Professional Documents
Culture Documents
Author Rajesh Kumar Mobile Security R&D and Services 7th November 2011
Abstract: A pro-active mobile security control system around the apps submission process that identifies and prevents publishing malicious intent apps on the stores is very much required. This white-paper highlights modification in the generic architecture of an app-store for proactively integrating the apps security control system and that can fit or plug-in into the existing app-stores easily.
Table of Contents
Table of Contents ............................................................................ 1 Introduction .................................................................................... 2 Apps Development and Distribution .................................................. 2 The App Store Architecture .............................................................. 3 Modified Architecture with Pro-active Security Control ...................... 4 Apps Security Module ...................................................................... 5 Security Test Scope .......................................................................... 5 About Author .................................................................................. 6 About Tech Mahindra Limited .......................................................... 6
Introduction
Smartphones are enjoying ever-increasing users, business and popularity today. The integration of new high-speed wireless technologies, multimedia capabilities, document editors, millions of social-sites users, availability of centralized appsstores, and new generation developers, previously found on Personal Computers, is leading the smartphones becoming real powerhouses. This has also brought cyber risks, not only the malware infecting the operations of phone, but also phishing of applications, targeting users with Trojans and Spywares for stealing personal information, high billing by making hidden calls and sms to premium numbers, and malvertising. As smart-phones have small apps widely downloaded from centralized app-stores free or commercially, they are exposed to additional risks: they are also an attractive way for hackers for centralized distribution of a malicious app embedded with financial fraud and network traffic generator. Currently most of the stores are implemented with certificate based trust-chain and abuse reporting by end-users which are not sufficient to control security incidents reported in malware apps. To avoid such scenarios, app-stores should employ pro-active malware and security assessment and control systems for mobile apps in the app-store infrastructure. This security system will result in a way where only safe apps are published in the appsstore and thus protecting billions of downloading by million of users from thousands of malware apps.
This would marginally reduce the Rogue applications, malicious websites, malware in the app-store among top mobile threats.
About Author
Rajesh Kumar leads Mobile Security R&D and Services in Tech Mahindra Limited. His 18 years of industry experience begins along with the evolvement of application proxy and network firewalling security system. His current assignment includes development of mobile security control systems and services around mobile apps, mobile networks, and enterprise mobility. He developed various enterprise systems, network services and their architectures while working with Indian Space Research Organization, ISRO in his earlier organization. His qualifications include Bachelor of Engg in Computer science & engg subject from BIT Sindri, India and Post Graduate Certificate in Business management from XIM Bhubaneswar, India.