Mobile Software Security Threats in the Software Ecosystem, a Call to Arms

  title={Mobile Software Security Threats in the Software Ecosystem, a Call to Arms},
  author={Andrey Krupskiy and Remmelt Blessinga and Jelmer Scholte and Slinger Jansen},
This paper studies security policies of the Android and iOS software ecosystems. These platforms have experienced security issues since their public release in 2007. This research creates an overview of the results that security issues cause and the actions available to limit security infractions based on scientific literature. Following the overview, this paper attempts to explain premises of those issues by analyzing the security recommendations of both platforms and comparing them to OWASP… 

A Study on Organizational IT Security in Mobile Software Ecosystems Literature

This study conducted a systematic mapping review supplemented by a snowballing process to identify which controls presented in ISO 27000, more specifically ISO 27001, are present in the Mobile Software Ecosystem (MSECO) literature and found that 34 out of the 114ISO 27001 controls are covered by the MSECO literature.

Revisiting the Mobile Software Ecosystems Literature

  • Caio SteglichS. Marczak C. D. Souza
  • Computer Science
    2019 IEEE/ACM 7th International Workshop on Software Engineering for Systems-of-Systems (SESoS) and 13th Workshop on Distributed Software Development, Software Ecosystems and Systems-of-Systems (WDES)
  • 2019
This paper found 63 publications on the topic of mobile software ecosystems that were categorized by year, by author (a few collaboration clusters were identified), and by the mobile ecosystems characteristics (applications and the platform are the most discussed topics followed by the developers and the users).

A Survey of Android Mobile Phone Authentication Schemes

It was observed that while biometric based authentication schemes offered the greatest level of security, there was always a trade-off between computational complexity and ease of use/implementation/cost that ensured that more traditional authentication schemes, while not as secure as biometric schemes, are still widely used in mobile devices.



Toward Engineering a Secure Android Ecosystem

This work organizes the most recent security research on the Android platform into two categories: the software stack and the ecosystem, and envision a blueprint for engineering a secure, next-generation Android ecosystem.

Privilege Escalation Attacks on Android

It is shown that a genuine application exploited at runtime or a malicious application can escalate granted permissions, implying that Android's security model cannot deal with a transitive permission usage attack and Android's sandbox model fails as a last resort against malware and sophisticated runtime attacks.

A Survey of Android Security Threats and Defenses

This survey discusses the existing Android security threats and existing security enforcements solutions between 2010−2015 and tries to classify works and review their functionalities and reviews the strength and weak points of the solutions.

Mobile Platform Security

A generic model for mobile platform security architectures is presented: the model illustrates commonly used security mechanisms and techniques in mobile devices and allows a systematic comparison of different platforms.

iOS encryption systems: Deploying iOS devices in security-critical environments

This work analyzes the deployment of the iOS platform and its encryption systems within a security-critical context from a security officer's perspective and presents a workflow that supports the security officer in analyzing the security of an iOS device and the installed applications within aSecurity- critical context.

Comparing Mobile Privacy Protection through Cross-Platform Applications

The first attempt to establish a baseline for security comparison between the two most popular mobile platforms is made and evidence suggests that Apple's application vetting process may not be as effective as Android's privilege notification mechanism, particularly in protecting sensitive resources from third-party applications.

Permission evolution in the Android ecosystem

It is stated that the Android ecosystem is not becoming more secure from the user's point of view and the need to revisit the practices and policies of the ecosystem is suggested.

A survey of mobile malware in the wild

The incentives behind 46 pieces of iOS, Android, and Symbian malware that spread in the wild from 2009 to 2011 are analyzed and the effectiveness of techniques for preventing and identifying mobile malware is evaluated.

Protecting Mobile Networks and Devices: Challenges and Solutions

The many attack samples present the severity of this problem, while the delivered methodologies and countermeasures show how to build a truly secure mobile computing environment.

CRiOS: Toward Large-Scale iOS Application Analysis

The average iOS application consists of 60.2% library classes and only 39.8% developer-authored content, and it is found that 9.32% of referenced network connection endpoints either entirely omit to cryptographically protect network communications or present untrustworthy SSL certificates.