Chapter 1: Anti-virus Applications on Mobile Devices
Mobile phone anti-virus software refers to security software programs which have been professionally developed to protect device users from viruses, worms, Trojans and other malicious programs and removing them where possible. Anti-virus software programs have lately gained popularity due the increased incidences of malicious threats of attack on the web. There are several new viruses that are detected on a day to day basis on the cyberspace. While some of these viruses may be harmless, others are annoying and quite destructive. Certain viruses replicate themselves, but others may cause serious problems to the extent of erasing all data on a device drive. The use of anti-virus for device protection can be applied to multiple operating systems including Mobile Windows and Android mobile phones (iSoftwareReviews 2010).
Antivirus software works in various technical ways to give protection to and remove viruses from mobile devices. This normally occur through two security scanning functions namely On-Access Scanning and On-Demand Scanning. The On-Access scanning works in real-time to ensure a mobile device is protected at all times by monitoring for viruses to any accessing in the mobile device, for example while opening a file or opening an application. Despite of the fact that this software slows down the speed of a device, its role in antivirus protection is so critical and should thus be enabled at all times. On-Demand Scanning offers antivirus protection only when activated to scan any particular area, folder, file, or drive. The program then provides a scan report about how many viruses that have been found in the scanned item. In the event that a virus is detected, the program will notify the user and recommend an action which includes either to deleting or quarantine the virus (iSoftwareReviews 2010).
The rapidly increasing advancements of mobile phone technology to include a number of useful features have made android and windows mobile phones very popular pocket personal computers. This increased popularity has not however come with its own setbacks. Just like the ordinary personal computers, android and windows mobile phones have also been subjected to increased viruses attack. Virus attack has therefore become the latest and single biggest threat to the mobile phone industry. Subsequently, numerous companies dealing in software have come up with anti-virus for use in the android and windows mobile phones. These are mainly anti-virus software packages developed to provide anti-virus protection to mobile phones (iSoftwareReviews 2010).
There are a number of anti-virus software programs for mobile phones that are available to the users. The main mobile phone anti-virus software includes AhnLab Mobile Security, Avast! PDA Edition, Avira Antivir Mobile, BitDefender Mobile Security, BullGuard Mobile Antivirus, Dr.Web Mobile Security Suite, F-Secure Mobile Security, Kaspersky Mobile Security, and Norton Smartphone Security. AhnLab Mobile Security software provides a solution for viruses and worms protection and removal. It runs under windows mobile and android mobile phones. Avast! PDA Edition is an antivirus protection for PalmOS and Windows CE, Android phones, and Pocket PC based devices (iSoftwareReviews 2010).
Avira AntiVir Mobile provides professional virus and malware protection for pocket PCs, Windows mobile and Android mobile phones. BitDefender Mobile Security provides solution for virus protection and removal for PDAs and Smartphone that run on Windows mobile or Android mobile phones. BullGuard Mobile Antivirus provides solutions for protecting Pocket PCs and Windows mobile against viruses and other malicious programs. Dr.Web Mobile Security Suite is designed to provide anti-virus security solutions for pocket PCs that runs on Windows Mobile operating system. F-Secure Mobile Security is a complete mobile security software package that includes anti-virus, anti-spyware, a firewall and a remote control anti-theft feature for protection. Kaspersky Mobile Security also provides a complete protection package including Anti-theft protection, virus protection, firewall and anti-spam for SMS, EMS, and MMS. Norton Smartphone Security offers anti-virus, anti-spam, and firewall for Windows mobile and Android mobile protection (iSoftwareReviews 2010).
Protecting an android and window mobile phone from attack requires a complete understanding of all application communication. This is important because software can only protect a device if and only if it is able to read the same information as the mobile phone device, subsequently application layer threats. It may not be possible within the technological framework for antivirus software to understand application communications or analyse application behaviour through the deep inspection of intrusion prevention packets, whether on individual basis or when reassembled into their original sequence. Similarly, network-level antivirus may detect a small number of known, easily identifiable security threats by simply examining pre-programmed patterns (Citrix Systems 2006).
Installation of antivirus is the best known way of protecting android and windows mobile phones. The best types of antivirus are the application firewalls since they operate at the application layer instead of the network level. The application firewalls are able to enforce correct application behaviour while preventing any malicious activity. This is because the firewalls are able to inspect the actual internet communication and understand the context of all client requests and application responses through which they are sent to the internet. A complete mobile phone security application needs to offer full protection of all the elements of an application as well as users of the application. In most cases however, security applications for mobile phones are only limited to the application programme and application data (Citrix Systems 2006).
