Malware is a short term for malicious software. It is a term used to refer to any software that disrupts normal computer operation, gathers information and accesses private material without the consent of the owner. As such, the term malware can be used to refer to a number of unwanted software such as viruses, phishing software (spyware), adware, worms, and Trojans. Malware can manifest itself as active content and scripts on websites, executable code (.exe files) and other forms (Bergman, Stanfield, Rouse & Scambray, 2013). Malware can be harmful and annoying. Harmful malware is that which can leak sensitive information from a computer or disrupt its functions. Annoying malware is that which displays content that the user has not requested. For example, many pop-ups in websites can be described as malware. Malware is designed to be discreet so that the user does not know when installing or running the malware. The user can establish the presence of malware by observing the behavior of the system. Some malware is easier to identify than others are. For example, statistic-gathering software can run without being identified but adware will be identified almost immediately (Asokan et al, 2014).
Malware affects all types of computing but in this paper, we are going to focus on mobile malware.
The changing face of technology means that mobile computers have become more prominent in our everyday lives. Previously, desktop and laptop computers were the most common computers available. With advancements in technology, computers have become more powerful and the components have reduced drastically in size (Zhou, 2011). The cost of manufacturing has gone down meaning that more people can afford these devices. This has led to the rise of mobile computing that is now as important as traditional desktop computing. The main devices associated with mobile computing are smart phones and tablets (Bryan, 2012).
Mobile security, therefore, refers to security targeted at protecting these mobile devices. It aims at protecting the personal and business data and information contained in these mobile devices. In mobile computing, there are three main operating systems and other smaller players. The market leader in mobile computing is android by Google, followed by Apple’s IOS, and Microsoft’s windows mobile is the third major player. Smaller players include Firefox OS, Chrome OS among others. Android and IOS have by far the largest market share accounting for over 90% of the mobile market (SecureComm (Conference), 2013).
Mobile Threat Exposure Rates
Malware is usually targeted at the markets with the most users. This increases the chances for the software achieving its objectives. Traditionally, windows operating system was the most commonly used operating system in computers. Majority of the malware was directed to attack machines running this operating system. This is because it takes a lot of time to develop malware, and creators want to reach as many victims as possible. Mobile computing is now the most common form of computing in the world. This means that the new malware is being developed every day to target users of mobile computing. A smart phone is particularly vulnerable to malware because of the way it communicates (Zhou, 2011).
The main threat to a smart phone is disruption of the way it operates and transmission or changing of the user’s data. The three main targets for attack are the identity of the user. Mobile devices can be customized so that they transmit the information of the owner. A hacker may want to steal this identity to use in committing other crimes. The data stored in the mobile device is also a prime target for hackers (Steele & To, 2011).
Information such as passwords, bank account details and credit card information are now routinely carried in mobile phones. An attacker would like to get their hands on such information to use in committing fraud. Lastly, the availability of the mobile device is the third target for attackers. An attacker can take over the device and deny or limit the access of the owner of the device. The attacker can also use the processing power of the device to commit other attacks. As seen, the threats to mobile security are increasing, and they are usually carried out for the same reasons as traditional computer attacks.
Which Mobile Operating System is the best for Security: Android or IOS?
Android is the most common mobile platform operating system. Naturally, attackers focus more on android rather than IOS. Android is open in nature and therefore its inner workings are also more accessible to hackers. This is as opposed to IOS, which is closed and therefore less available for hackers to exploit. Despite these, both operating systems have their vulnerabilities. The research carried out on the two operating systems over a period of five years discovered 325 vulnerabilities in the android operating system and 185 vulnerabilities in IOS. Serious vulnerabilities have been discovered on both operating systems, which could lead to a hacker accessing information or taking over the device (Dubey & Misra, 2013). Most of the criminal opportunities to attack target android OS but data has also been stolen from IOS devices. In terms of numbers, android OS is less secure than IOS. This is because it is open source software and hackers can easily get their hands on the code for the operating system. Although not completely safe, IOS is more secure than android. An example of the vulnerabilities faced by IOS is the way it saves user information on iTunes. Some people have been attacked by ransom ware where the hacker threatens to brick a device if a ransom is not paid. The information required to take over the phone is available on iTunes and the software to destroy the phone is part of the IOS system to prevent phone thefts (Asokan et al, 2014).
