SECURITY AND PRIVACY OF MOBILE APPLICATIONS
Mobile applications are software developed to offer services such as health, dating, gaming, banking, and many more, for tablets and mobile phones (Li and Clark, 2013). The use of applications exploded when smartphones were introduced, and developers were able to design applications that suit the consumer’s needs. The applications can be used both at home in school or at work. Applications have improved efficiency and performance at the workplace and, at the same time, reduced cost for some services. Despite these benefits there exist some problems. The applications tend to pose high risks to the security and privacy of the user’s information. Critical information that has been gathered by the applications could be altered by third party users for other uses leading to loss of user information confidentiality. Given that individuals are working from home and with the use of electronic devices the integrity, confidentiality, and the availability of user’s information poses significant issues in terms of privacy and security of data (Kraijak and Tuwanut, 2015). Users are usually worried about their personal data and also their fiscal dealings, which they provide on their mobile application. Service providers are also concerned with the loss of user’s phones, which carry unencrypted data.
There exist security and privacy issues of mobile applications; these include poorly protected user’s data, information security breaches, privacy and security problems, unregulated applications. According to Iachello et al. (2005), he hypothesized that mobile apps would bring significant issues, such as privacy and security problems among users and third parties. Most applications lack proper standards creating a barrier to ther extensive spread use of the apps. Users lose their phones or may avoid using security verification to protect their data. This could be viewed as a form of neglect on the user side for failing to use passwords to protect their data. Applications could gather information on individuals’ habits, movement, health, and their dark inner secrets. User’s data could also be poorly protected, which could create a significant concern to those in need of the service Li and Clark. (2013) found that 25 percent of the applications informed their users about their privacy policy while only a few apps encrypted user’s data (Kraijak and Tuwanut, 2015). There exists a tendency of the service provider to share unencrypted data to third-party sites without notifying their users.
Breaches on data security is a common issue; according to Liang et al. (2014), service providers view their customer’s information without the knowledge of the user. Breaches on data security can lead to individuals stealing a user’s identity, such as in a health care system, where one can use the unique medical number and person name to get services. It is on record where an individual maliciously changed a patient medical diagnosis, which led to false treatment and, consequently, death. The implications of a data breach include loss of customer confidence and brand value. Lack of proper guidelines in the management and development of apps is another problem that causes a security concern. The Absence of these guidelines has led to increased numbers of substandard applications, which puts the user’s data privacy at risk (Tayade, 2014). Most users rely on the app security provision, which, in reality, is not immune to issues concerning security. The platform created by Android phones is to allow the user to select between safe and not safe application. Apps have a tendency to store users’ information, such as passwords and names as a text (Gu and Guirguis 2014). This gives anyone an easy task of copying and using the data using a computer by directly connecting the phone to the PC. Bypassing the security test is another problem that is facing user’s information security and privacy Nevertheless, phone cloud computing carries several new difficulties, particularly when it comes to the obtainability of information and the safety and privacy of the user (Gu and Guirguis 2014). Safety matters are grave when a service provider tries to install a cloud-created management system since sending users information to the system shows that users’ files are held on the companies’ cloud servers (Hung et al., 2012).
According to Al Ameen, Liu, and Kwak, (2012), sending users data to the cloud storage, service providers are revealing information to malicious individuals since the data is accessible through the web. The service providers should know the risks involved when dealing with personal and private information. Finally, there has been an upsurge of Cybercrooks who have perfected their skill on mobile apps. They gain access to users’ mobile phones and alter the data, which is highly critical. The objective is to identify a weakness in an app and gain unauthorized access to information using the following strategies; Understanding binary codes by reverse engineering and malware embedding, which is a vulnerability of the Operating system (Plaza et al.,2011). The mobile network has gradually expanded compared to other years, which is an excellent move in technology. Mobile advancement has caused a shift in the work performed to suit it to perform almost every task that was in the recent past done only through the computer. This has resulted in an eruption of malicious acts through mobile advancement in technology in this field. There is an increase in demand for the same commodity. It has led to developments in various trends to which we are going to address. Firstly, the mobiles have been modified to suit the user as a storage device that is vulnerable if not well protected from the wrong hands (Tayade, 2014).
