Terry Mac-Tay SECURITY THREATS AND DATA PROTECTION IN ANDROID DEVICES SECURITY THREATS AND DATA PROTECTION IN ANDROID DEVICES Terry Mac-Tay Bachelor Thesis Spring 2018 Business Information Technology Oulu University of Applied Sciences ABSTRACT Oulu University of Applied Sciences Business Information Technology Author

Terry Mac-Tay
SECURITY THREATS AND DATA PROTECTION IN ANDROID DEVICES

SECURITY THREATS AND DATA PROTECTION IN ANDROID DEVICES
Terry Mac-Tay
Bachelor Thesis
Spring 2018
Business Information Technology
Oulu University of Applied Sciences
ABSTRACT
Oulu University of Applied Sciences
Business Information Technology
Author: Terry Mac-Tay
Title of Bachelor´s thesis: Security threats and Data Protection in Android devices
Supervisor: Liisa Auer
Term and year of completion: Spring 2018Number of pages:40
Our smartphones and tablets provide us with the access to a plethora of private information potentially leading to financial and personal hardship, therefore they need to be well protected. The Android operating system has become the largest and the most popular operating system for smartphones and tablets and at the same time, threats arise that associates with its platform such as malware or exploits.
A dynamic solution is needed to protect Android devices in real time. A thesis research was conducted on System call as certain effective methods for Android dynamic analysis. A system call is basically a way a program interacts with the Android operating system. Whenever an Android program makes a request to the operating systems’ kernel, system call assists the program to do so. As a result, system calls are mainly used in the hardware services.

This thesis mainly focuses on security vulnerabilities from the end-user, enterprises that encourage bring your own device (BYOD) to work premises without any security countermeasures and a brief security concern to Android developers. To achieve these security objectives for individual Android users and enterprise Wi-Fi network as well as data protection, Android users must consider what type of Apps to install on their devices, what permissions to grant access to and avoid connecting to public free Wi-Fi and remember to use VPN to stay protected at all cost.
This thesis could be used as a security guide for Android device users, enterprises that allowed employees to bring their own device to work and a brief about developers.

