Data Security on Mobile Devices

A comprehensive analysis of smartphone security

Max Zinkus, Tushar Jois, and Matthew Green

Johns Hopkins University

PETS SoK paper Full arXiv ePrint

Abstract

Modern smartphones are the primary computing device for billions of users worldwide. These devices enable countless applications and hold some of their users' most sensitive data. The two major smartphone platforms have very different security philosophies and trust models. In this work, we investigate how these differences affect the security of modern smartphones in practice.

We survey the features and security architectures of the two major platforms, Android and iOS, and investigate how these systems enforce their security guarantees. We identify and investigate several classes of vulnerabilities across both platforms. We also discuss the implications of these security architectures and their implementation on user privacy.

Citation

If you use this work in your research, please cite:

                @misc{zinkus2021securephones,
                    title={Data Security on Mobile Devices: Current State of the Art, Open Problems, and Proposed Solutions}, 
                    author={Maximilian Zinkus and Tushar M. Jois and Matthew Green},
                    year={2021},
                    eprint={2105.12613},
                    archivePrefix={arXiv},
                    primaryClass={cs.CR},
                    url={https://arxiv.org/abs/2105.12613}, 
              }