Data Security on Mobile Devices: Current State of the Art, Open Problems, and Proposed Solutions
In this work we present definitive evidence, analysis, and (where needed) speculation to answer the questions, (1) Which concrete security measures in mobile devices meaningfully prevent unauthorized access to user data? (2) In what ways are modern mobile devices accessed by unauthorized parties? (3...
Gespeichert in:
Hauptverfasser: | , , |
---|---|
Format: | Artikel |
Sprache: | eng |
Schlagworte: | |
Online-Zugang: | Volltext bestellen |
Tags: |
Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
|
Zusammenfassung: | In this work we present definitive evidence, analysis, and (where needed)
speculation to answer the questions, (1) Which concrete security measures in
mobile devices meaningfully prevent unauthorized access to user data? (2) In
what ways are modern mobile devices accessed by unauthorized parties? (3) How
can we improve modern mobile devices to prevent unauthorized access?
We examine the two major platforms in the mobile space, iOS and Android, and
for each we provide a thorough investigation of existing and historical
security features, evidence-based discussion of known security bypass
techniques, and concrete recommendations for remediation. We then aggregate and
analyze public records, documentation, articles, and blog postings to
categorize and discuss unauthorized bypass of security features by hackers and
law enforcement alike. We provide in-depth analysis of the data potentially
accessed via law enforcement methodologies from both mobile devices and
associated cloud services.
Our fact-gathering and analysis allow us to make a number of recommendations
for improving data security on these devices. The mitigations we propose can be
largely summarized as increasing coverage of sensitive data via strong
encryption, but we detail various challenges and approaches towards this goal
and others. It is our hope that this work stimulates mobile device development
and research towards security and privacy, provides a unique reference of
information, and acts as an evidence-based argument for the importance of
reliable encryption to privacy, which we believe is both a human right and
integral to a functioning democracy. |
---|---|
DOI: | 10.48550/arxiv.2105.12613 |