Keywords:
Android, Android security, Android devices, smartphone, data protection, malware
Table of Contents
TOC o “1-3” h z u 1introduction PAGEREF _Toc514175761 h 52Background PAGEREF _Toc514175762 h 72.1Android Platform architecture PAGEREF _Toc514175763 h 83ANdroid security challenges PAGEREF _Toc514175764 h 103.1Android Platform Security PAGEREF _Toc514175765 h 103.2Android System Security PAGEREF _Toc514175766 h 103.3Android Application Security PAGEREF _Toc514175767 h 104Android security and threats PAGEREF _Toc514175768 h 134.1User Concerns PAGEREF _Toc514175769 h 144.2Developer Concern PAGEREF _Toc514175770 h 165real-world attacks PAGEREF _Toc514175771 h 185.1Wi-Fi PAGEREF _Toc514175772 h 185.2Man-In-The-Middle Attacks PAGEREF _Toc514175773 h 195.3Fake Applications PAGEREF _Toc514175774 h 215.4Solutions for Fake Applications PAGEREF _Toc514175775 h 225.5Web Server Attacks PAGEREF _Toc514175776 h 235.5.1Cross-site Scripting (XSS) PAGEREF _Toc514175777 h 235.5.2Stealing cookies from the user’s device PAGEREF _Toc514175778 h 246ENTERPRISE NETWORK SECURITY PAGEREF _Toc514175779 h 266.1Benefits of Bring Your Own Device PAGEREF _Toc514175780 h 266.2Bring Your Own Device Security Threats PAGEREF _Toc514175781 h 276.3Security Countermeasures PAGEREF _Toc514175782 h 286.3.1Controlling Mobile Device Access PAGEREF _Toc514175783 h 286.3.2Operation and Maintenance PAGEREF _Toc514175784 h 297Social engineering PAGEREF _Toc514175785 h 307.1Social Engineering Techniques PAGEREF _Toc514175786 h 307.2Social Engineering Attacks PAGEREF _Toc514175787 h 317.3Avoiding Social Engineering Attacks PAGEREF _Toc514175788 h 328conclusion PAGEREF _Toc514175789 h 339discussion PAGEREF _Toc514175790 h 35References PAGEREF _Toc514175791 h 36introductionSmartphones and tablets are getting very popular, the operating systems for those devices are becoming more important. Android is such an operating system for a low powered device that runs on battery and is full of hardware such as cameras, Global Positioning System (GPS) receivers, Wi-Fi and 3G network connectivity, light and orientation sensors and a touch screens. (Farkade, Kaware 2015, cited 15.05.2018)
Unlike other operating systems, Android enables applications to create the use of their hardware features through abstraction and provides a specified environment for applications. Android has a marketplace where platforms, applications can be obtained. The development of Android takes place quickly, as new major release happens every few months.
However, this point to a situation where information about the platform becomes outdated very quickly and sources such as books and articles can hardly keep up with their updates. Sources that can keep up with the pace are the extensive SDK documentation and the source code as well as blogs. Meanwhile, security issues for Android device become imperative when users are still hanging on older versions of Android operating systems.
Security in today’s era is taking a huge impact on our mobile devices’ life. Most people are now switching from laptops, desktop computers to smartphones and tablets for communication, planning and organizing their everyday life including private and working environments. The Android operating system has become the largest and the most popular operating system for smartphones and tablets, due to that, threats have associated with its platforms such as malware or exploits.
According to Oren Koriat (2017, cited 26.01.2018), Check Point Mobile Research Team said, there has been a threat detected in about 36 Android devices belonging to a large telecommunication company and multinational technology. A malware was downloaded to the device as a result, not by the user’s own doing but this malware arrives at the user containing malware already pre-installed on the device. The research here will focus on vulnerabilities in Android device for users including how to secure and remotely wipe your personal and cooperate data when the device gets stolen or lost, how to detects spyware, techniques to use when browsing on an open Wi-Fi, and devices security protection strategies.
First, I would show to users the Android versions and which ones that are still receiving security patches from Google. The table in FIGURE 1: Showing the distribution and codenames of the history of Android versions developments and their security patches. Security patches such as, versions 1.5 Cupcake to version 5.0 – 5.1.1 Lollipop are not supporting anymore which means, no more security-relevant updates are provided. This is the reason why vulnerabilities on outdated versions of Android operating systems are contemporary.

left24892000
FIGURE SEQ Figure * ARABIC 1. Tables showing different versions of the Android operating system table. (Android version history 2018, cited 05.04.2018)
BackgroundA brief history of Android, Android is described as a mobile operating system which was initially developed by Android Inc. It was later sold to Google in 2005. Android is based on a creation on top of Linux Kernel 2.6., as well as other members of Open Handset Alliance (OHA), collaborated on Android development, design and distribution. Lately, Android Open Source Project (AOSP) is governing the Android maintenance and development cycle. (Android version history 2018, cited 05.02.2018.

Android provides library packages to support application development and compatibility to individual applications in the App Store. Each library supports a specific range of Android platform versions and features. These libraries also include a very large APIs compared to other libraries, some include support for application components, user interfaces feature, data handling, accessibility, network connectivity and programming utilities. Concerning Android, the focus has always been on optimising the infrastructure based on the limited resource available on mobile devices to complement the operating system environments. (Tutorials point 2018, cited 02.05.2018)
However, Android can be described as a complete solution stack which incorporating the operating system, middleware components, and applications. With Android, the modified Linux kernel 2.6 act as the Hardware Abstraction Layer. The Android operating system environments can be named as the following:
A system powered by a modified Linux kernel 2.6.

A runtime environment.

An application and user interface framework.

