Techniques for Analysis of Mobile Malware

Introduction

The count of the Mobile devices is increasing dramatically day-by-day. Mobile devices have raised above from just being a digital device or a smartphone, in fact they have turned into a platform for convergence of our personal and digital life because of their rich computing capabilities and its wide range of features such as easier communication, more than one internet connectivity mechanisms, the storage including multimedia and so on. The ubiquitous presence of mobile devices can be understood from the statistics in Figure 1 below. The mobile devices remain online continuously by seamlessly connecting through mobile data or the closest available Wi-Fi, and keeps downloading and uploading data intermittently, increasing the complexities in protecting the data.

Figure 1.

Sales of smartphone shipments across the globe from 2009 to 2017 and projections for 2018 to 2022

(Source: The Statistics Portal: www.statista.com)

There exist several Mobile device vendors who deliver their devices bundled with major mobile operating systems such as Android (by Google), iOS (by Apple) and others. However recent times has seen mentionable increase in the number of Android-based Mobile devices when compared to other mobile operating systems (Figure 2).

Figure 2.

Global mobile OS market share in sales to end users from 1^st quarter 2009 to 2^nd quarter 2018

(Source: The Statistics Portal: www.statista.com)

The ubiquitous nature of mobile devices has resulted in drastic rise in the number of applications in the mobile market, complicating mobile security further (Imran Ashraf, 2012). These applications are an add-on to the features and capabilities of the mobile devices. They also make the life of the users better by providing them with the functionalities such as financial transactions, entertainment, shopping, games, personal health tracking and so on, on their own personal mobile devices, regrettably not every application does what it seems to do, and perhaps it is difficult for users to detect a well-crafted application or forgery that withdraw data surreptitiously apart from its listed function. The mobile applications can be easily accessed, downloaded and installed by the users on to their devices from the openly available through third party and official app stores such as App Store and Google Play provide and maintained by Apple and Google respectively. However, the easily available and installable apps do come with equally severe security risks, vulnerabilities and threats.

Mobile devices are susceptible to various types of attacks (Figure 3): physical, over the network, via a vulnerability exploit of the underlying Operating System or the installed applications, or via malware.

Figure 3.

Attack surface of mobile devices

The physical security of a mobile device is a basic threat related to loss of device, theft of device or temporary physical access. It can be ensured by facility to locate device, backup, passcode and other protection mechanisms. The Network-based attacks are possible because of: (a) general protocol vulnerabilities, (b) design issues affecting mobile OS, and (c) excessive use of untrusted networks. The App-level vulnerabilities are: (a) plain HTTP, (b) certificate pinning, (c) HTTP request hijacking. And finally, the maliciously vulnerable apps which can successfully breach the application security or privacy, or device security is the Malware.