An overview of the Android OS in General
Android is a mobile operating system developed by Google. It is based on the Linux kernel, and it is primarily designed for touch screen devices. Variants of android operating system have been used on televisions, cameras, car navigation units, and wristwatches. Android is the most popular mobile operating system in the world and has over 1 billion active users. Google releases android as open source software, but android usually gets into the hands of the user including some proprietary software from the device manufacturer. Android source code is also available for developers who come up with the many applications that make android desirable. Google operates Google play market where applications are available for download. The company usually approves the applications on Google play store. Applications can also be installed on the device from other sources. When an android device is switched on, it loads the home screen, which is similar to a desktop in computers. From the home screen, the user can access apps using icons or widgets (Misra, 2013).
Types of Android
The major types of android malware are:
AndroidRAT RAT stands for remote access Trojans, and they can be installed by a user while downloading an application to the device. They are most likely to affect a device without anti-virus software. They can result in the hacker gaining control of the whole device and accessing data while using SMS and even taking photos using the device camera (Maruthi, 2013).
Droidkungfu is another malware that affects android devices. It is usually used to transmit data without the users’ knowledge. They can also be used to turn the device into a bot, which is in turn used to infect other devices.
Basebridge is the third type of malware that affects android devices. This type of malware is usually located on copies of authorized apps. A user installs the fake app thinking they are installing the genuine app. Once installed, the app gives a fake upgrade message and once a user accepts, the malware creates a copy of itself on another location on the device. Once the application is opened, the malware is also started. This type of malware uses services like phone calls, SMS, resulting in the user being charged by the mobile operator.
Future predictions of Android malwares
As more and more people join android, the malware associated with the operating system is going to increase. This is because a large market also attracts crooks. The most important commodity in the technology data is the big data. Since mobile phones are personal in nature and are carried around by the user at all times, they are a very important tool in collecting this data. The type of data can range from location (recorded by the GPS and Wi-Fi on the device), browsing habits, websites visited, online purchases made and so forth. This is very important data for reasons such as advertising and there is a likelihood most of the malware developed will aim to collect this type of information (Drake, Lanier, Mulliner, Oliva, Ridley, & Wicherski, 2014).
How to stay safe on the Android
Staying safe on android is similar to staying safe on other computers. User behavior is very important in this matter. The user should ensure that they have a good anti-virus program installed on their android device. This anti-virus should always be updated. This ensures that the device is protected from the latest malware. When vulnerability in the operating system is discovered, Google issues updates of android. The user should ensure that they update their phone always to protect against any vulnerability (Bergman, Stanfield, Rouse, & Scambray, 2013).
Applications are a major source of malware. The user should ensure that they install only approved apps from the Google play store. If a user has to install a third party application, they should ensure that it is from a trusted source. The user should also ensure that they only visit trusted sites on their devices. If a user is not sure about the security of a site, it is better if they avoid it altogether Bergman, Stanfield, Rouse, & Scambray, 2013). A user can also disable pop-ups and flash media from websites they are visiting. This reduces the likelihood of getting malware in these formats. Lastly, the user should also ensure that they only connect to networks or phones that they trust. Most android devices support Wi-Fi and Bluetooth. The user should ensure that they connect to only trusted networks and when not in use, they should ensure that these features are off. Applications that require permissions to take over some functions of the device are likely to be malware. If a user is not sure how the application uses these permissions, they should not grant them. This ensures that there can be no data leakage from the device. These are just the major steps to take to ensure safety when using android (Bryan, 2012).
