An evaluation of smartphone communication (in)security

• Main Author: Brodd-Reijer, Christoffer
• Format: Others
• Language: English
• Published: Uppsala universitet, Institutionen för informationsteknologi 2014
• Online Access: http://urn.kb.se/resolve?urn=urn:nbn:se:uu:diva-219069

The purpose of this study is to examine and evaluate the security of the data traffic sent to and from smartphone devices. Since smartphones are becoming more common, are highly connected, often use cloud based computation, and contain highly personal data, it is important that the communication is secure and safe. This paper examines the Android and iOS platforms and focuses on three key parts: platform, application, and user. The platforms are evaluated on the basis of their libraries, APIs, and documentation; applications are evaluated using static code analysis and manual traffic analysis; users are examined using a social experiment. Results show that about one in twenty applications leaks sensitive data, without any difference between platforms. While the platforms do a good job educating developers about security there are room for improvements. The paper also concludes that a non-insignificant share of users are inclined to bypass important security warnings which may expose their passwords to an attacker.