One can access private details that are stored on the phones. Attackers execute fraud by reading through SMS and MMS or access the gallery of their subjects. There can be the use of the computer resources in the mobile devices that increased the chances for the attacker to fraud the user; some of these resources are high frequencies processors, which also aid in the fast internet connectivity. According to Martínez-Pérez et al. (2015), resources may be under a threat since the attackers may deploy malicious content such as the botnets. They hack the system and cause delays in the system. There are also other trends that enhance multiple attack vectors that promote the conveyance of malicious content. Firstly, the services of mobile networks such as cellular services like SMS, a voice call may be used to deliver harmful information to users. The attacker may use the SMS to smish such that the attacker may use the SMS to send links, which may destroy the mobiles if opened, which causes a phishing attack. The cellular service like voice calls may also cause a vishing that occurs when the attacker ma mask the voice of other parties hence obtaining sensitive information to fraud the user. This results in a phishing attack. Secondly, mobile devices have advanced to be able to access the internet, such as Wi-Fi networks and mobile networks such as the 2G, 3G, 4G, and also the 5G. This advancement has resulted in attacks by hackers. This is especially when connected to the public networks, where the attacker may have access to private information through the Wi-Fi.
There are also loopholes in social networks. This may occur when the user of the social networks such as Facebook and tweeter may find links uploaded by the attacker, which may have harmful content when downloaded. Thirdly, the sharing mediums such as Bluetooth which may be a tool for malicious activities. This occurs when the pairing devices there is access to user devices, and there may be a transfer of corrupt files that may cause a breakdown of the devices. The Bluetooth pairing may also provide default passwords, which may give the attacker access to the private information and may result in disclosure of the secret data. The use of the peripherals and the USB connections are some of the other emerging trends that lead to the attack vectors. When USB is used, it is connected to the computers, and the attacker may access the confidential information in the mobile device of the user illegally. There may also malware transfer that the USB cables may transfer (Shahzad and Hussain, 2013). There is still modernization in the mobile devices that are preceding computer modification and resources. These developments are creating computer-based threats on mobile devices, which include; Trojan horse. This is a malware tool fitted in the mobile application that secretly gathers information of the user through phishing attacks that fraud the user through false representation. Secondly, a botnet is a malicious tool that is used to cause harm to the user. A botnet is a set of compromised devices that can be controlled remotely (Liang et al., 2014). It works by sending spam emails to commit denial of service attacks. Waledac, a mobile device, is one of the tools that use SMS and MMS for data transfer between nodes hence facilitate the botnet to remain active. A rootkit is also a destructive application that runs in a privileged mode and hides from the user through altering standard operating system functions. Spyware is another malware that protects personal information and shares it without the user’s knowledge.
Though there have been mobile threats, there are significant transformations that provide solutions to the risks. The defensive methods are measures to facilitate more efficiency in mobile devices. There are different types of defensive methods that can be deployed to enhance mobile data security. Firstly, there is the security measure which is undertaken by the developer in two ways. One is the secure coding of the applications, which is done through robust cryptographic systems that have long keys and executing the proper TLS to have safe communication between the server and the mobile apps (Kraijak et al.,2015). The second way is regularly updating the system. Every developer needs to provide updates to ensure that mobile applications are safe. There are measures that every user must be willing to follow to have secure data. This includes; the user must be ready to update the apps and the operating systems. This ensures that the device works more efficiently and eradicates every hidden malware. Every user must avoid rooting devices. Rooting breaks the security representations of the mobile devices and allows the installation of malicious apps illegally. The user must also prevent the installation of unknown applications that may contain corrupt files that may cause failures of the system device. The user must ensure that they download the apps from authorized stores such as Google play store since the applications are thoroughly checked. Thirdly, the application hosting providers must be willing to ensure security for the users. The providers need to ensure there is no malware in the apps they provided. Apps stores such as the Google store and the apple app store have been credited for checking thoroughly for any malware (Jain et al., 2012).