A Hardware reference design for mobile devices and
An open sources platform for mobile development. (EDUCBA 2016, cited 05.02.2018)
Android Platform architectureFIGURE 2. Illustrates the current layered Android Platform Architecture. The modified Linux kernel operating system contains the following: drivers, process manager, memory manager, network functionalities etc. The library layer is an interface built with Java API framework which is also built on top of the traditional Linux. Almost all the functionalities available in Android are provided through the code libraries. (Dominique . 2011, cited 15.02.2018)
-1333511493500
FIGURE SEQ Figure * ARABIC 2. Showing The entire Android platform architecture. (Android developer 2018, cited 03.05.2018)
System Application Layer is the first layer from the top in Android architecture. Applications such as camera, Google maps, browser, calendars, contacts and all native applications are the applications visible to the end-user with the help of application framework to operate. (Liang 2010, cited 05.02.2018)
Java API Framework contains needed classes and services written in Java language. Developers can reuse and extend the components already present in API building blocks to create an Android application. The layer includes several managers that enable the application to access data. Activity Manager manages the application lifecycle and enables proper management of all activities. All activities are controlled by activity manager. Resource manager provides an access to non-code resources such as graphics e.g. images etc. (Android developer 2018, cited 03.05.2018)
Notification manager enables all applications to display custom alerts in the status bar. Location manager alerts users when enters or leaving a specific geographical location. Package manager retrieves data about installed packages on the device. Window manager creates layouts and views. Telephony manager handles settings of network connection and information about services on the device. Android runtime helps to execute all Android applications. (Android developer 2018, cited 06.02.2018)
Native C/C++ Libraries, most core Android system components and services such as ART and HAL are built from native code that desires native libraries in C and C++. The Android platform provides Java framework APIs to display the functionality of these native libraries to applications. Example, OpenGL ES can be accessed through Android framework while Java OpenGL API adds support to 2D and 3D graphics manipulation in an application. Android NDK is useful if a developer requires C or C++ code in their application. (Android developer 2018, cited 03.05.2018)
ANdroid security challengesAndroid Platform SecuritySecuring Android platform depends on how secure the booting process is. The boot process of an Android device has approximately 5 step processes. The CPU comes first which start executing from the reset vector to that of the initial boot loader (IBL) code from the ROM. IBL then loads the bootloader from the boot into the RAM and then perform a signature check to ensure authenticates code is executed. The bootloader does two functions, loads the Linux kernel and perform the signature check. (Liang 2010, cited 05.02.2018)
Rooting has been enabling as a modification in the system partition. The modification requires rooting permission which is not available by default. Two ways to get root permission are 1) End-user boots a custom system that grants him a root shell. 2) End-user exploits the vulnerability to get into root permission at runtime. However, the kernel can easily contain malware without any permission and undetectable by any anti-virus software. (Liang 2010, cited 05.02.2018)
Android System Security
Android 3.0 Honeycomb was possible to encrypt data partition with SHA2 128-bit AES, it enables file system application private files that are owned by application’s distinct. Android 4.0 framework provides a keychain API in which a user can safely store data and sensitive information. The key store is saved at data/misc/key store and each key is stored in its own file system. This key is encrypted using 128- bit AES in CBC mode. Each key file contains info header, the initial vector used for the encryption. (Bernat 2011, cited 05.04.2018).

Android Application SecurityCreating a secure connection to the server, According to OWASP (Open Web Application Security Project) Mobile top 10 vulnerabilities 2014, insecure Transport Layer Protection (TLS) transmission is the third most common vulnerability in the mobile application. An attacker can exploit vulnerabilities to intercept confidential data while it is travelling across the network, which might expose user’s data and can lead to account compromise. For example, if an attacker gets intercepts an administrative account. SSL setup can also lead to phishing and Man-in-the-middle attacks. (Mobile top 10 2014 – M3, cited 02.04.2018).

TLS protocols and cyphers. There are several versions of SSL and TLS protocols but only two versions are secure, which are TLS 1.1 and TLS 1.2. The other versions have been bridge and have several vulnerabilities such as Poodle, Crime and Beast, are no longer safe to use. Insecure protocols can disable connection negotiations by creating a custom SSL socket factory class in the application. (Green 2017, cited 09.04.2018).

Unsecured or weak cyphers must be removed from the application to ensure the safety of encrypted data. In Android 5.0 there are some unsafe cyphers enabled by default, for instance, TLS_RSA_WITH_RC4_128_MD5, which uses outdated MD5 cryptography. (User Agent Capabilities: Android 5.0.0, N.d. cited 09.04.2018).

