Privacy-Preserving Model Explanations: Privacy Risks, Attacks, and Countermeasures [50.987594546912725]
  Despite a growing corpus of research in AI privacy and explainability, there is little attention on privacy-preserving model explanations. This article presents the first thorough survey about privacy attacks on model explanations and their countermeasures.
  arXiv  Detail & Related papers  (2024-03-31T12:44:48Z)
• Toward an Android Static Analysis Approach for Data Protection [7.785051236155595]
  This paper motivates the need to explain data protection in Android apps. The data analysis will recognize personal data sources in the source code. App developers can then address key questions about data manipulation and data manipulation derived data.
  arXiv  Detail & Related papers  (2024-02-12T18:52:39Z)
• Blockchain-based Zero Trust on the Edge [5.323279718522213]
  This paper proposes a novel approach based on Zero Trust Architecture (ZTA) extended with blockchain to further enhance security. The blockchain component serves as an immutable database for storing users' requests and is used to verify trustworthiness by analyzing and identifying potentially malicious user activities. We discuss the framework, processes of the approach, and the experiments carried out on a testbed to validate its feasibility and applicability in the smart city context.
  arXiv  Detail & Related papers  (2023-11-28T12:43:21Z)
• Fact-Saboteurs: A Taxonomy of Evidence Manipulation Attacks against Fact-Verification Systems [80.3811072650087]
  We show that it is possible to subtly modify claim-salient snippets in the evidence and generate diverse and claim-aligned evidence. The attacks are also robust against post-hoc modifications of the claim. These attacks can have harmful implications on the inspectable and human-in-the-loop usage scenarios.
  arXiv  Detail & Related papers  (2022-09-07T13:39:24Z)
• A Non-Intrusive Machine Learning Solution for Malware Detection and Data Theft Classification in Smartphones [0.06999740786886537]
  Successful mobile malware attacks could steal a user's location, photos, or even banking information. There is a need besides just detecting malware intrusion in smartphones to also identify the data that has been stolen to assess, aid in recovery and prevent future attacks. We propose an accessible, non-intrusive machine learning solution to not only detect malware intrusion but also identify the type of data stolen for any app under supervision.
  arXiv  Detail & Related papers  (2021-02-12T13:31:27Z)
• Privacy and Robustness in Federated Learning: Attacks and Defenses [74.62641494122988]
  We conduct the first comprehensive survey on this topic. Through a concise introduction to the concept of FL, and a unique taxonomy covering: 1) threat models; 2) poisoning attacks and defenses against robustness; 3) inference attacks and defenses against privacy, we provide an accessible review of this important topic.
  arXiv  Detail & Related papers  (2020-12-07T12:11:45Z)
• Detecting Cross-Modal Inconsistency to Defend Against Neural Fake News [57.9843300852526]
  We introduce the more realistic and challenging task of defending against machine-generated news that also includes images and captions. To identify the possible weaknesses that adversaries can exploit, we create a NeuralNews dataset composed of 4 different types of generated articles. In addition to the valuable insights gleaned from our user study experiments, we provide a relatively effective approach based on detecting visual-semantic inconsistencies.
  arXiv  Detail & Related papers  (2020-09-16T14:13:15Z)
• Urban Sensing based on Mobile Phone Data: Approaches, Applications and Challenges [67.71975391801257]
  Much concern in mobile data analysis is related to human beings and their behaviours. This work aims to review the methods and techniques that have been implemented to discover knowledge from mobile phone data.
  arXiv  Detail & Related papers  (2020-08-29T15:14:03Z)
• Mind the GAP: Security & Privacy Risks of Contact Tracing Apps [75.7995398006171]
  Google and Apple have jointly provided an API for exposure notification in order to implement decentralized contract tracing apps using Bluetooth Low Energy. We demonstrate that in real-world scenarios the GAP design is vulnerable to (i) profiling and possibly de-anonymizing persons, and (ii) relay-based wormhole attacks that basically can generate fake contacts.
  arXiv  Detail & Related papers  (2020-06-10T16:05:05Z)
• A review of information security aspects of the emerging COVID-19 contact tracing mobile phone applications [0.0]
  This paper discusses the aspects of data reliability and user privacy for the emerging practice of mobile phone based contact tracing for the COVID-19 pandemic. Various countries and large technology companies have already used or plan to design and use mobile phone based solutions.
  arXiv  Detail & Related papers  (2020-05-31T14:10:14Z)
• SeMA: Extending and Analyzing Storyboards to Develop Secure Android Apps [0.0]
  SeMA is a mobile app development methodology that builds on existing mobile app design artifacts such as storyboards. An evaluation of the effectiveness of SeMA shows the methodology can detect and help prevent 49 vulnerabilities known to occur in Android apps.
  arXiv  Detail & Related papers  (2020-01-27T20:10:52Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.