Security Issues and Solutions for Android-based Mobile Devices Klever R. P. Cavalcanti, Edejair Viana Department of Statistics and Informatics Federal Rural University of Pernambuco Pernambuco, Brazil Keywords- (Android; Mobile; smartphone; security; Aplication). Fernando A. A. Lins Department of Statistics and Informatics Federal Rural University of Pernambuco Pernambuco, Brazil Abstract— Currently, mobile devices are being widely used by of a considerable number of people. The need to be connected 24 hours a day is becoming a reality, because users need to make online purchases, make payments, access social networks, surf the Internet, check e-mails and so on. In this context, users with mobile devices, especially smartphones, using the Internet to connect to specific applications and safety issues may arise because, for example, sensitive data may be sent over an insecure channel (Internet). The aim of this paper is to present an overview of current security risks and security solutions related to smartphones based on the Android platform. Security risks have been divided into five categories, and these risks are presented and detailed on the corresponding categories. In addition, still stand out security solutions that are currently available on Android stores and these solutions can be used to eliminate or mitigate the risks. I. INTRODUCTION Currently, mobile devices are undoubtedly present in the daily routine of a considerable part of the community. The need to be connected twenty four hours a day is apparent because users need to shop online, perform payments, access social networks, surf the Internet, check emails and so on. By the end of this year (2015), the number of smartphones worldwide will reach almost 7 billion, close to the number of inhabitants on the planet, according to data released by the International Telecommunication Union (ITU-T) [10]. The entry of new phones will reach 96% worldwide by December, thanks to emerging countries, which represent almost 78% of all phones in use around the globe. Currently, two of three Internet users are located in developing countries [7]. In this context, considering that users with mobile devices, especially smartphone, utilize the Internet to connect to specific applications, security issues may arise, because sensitive data may be sent over this unsecure channel. On the current days, more than three billion mobile devices suffer all kind of attacks. In a recent study conducted by the Chinese company Cheetah Mobile, it is possible to observe that in the last 12 months the number of malwares for Android devices increased 600% [5]. Based on this and other facts, it is imperative to consider security measures and mechanisms in the mobile applications use and development. The main objective of this work is to present, describe and categorize the current most relevant security issues and solutions for Android-based mobile devices (especially Android-based smartphones). To achieve that, five categories of security issues are proposed and detailed, and they can be used to reason about available security attacks. This paper is structured as follows. Section II presents relevant basic concepts that help to understand this work. Section III introduces the proposed five categories, in which security issues are described and detailed. Section IV details current solutions for security in Android-based mobile devices. Finally, Section V presents the conclusions and future work. II. BASIC CONCEPTS A. Android Architecture Android is an operating system that was developed based on UNIX and it was designed to be used in mobile devices. Usually, applications for this operation system are developed using the Java programming language, which are then deployed in a specific virtual machine named Dalvik. The Android architecture is basically composed by five layers, which are described as follows.  Applications. The main purpose of this layer is to provide the basic functions of the device for high-level users. These applications may come available on the smartphone (eg e-mail, calendar, web browser and organizer) and also be downloaded by users on specific online shops.  Application Framework. This layer is developed mostly in Java, and interfaces with Android applications. It provides a set of libraries to access the various features of the device such as the graphical interface, locator (GPS), persistent database storage on the SD card and so on. International Journal of Computer Science and Information Security (IJCSIS), Vol. 13, No. 9, September 2015 22 http://sites.google.com/site/ijcsis/ ISSN 1947-5500