Despite web devices continuing to face significant security threats, mobile phones go completely unprotected while web browsing, downloading applications, checking e-mail, conducting online banking and connecting to social networking sites like Twitter and Facebook. While mobile attacks are increasing rapidly and hackers are financially motivated to steal data, identities, and intercept corporate communications, it has become critical to protect mobile devices such as android phone and Windows phones.
Background of the study
Smartphone security is the process of preventing and detecting unauthorized use of your system. Prevention measures help you to stop unauthorized users (also known as “intruders”) from accessing any part of your mobile phone system. Detection helps you to determine whether or not someone attempted to break into your system, if they were successful, and what they may have done. We use android and windows mobile for everything from banking and investing to shopping and communicating with others through email or chat programs. Although you may not consider your communications “top secret,” you probably do not want strangers reading your email, using your phone to attack other systems, sending forged email from your phone, or examining personal information stored on your phone (such as financial statements).
There are a variety of antivirus software packages that operate in many different ways, depending on how the vendor chose to implement their software. What they have in common, though, is that they all look for patterns in the files or memory of your Smartphone that indicate the possible presence of a known virus. Antivirus packages know what to look for through the use of virus profiles (sometimes called “signatures”) provided by the vendor. New viruses are discovered daily. The effectiveness of antivirus software is dependent on having the latest virus profiles installed on your Smartphone so that it can look for recently discovered viruses. It is important to keep these profiles up to date.
Chapter 2: Android Phone Emulators
An android mobile phone is a phone fitted with a set of software consisting of operating systems, middleware and other major applications. The main features of android include application framework for facilitating reuse and replacement of components, Dalvik virtual machine which is optimised for mobile devices, optimised graphics, an integrated browser, media tools for common audio, video and still image formats, SQLite for structured data storage, and GSM Telephony. Other features include Bluetooth, Camera, and Rich development consisting of a device emulator, tools for debugging, memory and performance profiling. Android technology is dependent on Linux version 2.6 to power the main system servicing including security, memory management, process management, network stack, and driver models (Android Developers 2010).
Android technology is made up of a multi-process system in which each application runs in its own process. A standard Linux facility is responsible for coordinating security between different applications such as user and group identifications assigned to the applications in Android mobile phone. The crux of the security applications is on the basis of the concept that no application, by default, has access to perform any operation with a potential of adversely impacting on other applications, the operating system, or the user. The applications that the Linux facility must grant permission include reading or writing the user’s private data, reading or writing another application’s file, performing network access, and keeping the device awake. The permission that an application requires is statistically declared in that application so that Linux facility can master the upfront during installation and not subject to change thereafter (Android Developers 2010).
The antivirus software for mobile forms utilises various virus detection methods. The two main virus detection methods include signature based detection and behaviour based detection. Signature Based Detection makes use of virus signatures dictionary to compare the files when checking for viruses. A signature dictionary is a database containing very many virus signatures which the software manufacturer has so far found. The user is expected to continually update the virus signature directory as when new viruses, worms, Trojans, and other malicious programs appear. Failure to update the dictionary may lead to failure of the software to detect emerging viruses. The behaviour Based Detection is designed to monitor and control any activities in the device system for suspicious program behaviour. In the event that a suspicious behaviour is detected, the software probes further into that suspicious behaviour by applying the signature based detection to countercheck whether the activity is malicious or not. In the event that the suspicious program is malicious, an alert will be generated to notify the user.
Android emulator is a virtual mobile device which runs on a phone system and allows the user to prototype, develop, and test android applications for possible malicious programs without necessarily using a physical device. This device mimics all the hardware and software features of a phone save for the fact that it cannot receive or make a call. As soon as a particular application starts to run on the emulator, it may make use of the services of the android platform to invoke other applications, access the network, and notify the user. The emulators also contain various debug capabilities like console from which the user can log kernel output, simulate application interrupts, and simulate latency effects and dropouts on the data channel (Android developers 2010).
As stated earlier, android utilises a multi-process system in which each and every application runs on its own process. Since majority of the security between applications is granted at the process level, android emulators provide more detailed security features through a permission mechanism that enforces restriction on the specific operations that any particular process can perform and permission for granting ad-hoc access to specific pieces of data. While the emulators ensures that no application acts in a manner that can adversely affect another application, it is still possible for an application to encroach into the actions of another application as long as permission is forehand obtained in order to perform the foreign function not provided by the basic nucleus (Vennon 2010).
The android emulators can also disallow these extraneous permissions on the basis of the certificates that were used to sign the application or by simply prompting the user. The permission that an application will require to function outside its nucleus is statistically declared by the emulators within the application and will be relayed to the Smartphone user, and the permission will not change. The android emulators consider malware to be malicious software designed to infiltrate a Smartphone system without the user’s informed consent (Vennon 2010).