Chapter 5 - Android device, data, and app security

Abstract

Mobile device security is a rising concern for individuals, corporations, and law enforcement and government agencies. Android devices can be both a target of malicious attacks and a tool used to carry out such attacks. Personal users as well as corporations must be aware of the risks and should take certain measures to protect against malicious misuse. Application developers must also increase their attention on security concerns and take responsibility for protecting user data. Implementing basic security measures discussed in this chapter, though not providing full protection, can at least serve as a deterrent against most attacks. Understanding the various threats and scenarios will allow security engineers and developers to design appropriate controls to mitigate risk. Primary focus of mobile security research, exploits, and articles has been on smart phones as a target of data theft. Data at rest is a term used to describe data that are stored in nonvolatile memory and thus are neither located in RAM nor in transit through networks. Data in transit (sometimes called data in motion) is a term used to describe data that is in transit through networks (cellular, Wi-Fi, or other networks) or is located in RAM. There are several well-known techniques that attackers use to compromise data in transit, along with new techniques that security researchers either discover themselves or practitioners uncover “in the wild.” Security considerations and strategies for individuals and corporates are presented.