On the Feasibility of Malware Attacks in Smartphone Platforms

Smartphones are multipurpose devices that host multiple and heterogeneous data. Their user base is constantly increasing and as a result they have become an attractive target for conducting privacy and security attacks. The attacks’ impact increases, when smartphone users tend to use their devices both for personal and business purposes. Moreover, application development in smartphone platforms has been simplified, in the platforms developers’ effort to attract more developers and increase its popularity by offering more attractive applications. In this paper we provide a comparative evaluation of the security level of well-known smartphone platforms, regarding their protection against simple malicious applications. We then study the feasibility and easiness of smartphone malware development by average programmers via an implementation case study. Our study proved that, under certain circumstances, all examined platforms could be used by average developers as privacy attack vector, harvesting data from the device without the users knowledge and consent.