Malware is very dangerous regardless of what type of device a person is using. The smart phone has literally taken over the communication world. A smart phone acts like a telephone, a computer, a personal digital assistant among many other functions. This has resulted in important data being sent, carried or stored in mobile devices. This has increased the risk of malware on these devices. In order to ensure proper use of mobile devices, a user must ensure that they protect themselves from malware whose consequences can lead to data loss and improper functioning of the mobile device (Drake, Lanier, Mulliner, Oliva, Ridley, & Wicherski, 2014).
Asokan, N., Davi, L., Dmitrienko, A., Heuser, S., Kostiainen, K., Reshetova, E., & Sadeghi, A.-R. (2014). Mobile platform security. Boston: Springer
Bergman, N., Stanfield, M., Rouse, J., & Scambray, J. (2013). Hacking exposed: Mobile security secrets & solutions. International Conference on Network and System Security, Lopez, J., Huang, X., & Sandhu, R. (2013). Network and system security: 7th International Conference, NSS 2013, Madrid, Spain, June 3-4, 2013. Proceedings. Berlin: Springer.
Bryan, A. (2012). Android (operating system) - Unabridged Guide. Dayboro: Emereo Publishing.
Drake, J. J., Lanier, Z., Mulliner, C., Oliva, P., Ridley, S. A., & Wicherski, G. (2014). Android hacker's handbook. Indianapolis, IN: Wiley.
Dubey, A., & Misra, A. (2013). Android security: Attack and defences. Boca Raton, Fla: CRC Press.
Dunham, K. (2014). Android malware and analysis. New York: Sage
Dunham, K., & Abu-Nimeh, S. (2009). Mobile malware attacks and defense. Burlington, Mass: Syngress.
Gargenta, M. (2011). Learning Android. Sebastopol: O'Reilly Media, Inc.
Gunasekera, S. (2012). Android apps security. New York, NY : Apress.
Hoog, A., & McCash, J. (2011). Android forensics: Investigation, analysis, and mobile security for Google Android. Waltham, MA: Syngress.
Jiang, X., & Zhou, Y. (2013). Android malware. New York, NY: Springer.
Makan, K. (2013). Android Security Cookbook. Packt Publishing.
Maruthi, G. P. (2013). Secret of Smart Phones: Android Mobile Operating System. Saarbrücken: LAP LAMBERT Academic Publishing.
Misra, A. (2013). Android security: Attacks and defenses. Boca Raton, FL: CRC Press.
MobiSec 2012, & Schmidt, A. U. (2012). Security and privacy in mobile information and communication systems: 4th International Conference, MobiSec 2012, Frankfurt am Main, Germany, June 25-26, 2012, Revised selected papers. Berlin: Springer.
Nordic Conference on Secure IT Systems, & Laud, P. (2012). Information security technology for applications: 16th Nordic Conference on Secure IT Systems, NordSec 2011, Tallinn, Estonia, October 26-28, 2011, Revised selected papers. Berlin: Springer.
SecureComm (Conference), In Zia, T., In Zomaya, A. Y., In Varadharajan, V., & In Mao, M. (2013). Security and privacy in communication networks: 9th International ICST Conference, SecureComm 2013, Sydney, NSW, Australia, September 25-28, 2013, revised selected papers.
Steele, J., & To, N. (2011). The Android developer's cookbook: Building applications with the Android SDK. Upper Saddle River, NJ: Addison-Wesley.
Zhou, Z. (2011). Windows Phone 7 programming for Android and iOS developers. Indianapolis, IN: John Wiley & Sons.
International Conference on Mobile Wireless Middleware, Operating Systems, and Applications, In Borcea, C., In Bellavista, P., In Giannelli, C., In Magedanz, T., & In Schreiner, F. (2013). Mobile wireless middleware, operating systems, and applications: 5th International Conference, Mobilware 2012, Berlin, Germany, November 13-14, 2012, Revised selected papers.