Smartphone Security
Abstract
Smartphones handle and store sensitive data that should be protected. The vast amount of private information stored on smartphones was even cited by the US Supreme Court, in Riley v. California (2014), as a factor in ruling that searches of these devices require a warrant. Taint-flow analyzers use static or dynamic analysis techniques to trace the flow of sensitive data to undesired locations. If a user's location data, such as GPS coordinates or Wi-Fi access point information, is disclosed, it can compromise the user's privacy and, in extreme cases, put the user's physical safety at risk. Medical information is also increasingly an issue, given the increased popularity of wearable computing devices (such as health sensors) that communicate with users' smartphones. In addition, data from the phone's sensors or stored on the device (in emails, texts, or photos) could be used for theft (bank and credit card numbers), blackmail, stalking, unfair competition, public humiliation, and other abuses. Malware could surveil the smartphone user with microphone, video, and other sensors. Furthermore, privacy threats to users can come from many sources, including advertisers, hackers, and governments. Finally, employees often use their smartphones for both personal and business purposes; accordingly, technological measures should ensure that the employee's personal data is not leaked to the employer and that proprietary business data is kept secure. Here, we discuss in detail various smartphone security issues and present tools and strategies that can help us better protect sensitive data.
Document Details
- Document Type
- Technical Report
- Publication Date
- Jan 01, 2019
- Accession Number
- AD1092652
Entities
People
- Lori A. Flynn
- William Klieber
Organizations
- Carnegie Mellon University