In most common key exchange mechanisms, RSA session keys are created from server’s private key. Should a server’s private key fall into the hands of an attacker, they could decrypt not only all future communication but also all encrypted data the attacker has gathered before obtaining the server’s private key. (Rustic 2013, cited 09.04.2018)
Instead of RSA-based key exchange, there is a Diffie-Hellman Key Exchange, which is slower and generates session keys in such a way that only the two parties involved in the communication can obtain them; even with the access to server’s private key. After the session is complete, and both parties destroy their session keys, the only way to decrypt the communication is to break the session keys themselves. This protocol feature is known as Forward Secrecy. (Rustic 2013, cited 09.04.2018)Breaking session keys are clearly much more difficult than obtaining the server’s private key. Now the attackers can no longer obtain just one key to decrypt communications but they should compromise the session keys belonging to every individual conversation. (Rustic 2013, cited 09.04.2018).

SSL supports forward secrecy using two algorithms, the Diffie-Hellman Key Exchange, from now on DHE, and the adapted version for use with Elliptic Curve cryptography, from now on ECDHE; however, there are two problems in using them. DHE is significantly slower than common RSA-based algorithms. ECDHE is slightly faster than DHE, yet still much slower than RSA. Also, both cypher types are quite new and the older Android versions will not support them. DHE is supported on Android 2.3 Gingerbread, API level 9+ and ECDHEs are supported on, Android 4.4.4 KitKat, API level 20+. (SSLSocket, N.d. cited 08.04.2018, Rustic, 2013 cited 09.04.2018)
Android security and threatsSecurity has been always a major concern for consumers, but also equally important for enterprise users as well. In too many cases, malicious attackers take control over a computer, stealing sensitive information or using it against millions across the world. On the Web, attackers take every opportunity to takedowns website or turn them into their own personal Trojan delivering known as Botnet. In recent years, some new threats have emerged and that has prompt few people to know enough about mobile security. From Android to iOS, operating system across the mobile market is being targeted by malicious attackers. (Titanadmin 2018, cited15.05.2018).

Most users of this systems are meanwhile doing small to safeguard their devices from threats. Nowadays, the trend to bring your own device (BYOD) is becoming the norm, our world of consumers and business security are starting to collide. Interestingly, over the last years, Android has become the main target for malicious attacker’s playground. However, many people who do not believe Android security is a major threat to them and society. (Titanadmin 2018, cited15.05.2018).

According to the Bell at Inquirer (Bell, 2013, cited 09.04.2018), most outdated Android devices are exposing to 400 million users to security threats. A figure released by Google’s Android Developer blog which showed that most Android smartphones and tablet owners are still using an older version of OS. The statistics also revealed that over 60 percent of the present Android user are still running what is considered an obsolescent version of the OS, that is, versions released prior to Android 5.0 Lollipop.

This implies that to keep up with the security patches up-to-date, users should consider possible options for obtaining new smart device every time. Because Google is unlikely to update security patches to an older version of Android OS. This data was collected from all Android devices that tried to accessed Google Play Store during a 14-day period this year January 2018, the data represented 0.2 percent of users are on Android 1.6 Donut, 2.4 percent on 2.1 Éclair, 9.0 percent on 2.2 Froyo, 47.6 percent on 2.3 Gingerbread and 1.5 percent on 3.x Honeycomb that no-longer get any security patches as shown in Figure 1 respectively. (Bell 2013, cited 09.04.2018).

User ConcernsVersions, there are different versions of the Android operating system, and since not all devices use the latest Android version. Android security patches are not updated automatically since not individual phone manufacturers have the responsibility to push out security updates. This indicates that if there is a threat that is exploitable in an early version, it can still exist for some users of that old version although it is fixed in a newer version. Device users should into account their Android operating system versions stay updated especially if there are any security exploits found. (Farmer 2011, cited 17.02.2018)
User as admin, users are in control of installing apps, grant app permissions, download data, and access unprotected networks – the user can reign free over their Android domain without restrictions. Google’s verification processes for applications entering their market have been shown to be woefully lacking over the past years, leading to several malware-infected apps and games being made legitimately available to users. (Farmer 2011, cited 17.02.2018)
Application permissions, in a pop-up form, Android user may see these notifications as a nuisance, meaning common permissions that can read, should be taken with precaution because it would include Read/Send SMS, Access Fine Location, Access IMEI, phone identity, Access camera etc. Such requests can be integral to functionality, also could equally be recording calls and transmitting sign-in credentials. However, users should take necessary precautions when accepting these permissions on their mobile devices. (Farmer 2011, cited 17.02.2018)
Malicious application injections, data process transfers between virtualised application environments are handled by a protocol of implicit and explicit intents. Transmission or interception of an intent by a malicious application can result in data being compromised as the target application will respond to the string, potentially resulting in data loss. (Farmer 2011, cited 17.02.2018).

