In: Computer Science
find articles that deal with application or mobile device security and those types of attacks. You should have a large depository of these kinds of articles, especially in the mobile device security arena. Where are the biggest issues?
Application or mobile device security arena, related
types of attacks, and the areas where the biggest issues
are:
From the Mobile application issues, attacks, and its security
perspectives, all types of mobile phone with their different OSs,
their manufacturer company, their app store, and the applications
available in these stores are the threats, many of the applications
available in these platforms have biggest issues, are vulnerable to
attacks, and a lot of customers or users' data are shared and
compromised by attackers hacking the users' mobile phones, the
apps, other apps downloaded, installed, and run on the phone. These
attacks happen mostly because of the app stores such as Google's
PlayStore, Apple's iTunes and its app store, Windows Store,
etc.
* The app stores miss on monitoring and detecting any potential
malware which would be in the codes of the applications developed
by the vendor companies or individuals, which they would
intentionally place such malware so they can attack users' phones,
gather their data, and misuse for their personal use or monetary
gains.
* The next issue occurs when the users download, install and run
the apps on their phone giving those apps all the permissions they
state to be required to run the app effectively. These permissions
are often given by the users to view, monitor, use, and share their
data for the app developers or company's purposes, share it with
their (app developer company's) partner or customer companies for
marketing, selling, and advertisements of their products and
services for the mobile phone customers to purchase or subscribe
for, or share it with government and other related agencies for
surveillance, monitoring, law regulation, and enforcement
purposes.
Some of the biggest issues and risks the mobile phone users
experience across the world are:
* Mobile OS attacks are due to the issues, bugs, or loopholes in
the Operating Systems are the main cause for vulnerabilities open
to the bad guys to attack and hack.
* Physical (the actual mobile phone device) security.
* Issues and attacks due to unencrypted, no encryption, or weakly
encrypted messages, calls, texts, emails, and apps.
* Logging of multiple users.
* Issues in the security of data storage.
* Browsing, navigating through, exploring both, offline and online
on mobile phones.
* Issues experienced due to the improper management of isolation of
applications used on mobile phones.
* System, OS, applications, and important security updates and
patches.
* Issues in the coding of different mobile devices.
* Issues in mobile apps due to poor or bad coding; with
inappropriate, irrelevant, and unnecessary permissions to be given
the apps; improper development of the apps create vulnerabilities
and compromise mobile phone and app security.
* Attacks through Bluetooth networks.
* In general, users and companies experience issues in protecting
sensitive data and information of the customers.
* Any and all malicious attacks on mobile phones and
applications.
* The mobile communication networks such as Bluetooth and Wi-Fi
(unsecured) connections are also attacked making the devices
vulnerable.
* Malware attacks on mobile phones and apps in them delete files,
app data and other data creating confusion, chaos, and loss.
* Serious threats are found in newly added features and updates on
the mobile phones and the apps on them.
* Stealing of users' mobile phones is a physical security
threat.
* Leakage of data.
* Spoofing of networks.
* Attacks due to spam messages, texts, SMSs, emails push
notifications, calls (from unknown numbers), etc.
* Unnecessary, dangerous, phishing, illegitimate advertisements,
links, banners, etc., popping up while browsing the Internet on the
phone or simply using the apps running them.
* Issues and attacks due to hidden spyware on the phone.
* Attacks could be due to any broken cryptography.
* Any improper handling of sessions.