Abstract
The adoption of smartphones, devices transforming from simple communication devices to smart and multipurpose devices, is constantly increasing. Amongst the main reasons for their vast pervasiveness are their small size, their enhanced functionality, as well as their ability to host many useful and attractive applications. Furthermore, recent studies estimate that application installation in smartphones acquired from official application repositories, such as the Apple Store, will continue to increase. In this context, the official application repositories might become attractive to attackers trying to distribute malware via these repositories. The paper examines the security inefficiencies related to application distribution via application repositories. Our contribution focuses on surveying the application management procedures enforced during application distribution in the popular smartphone platforms (i.e. Android, Black-Berry, Apple iOS, Symbian, Windows Phone), as well as on proposing a scheme for an application management system suited for secure application distribution via application repositories.
Access provided by Autonomous University of Puebla. Download to read the full chapter text
Chapter PDF
Similar content being viewed by others
References
Weiser, M.: The computer for the 21st century. Scientific American 265(3), 94–104 (1991)
Gartner: Gartner Newsroom (accessed April 15, 2011), http://www.gartner.com/it/page.jsp?id=1543014
Adleman, L.: An abstract theory of computer viruses. In: Goldwasser, S. (ed.) CRYPTO 1988. LNCS, vol. 403, pp. 354–374. Springer, Heidelberg (1990)
Cohen, F.: Computational aspects of computer viruses. Computers & Security 8(4), 325–344 (1989)
Kephart, J., White, S.: Directed graph epidemiological models of computer viruses. In: Lunt, T., et al. (eds.) Proc. of IEEE Symposium on Research in Security and Privacy (SP), pp. 343–359. IEEE Press, USA (1991)
Hypponen, M.: Malware goes mobile. Scientific American 295(5), 70–77 (2006)
McAfee Labs, 2011 Threats Predictions, Technical Report (December 2010)
Cisco: Cisco 2010 Annual Security Report (accessed April 15, 2011), http://www.cisco.com/en/US/prod/vpndevc/annual_security_report.html
Forrester: Forrester Research (accessed April 15, 2011), http://www.forrester.com/rb/Research/security_of_b2b_enabling_unbounded_enterprise/q/id/56670/t/2
Gartner: Gartner Newsroom (accessed April 15, 2011), http://www.gartner.com/it/page.jsp?id=1529214
PAMPAS, Pioneering Advanced Mobile Privacy and Security (accessed April 15, 2011), http://www.pampas.eu.org/
Hogben G., Dekker M.: Smartphone security: Information security risks, opportunities and recommendations for users, Technical report (December 2010)
GSM World, Mobile Privacy (accessed April 15, 2011), http://www.gsmworld.com/our-work/public-policy/mobile_privacy.htm
Security on MSNBC, Malware infects more than 50 android apps (accessed April 15, 2011), http://www.msnbc.msn.com/id/41867328/ns/
Goguen, J., Mesajue, J.: Security Policies and Security Models. In: Neumann, P. (ed.) Proc. of the 1982 IEEE Symposium on Security and Privacy (SP), pp. 11–20. IEEE Press, USA (1982)
Google, Security and Permissions (accessed April 15, 2011), http://developer.android.com/guide/topics/security/Security.html
Google, Android Developers (accessed April 15, 2011), http://android-developers.blogspot.com/2010/06/exercising-our-remote-application.html
RIM, Security overview (accessed April 15, 2011), http://docs.blackberry.com/en/developers/deliverables/21091/Security_overview_1304155_11.jsp
RIM, Code Signing Keys (accessed April 15, 2011), http://us.blackberry.com/developers/javaappdev/codekeys.jsp
Nokia, Symbian Platform Security Model (accessed April 15, 2011), http://wiki.forum.nokia.com/index.php/Symbian_Platform_Security_Model
Nokia, Symbian Signed Test Criteria V4 Wiki version (accessed April 15, 2011), http://wiki.forum.nokia.com/index.php/Symbian_Signed_Test_Criteria_V4_Wiki_version
Nokia, Developer_certificate (accessed April 15, 2011), http://wiki.forum.nokia.com/index.php/Developer_certificate
Nokia, OVI Publisher Guide, Technical Report (December 2010)
Apple, iOS Dev Center (accessed April 15, 2011), http://developer.apple.com/devcenter/ios/index.action
Seriot, N.: iPhone Privacy. Black Hat Technical Security Conference, Technical report (February 2010)
Microsoft, Windows ® Phone 7 security model, Technical report (December 2010)
Microsoft, App Hub (accessed April 15, 2011), http://create.msdn.com/en-US/home/about/developer_registration_walkthrough_confirmation
Microsoft, Windows Phone 7 Application Certification Requirements, Technical report, ver. 1.4 (October 2010)
Fluxcard, Fluxcard Fake ID (accessed April 15, 2011), http://www.fluxcard.com/
GeoTrust, GeoTrust Repository (accessed April 15, 2011), http://www.geotrust.com/resources/repository/legal/
GeoTrust, GeoTrust Technical Support (accessed April 15, 2011), https://knowledge.geotrust.com/support/knowledge-base/index?page=chatConsole
European Parliament and of the Council of the European Union. Community Framework for Electronic Signatures, Directive 1999/93/EC (December 1999)
Legislation.gov.uk, Computer Misuse Act 1990 (accessed April 15, 2011), http://www.legislation.gov.uk/ukpga/1990/18/contents
NIST, Secure Hash Standard (SHS), Technical Report FIPS PUB 180-3 (October 2008)
Dang, Q.: Recommendation for Applications Using Approved Hash Algorithms. NIST Special Publication 800-107 (February 2009)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Mylonas, A., Tsoumas, B., Dritsas, S., Gritzalis, D. (2011). A Secure Smartphone Applications Roll-out Scheme. In: Furnell, S., Lambrinoudakis, C., Pernul, G. (eds) Trust, Privacy and Security in Digital Business. TrustBus 2011. Lecture Notes in Computer Science, vol 6863. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-22890-2_5
Download citation
DOI: https://doi.org/10.1007/978-3-642-22890-2_5
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-22889-6
Online ISBN: 978-3-642-22890-2
eBook Packages: Computer ScienceComputer Science (R0)