Ultrasonic ad Beacons, it is believed that some smartphones popular manufacturers may be listening to a small too closely to user’s activities. A team from the German Technical University of Braunschweig believe to have found about 234 Android applications that contain codes known as SilverPush. These codes are written to listen to ultrasonic signs embedded in media or emitted by beacons. Although it primary intentions were to track users’ media consumption, shopping habits to help target advertising. However, with privacy in mind, it is an ineffective strategy to be listening to users. Every end-user of these smartphones and tablets would want to surf the internet in peace without any ultrasonic ad beacons tracking their locations or listening to them. (Goodin 2017, cited 19053365500Figure SEQ Figure * ARABIC 3. Showing how ultrasonic ad beacons listen to users, depriving users from privacy. (Goodin 2017, cited 15.02.2018)
0Figure SEQ Figure * ARABIC 3. Showing how ultrasonic ad beacons listen to users, depriving users from privacy. (Goodin 2017, cited 15.02.2018)
19059956800015.02.2018)FIGURE 3. Illustrate the different privacy threats introduced by ultrasonic side channels. (a)Ultrasonic beacons are embedded in TV audio to track the viewing habits of user; (b)ultrasonic beacons are used to track a user across multiple devices; (c)the user’s location is precisely tracked inside a store using ultrasonic signal; (d)visitors of website are de-anonymised through ultrasonic beacons sent by the website. (Arp, Quiring, Wressnegger, Rieck 2017, cited 15.02.2018)
This ultrasonic ad beacon codes could potentially be used to establish users’ identities across multiple devices, tracking locations and even de-anonymise services such as Bitcoin and Tor. Device tracking is a serious threat to the user’s privacy, as it enables spying on their habits and activities. (Arp, Quiring, Wressnegger, Rieck 2017, cited 15.02.2018)
A recent practice embeds ultrasonic beacons in audio and tracks them using the microphone of mobile devices. Ultrasonic ad beacons were spotted in various web media content and detect signals in 4 of 35 stores in two European cities that are used for location tracking. About 234 Android applications that are constantly listening with ultrasonic ad beacons in the background without the user’s knowledge. (Arp, Quiring, Wressnegger, Rieck 2017cited 15.02.2018)
A scary development by one company knowns as SilverPush. SilverPush is a software development company that develop an Android application, most of their apps are known to contain this Ultrasonic ad beacons. There are applications to detect ad beacons that available in the Google App store such as Addons Detector. Is a tool used in finding any push ads and other notifications in Android smart devices. This app tool identifies what advertising agencies apps are used and what tools they have integrated. (Goodin 2017, cited: 15.02.2018).

Rooting, rooting of Android device is equal to jail-breaking on iPhone, it opens out additional functionality and services to users. This process gives you access to gaining root of your device, it requires the device to switch from security – on to security -off. In addition, the root is a common exploit used by malicious applications to gain access to system-level of user’s Android device. DroidKungFu is a malware capable of rooting the vulnerable Android phones and may successfully evade the detection by utilising encryption and decryption to deliver a payload. It is also designed to forwards confidential details to a remote server. (Farmer 2011, cited 15.02.2018)
Privacy by default, HTC Android devices geo-tag photos and Tweets. This is the primary issues with Android as a consumer device functionality over security. Other applications claiming localised services could utilise GPS permissions for location tracking. (Farmer 2011, cited 15.02.2018)
Developer ConcernAndroid has security features built into its operating system that significantly reduce the frequency and impact of application security issues. The system is also designed in such a way that developers can build user’s applications with default system and file permissions so to avoid difficult decisions about security. (Android developer 2018, cited 16.02.2018)
Some common core security features that help the developer to build secure apps include:
The Android application sandbox, which isolates user’s app data and code execution from other applications.

