Smartphone Malware Threat, an Experimental Evaluation of Smartphone Security Muneer Ahmad Dar Scientist-B, National Institute of Electronics & Information Technology (NIELIT), Srinagar, India. Abstract—with the rise in smart phone usage, the privacy concerns of millions of users has also grown. The malware is making inroads via the malicious apps created by the programmers. In this paper we created a malicious app in Android and the app was successfully stored at the play store. This malicious app helps us to track and pin-point the current location of the mobile and saves the call logs, sent to our Web-based application. This app couples GPS- based information with Google maps data and accurately determines the current postal address of the mobile using this app. The flexibility provided by the operating systems that allows the developers to develop the malicious applications (Malware), thereby compromising the security of smart phone users. In this paper, we try to evaluate the existing security safeguards used by the two leading smart phone operating systems i.e. IOS and Android. The two platforms will be evaluated in terms of the flexibility provided by the operating system to develop the malware. We will provide a comparative analysis, based on the experimental setup implementation of these two platforms. Index Terms— Android, IOS, Malware, Operating system, Security, Smart phone I. INTRODUCTION Smart phones are now a day’s used to do everything that we could do with the desktop PC. The wide range of apps provided by the smart phone operating systems makes the life of a user easy. Be it doing internet banking , getting socially connected , tracking the location or any other entertainment, the thousands of apps are in the corresponding app stores to make the life of users comfortable and entertaining. The two leading smart phone operating systems- Android and IOS are competing on every front to gain more popularity. Android being the open source mobile operating system tempts its users with a wide range of apps. On the other hand, IOS being the propriety mobile operating system has wide range of applications. The security model of these smart phones has two exciting but at the same time contradicting features. On one hand it has to Javed Parvez Assistant Professor, Department of Computer Science, University of Kashmir, Srinagar, India. safeguard the users so that their private date will be protected and on the other hand it fascinates the developers for developing the third party apps and giving them extra flexibility to create innovative apps but at the same time compromising the security of users [1-7]. The paper examines the possibility of Malware development by an average programmer and tries to find out how insecure the platform is. The proof of concept implementation is also provided in this paper. The paper is organized as follows. In Section II we compare the existing security frameworks of Smart phones. In section III the case study of attack scenario is introduced and based on this attack scenario a malware is created in section IV. The basic objective of creating the malware is to find out the loopholes in the smart phone operating system security and based on that the two leading operating systems i.e. Android and IOS are compared and evaluated with different criteria’s in section V. Finally we draw our conclusion in section VI. II. EXISTING SECURITY Android is a Linux based mobile operating system and it protects its users at different levels. One important prevention that the operating system does is that it partitions its apps as they have their unique UID’s and one app cant access the resources of other app implicitly and it has to be done by the programmer explicitly. The following are the advantages and disadvantages of Android operating system [8-17]. A. Advantages of Existing Security of Android • Unlike Desktop operating system where all the apps share the same UID, Android apps are partitioned from each other and they work under unique UIDs. This partitioning of these apps make them more secure as no other app can access the data or files of any other app and it has to be done by the programmer explicitly. International Journal of Computer Science and Information Security (IJCSIS), Vol. 14, No. 8, August 2016 109 https://sites.google.com/site/ijcsis/ ISSN 1947-5500