International Journal of Computer Applications (0975 – 8887) Volume 86 – No 9, January 2014 8 Mobile OS Security and Threats: A Critical Review Ahmad Talha Siddiqui Research Scholar IFTM University Moradabad Mudasir M Kirmani Assistant Professor SKUSAT-K Abdul Wahid, Ph.D Associate Professor Maulana Azad National Urdu Univesity ABSTRACT The adoption of Smartphone’s in daily lives is transforming from simple communication to smart and the use of these multipurpose devices is rapidly increasing. The main reason for the increase in the Smartphone usage is their small size, their enhanced functionality and their ability to host many useful and attractive applications. However, this vast use of mobile platform makes these smart devices a soft target for security attacks and breach of privacy. The cases about the attacks on personal mobiles phones are on the rise which is a motivation for developing Smartphone application with better effective and efficient security measures to mitigate the impact of possible threats. This paper examines the feasibility of malware development in Smartphone platforms by average programmers that have access to the official tools and programming libraries provided by Smartphone platforms. In this paper comparison of Smartphones like Android, Blackberry, Apple iOS, Symbian, Window Mobile is given based on the specific evaluation criterions used for assessing the security level. Keywords Smartphone, Security, Malware, Attack, Evaluation Criteria, Operating System 1. INTRODUCTION Smartphone is the devices that enhance vision of universal computing: their small size, connectivity capabilities, storage capacity, mobility and their multi-purpose use are some of the reasons for their vast pervasiveness[10] the malware has also appeared in the Smartphone platform[12]. Apart from the increasing Smartphone sale, the annual downloads of Smartphone application are also on rise. Furthermore the use of Smartphone perimeter of an organization has increased besides increasing the sale of Smartphone and annual download of application from official as well as free source. Smartphone contains a vast amount of the user data, thus giving a serious privacy threat to the sector. In additional Smartphone consist of popular web applications like e-mail, YouTube, social media, social networks facebook and twitter etc[11][19] are being accessed through native applications instead of their useful web browser interface. In this context Smartphone often manage a vast amount of user data, causing a serious threat to privacy of data. This data is extremely useful for attackers’. Hence attacker tries to destroy or damage Smartphone with malware applications, harvesting Smartphone data without the user’s knowledge and consent. It is worth mentioning that the everyday use of Smartphone by non technical and non security savvy people has increased and the likelihood of using Smartphone as a security and privacy threat has increased as well. This paper examines the feasibility and easiness of malware development on Smartphone by average programmer that have access to the official tools and programming libraries provided by Smartphone[5][6][21]. It is important to mention that due to the lack of awareness about security concerns among user community of these multipurpose devices it has become a hot cake for cyber attacks[16][27] and people trying to explore weakness of Smartphone softwares. 2. SMARTPHONE SECURITY MODELS In this section we discuss the security models and development environments of the Smartphone platform a) Android b) Blackberry c) Symbian d) iOS e) Window Mobile. 2.1 Android The Android is a Linux based open source OS developed and maintained by Google[33][34][35]. Android provides a free and publicly available software development kit that consists of tools, documentation and emulator necessary for the development of new application in Java. A core element of the android security model[23] is the manifest file. The manifest[33][34][35] provides the necessary information to android for the execution of an application, the manifest file is crucial for the system, since a developer defines within the application permission. Everyday android applications have to be digitally signed by its developer. Android’s security model then maps the signature of the developer with a unique ID of the application package and enforces signature level permission authorization[23]. In the Android security model the applications are usually digitally signed with self signed certificates, providing only for source origin and integrity protection. 2.2 Blackberry The Blackberry is an operating system maintained by Research In Motion Inc (RIM). The current version of the OS is 6. Documentation about the OS details is not provided by RIM. However[36][37], RIM provides, through the Blackberry software development kit, the related documentation, tools, APIs and emulator that are necessary for application development. The platform of security model[25] forced restrictions to 3 rd party applications trying to access which is protected APIs of the OS by demanding the application which is signed with a cryptographic key provided by RIM[14]. In order to acquire a valid RIM signing key pair a developer needs to pay a small amount. However this process provides only poor source of origin and code integrity and does not offer any assurance about the validity and the security level of the 3 rd party application. 2.3 Symbian Symbian is an operating system whose current version is Symbian-3 which is maintained by Nokia[38]. In the Smartphone Symbian is executed and provides multiple free and publicly available SDKs. The tools documentation and emulators that are necessary for the development of new