An application framework with robust should be implemented for common security functionality such as cryptography, permissions, and secure interprocess communication such as TCP (Transmission Control Protocol) which enable different processes to communicate with SSL encryption.
An encrypted file system that can be enabled to protect user’s data in case of lost or device is stolen. (Android developer 2018, cited 16.02.2018)
The most common security issue to be a concern is an application on Android is whether that data you save on the device is accessible to other applications. The fundamental ways to save data on a device is, using internal storage by default or using files that you create on internal storage that is accessible only to the user’s app. (Android developer 2018, cited 17.02.2018)
real-world attacksA technique that an attacker uses to gain access to user’s Android device or any other computing device or network is to inject a malicious code or set up a honeypot. A honeypot is a mechanism or a simple webpage set to detect, deflect, or in some ways counteract attempts to unauthorised use of user’s credentials. This section details some real vulnerabilities that have been found in Android OS and dangerous it could be when connecting to a free Wi-Fi.
Wi-FiWi-Fi weak encryption or no encryption, usually applications fail to implement encryption, and when used across a weak Wi-Fi network can run the risk of data being intercepted by a malicious attacker to plot attacks on a wireless connection. Wi-Fi is one entry-point hacker use to get into networks without setting foot inside user’s building because wireless is much more open to eavesdropper than a wired network. (Foley 2018 cited 15.05.2018)
Who does not appreciate free things? Especially when a user can take advantages of free Wi-Fi to download games or applications over 50 megabytes for free. Free public Wi-Fi in many ways, is a blessing, as it provides a fast internet connection for devices and prompt user for updates notifications. But these free and unsecured connections could prove disastrous to users’ personal information. It’s just as easy for a hacker or attacker to connect to the same network as a user, once you both are on the same network, they can easily see and steal almost all the information broadcasting on that network.
There are three main problems with unencrypted public Wi-Fi hotspots. First, the packets of data that goes from the end user’s device to the router are public and open for anyone to read. It sounds scary and it is, but thankfully to tech such as SSL/TLS, it is inadequate as it was a few years ago. ( Karan 2013, cited 15.05.2018)
Secondly, attackers can quickly create fake rogue WI-FI access point router/ hotspot, in a coffee shop, shopping mall, library etc. just to steal your information. Have you ever said to yourself “Oh great! The coffee shop now has free WI-FI for its customers they did not last week, they must have upgraded.” Did the coffee shop upgrade? Or is it some hacker who just happen to set up a honeypot to catch you unawares? (Sims 2016, cited 06.03.2018).

Thirdly, public WI-FI access-point can be manipulated to launch man-in-the-middle (MitM) attacks where someone alters key parts of the network traffic or redirects your traffic to the wrong destination. You might think you are connecting to Facebook.com but you are connecting to the attacker’s fake server designed just to capture your username and password. (Sims 2016, cited 06.03.2018)
Man-In-The-Middle AttacksRedirecting user’s information and capturing unencrypted packets out of the WI-FI environments is not the only way that public WI-FI can be dangerous. Whenever you connect to an open WI-FI router you are explicitly trusting the provider of that WI-FI connection. Most of the time that trust is well placed, am pretty sure the people running the coffee shop are not trying to steal customers personal data. However, the pace at which we connect to open WI-FI routers means that attackers can easily set up a rogue access-point to lure users into their traps. (Sims 2016, cited 06.03.2018)
When a rogue access-point has been established then all the data flowing through that access-point can be manipulated. The best form of manipulation is to redirect traffic to another website which is a clone of another website. The only aim of the website is to capture personal data same as the technique used in phishing email attacks. (Nagpal 2012, cited 15.05.2018)
The scary part is that attackers do not always need to set up a fake access-point to manipulate user’s traffic. Every Ethernet and Wi-Fi network interface has a unique address known as MAC address (Media Access Control). Basically, it helps the packets physically arrive at the right destination. However, devices including routers, discover MAC addresses of other devices using ARP (Address Resolution Protocol). Android devices send out a request asking which device on the network uses a certain IP address. The owner replies with its MAC address so that the packets can be physically routed to it. (Sims 2016, cited 06.03.2018)
19053921760FIGURE SEQ Figure * ARABIC 4. Illustrates the ARP system manager and arpspoof manual page screenshotted from Kali Linux. (Sims 2016, cited 06.03.2018)
0FIGURE SEQ Figure * ARABIC 4. Illustrates the ARP system manager and arpspoof manual page screenshotted from Kali Linux. (Sims 2016, cited 06.03.2018)
1905835660019050FIGURE SEQ Figure * ARABIC 4. Illustrates the ARP system manager and arpspoof manual page screenshotted from Kali Linux. Below explains more further about ARP tool. The idea behind this figure is to show to user how easy it is to get spoof by anyone with the right device. The system Manager’s Manual is there as a guide
0FIGURE SEQ Figure * ARABIC 4. Illustrates the ARP system manager and arpspoof manual page screenshotted from Kali Linux. Below explains more further about ARP tool. The idea behind this figure is to show to user how easy it is to get spoof by anyone with the right device. The system Manager’s Manual is there as a guide