App developers should consider developing security and privacy from the application at the early stages. If security issues are ignored at this point, they will automatically grow to unsafe levels. Integrating this measure will save money time and effort. To prevent reverse engineering, app developers should deliberately conceal the source code. This will make it difficult for a cyber crook who has hidden motives. It is also necessary that the service providers to employ code auditors who can help in identifying concealed backdoors Jain and (Shanbhag 2012). App developers should be trained and informed on the consequences of a security breach of the user’s data. They should remain conscious of security controls such as firewalls and cryptography. Data that is highly sensitive should be identified and stored in an encrypted format with a password-based procedure. The data, if need be, should be stored in different data stores. Data sharing should be implemented using processes such as TLS 3 (Geneiatakis et al.,2015). When the data reaches the server certificate holding should be expected. A robust password plan must be imposed. Verification of Session tokens should never be stored as cookies. Mobile applications should always acquire the minimum license to implement their roles. Regarding the analysis of susceptibilities and threats of mobile apps, there is a need to develop apps with security features such as biometric the face and speech recognition as well as fingerprint verification. Individuals should avoid sharing information on non-secure Wi-Fi hotspots. Finally, there is a need to adopt guidelines to improve the privacy and security of app users (Hung et al., 2012).
Today a mobile phone has become part of a man’s life. Applications have offered services to most users enabling convenience and saving cost. However, mobile apps are faced with numerous challenges. The most common problem is the privacy and security of data, which has compromised integrity and confidentiality. Lack of guidelines on app development, bypassing security testing, malicious attack by highly skilled cybercrooks, and overreliance on app security provision. The challenges can be overcome by app developers building security and privacy apps from the early stage and users, ensuring they use passwords and firewalls to prevent theft and alteration of their data by cybercrooks.
References
Al Ameen, M., Liu, J., & Kwak, K. (2012). Security and privacy issues in wireless sensor networks for healthcare applications. Journal of medical systems, 36(1), 93-101.
Geneiatakis, D., Fovino, I. N., Kounelis, I., & Stirparo, P. (2015). A Permission verification approach for android mobile applications. Computers & Security, 49, 192-205.
Hung, S. H., Shih, C. S., Shieh, J. P., Lee, C. P., & Huang, Y. H. (2012). Executing mobile applications on the cloud: Framework and issues. Computers & Mathematics with Applications, 63(2), 573-587.
Iachello, G., Smith, I., Consolvo, S., Chen, M., & Abowd, G. D. (2005, July). Developing privacy guidelines for social location disclosure applications and services. In Proceedings of the 2005 symposium on Usable privacy and security (pp. 65-76).
Jain, A. K., & Shanbhag, D. (2012). Addressing security and privacy risks in mobile applications. IT Professional, 14(5), 28-33.
Kraijak, S., & Tuwanut, P. (2015, October). A survey on the internet of things architecture, protocols, possible applications, security, privacy, real-world implementation, and future trends. In 2015 IEEE 16th International Conference on Communication Technology (ICCT) (pp. 26-31).
Li, Q., & Clark, G. (2013). Mobile security: a look ahead. IEEE Security & Privacy, 11(1), 78-81. Martínez-Pérez, B., De La Torre-Díez, I., & López-Coronado, M. (2015). Privacy and security in mobile health apps: a review and recommendations. Journal of medical systems, 39(1), 181.
Liang, X., Zhang, K., Shen, X., & Lin, X. (2014). Security and privacy in mobile social networks: challenges and solutions. IEEE Wireless Communications, 21(1), 33-41.
Plaza, I., MartíN, L., Martin, S., & Medrano, C. (2011). Mobile applications in an aging society: Status and trends. Journal of Systems and Software, 84(11), 1977-1988.
Shahzad, A., & Hussain, M. (2013). Security issues and challenges of mobile cloud computing. International Journal of Grid and Distributed Computing, 6(6), 37-50.
Tayade, D. (2014). Mobile cloud computing: Issues, security, advantages, trends. International Journal of Computer Science and Information Technologies, 5(5), 6635-6639.