Unformatted text preview:

HOW SMART IS YOUR ANDROID SMARTPHONE? A Project Report Presented to The Faculty of the Department of Computer Science San José State University In Partial Fulfillment of the Requirements for the Degree Master of Computer Science by Deepika Mulani May 2010 SAN JOSÉ STATE UNIVERSITY The Undersigned Project Committee Approves the Project Titled HOW SMART IS YOUR ANDROID SMARTPHONE? by Deepika Mulani APPROVED FOR THE DEPARTMENT OF COMPUTER SCIENCE Dr. Mark Stamp Department of Computer Science Date Dr. Jon Pearce Department of Computer Science Date Dr. Chris Pollett Department of Computer Science Date APPROVED FOR THE UNIVERSITY Associate Dean Office of Graduate Studies and Research Date ABSTRACT HOW SMART IS YOUR ANDROID SMARTPHONE? by Deepika Mulani Smart phones are ubiquitous today. These phones generally have access to sensitive personal information and, consequently, they are a prime target for attackers. A virus or worm that spreads over the network to cell phone users could be particularly damaging. Due to a rising demand for secure mobile phones, manufacturers have increased their emphasis on mobile security. In this project, we address some security issues relevant to the current Android smartphone framework. Specifically, we demonstrate an exploit that targets the Android telephony service. In addition, as a defense against the loss of personal information, we provide a means to encrypt data stored on the external media card. While smartphones remain vulnerable to a variety of security threats, this encryption provides an additional level of security. 11 will use. This is exactly the UNIX-style permissions per process-based model; however, unlike Android, this application is not available for market use without the signing process. There are two types of certificates used by the Symbian community: A developer certificate is used by the developer to sign his or her application and run on a specific phone. This developer certificate contains the requested capabilities of the application but is confined to run only on certain phones as specified by the International Mobile Equipment Identity (IMEI) which are mentioned in the certificate request process. It is not possible to request more than 20 IMEI numbers in a developer certificate. This means that a malicious application does not spread extensively as soon as it is developed. The second certificate is the Symbian Signed Certificate, obtained through the Symbian signing process. Just like iPhone, a Symbian application needs to be signed by a certifying authority before deploying the application in the market. There is a cost associated with each signing. One needs a publisher ID from Verisign, which costs $200 per year, and the Symbian signing process has an additional cost of around $300 [9] per signature. Once the application is ready to be deployed, it needs to be submitted to the Symbian signed site [15]. There, the application is tested against criteria specified by Symbian. After the testing is successfully completed, the application is certified and returned to the developer, who can then distribute the application. This process is shown in Figure 3. Since signing has a cost associated ...

Loading Unlocking...


Join to view Smartphone and access 3M+ class-specific study document.

We will never post anything without your permission.
Don't have an account?

Sign Up

Join to view Smartphone and access 3M+ class-specific study document.


By creating an account you agree to our Privacy Policy and Terms Of Use

Already a member?