The problem with ARP is that it can be spoofed. That means, Android device will ask for a certain address, for instance, the address of the Wi-Fi router, and another device will reply with a fake address. In Wi-Fi environments if the signal from the fake device is stronger than the signal from the actual Wi-Fi network the user device will connect, as a result, user’s device will be deceived and can be spoofed. (Sims 2016, cited 06.03.2018)
Once the spoofing has been enabled, the client device will send all the data to the fake router instead of the real one and the fake router can manipulate the traffic however it sees fit. In most cases, the packets will be captured and then forward on to the real router, but with the return address of the fake access-point so that it can catch the replies as well. ( Karan 2013, cited 15.05.2018)
In recent years, HTTPS and secure connection using TLS are growing fast and the rate at which data is being stolen has lessened, however with a laptop, a free Linux distribution and an inexpensive Wi-Fi adapter a hacker would be amazed at what they can achieve. (Sims 2016, cited 07.03.2018)
Fake Applicationsin 2017 one million Android users downloaded a fake version of the WhatsApp messaging App. It was supposedly an official update. It even included the well-known logo from the Play Store. The intention of the app, however, was to entice users to select advertisements that would download and activate malware. It is embarrassing that company as large and sophisticated as Google cannot keep fake applications out of their app stores. (Promons’ Security Team 2016, cited 07.03.2018)
Attackers are becoming more successful at smuggling their malicious fake applications into the app platform as regular versions of popular apps. End-users are finding it difficult to distinguish between genuine and fake applications. Malware that customises as legitimate software is hardly recognizable at first glance. These customise programs not only carry the same name as the originals but are often also spot the same logos as namesakes. Android application users must be wary of counterfeit versions of software in the coming year as it is predicted that, this year 2018 there will be more and faker apps in the Play Store. (Promons’ Security Team 2016, cited 07.03.2018)
To deceive Android users, those behind the fake app differentiated its develop ID from WhatsApp’s ID by adding Unicode encoding at the end of the name. The real WhatsApp’s developer ID URL looks this way: https://play.google.com/store/apps/developer?id=WhatsApp+IncWhereas the fake WhatsApp developer ID URL look this way:https://play.google.com/store/apps/developer?id=WhatsApp+Inc.%C2%A0 (Tung 2017, cited 26.02.2018).

1426845290830Real WhatsApp
00Real WhatsApp
FIGURE SEQ Figure * ARABIC 5. Showing a list of WhatsApp application in the AppStore including the Fake once (Tung 2017, cited 26.02.2018).

Solutions for Fake Applications
Unsolicited emails, text messages, or notification that sudden appear to be from the bank, retailer, telecom operators or other known institution may always not be what they seem. Use caution with any link delivered to you and always read these messages carefully first. Instead of clicking the link supplied in the message, go directly to the websites in question. Consider VPN is installed on your smart device before connecting to free Wi-Fi. Sandbox is also very essential to use when browsing the internet. A sandbox is a software for separating running programs, usually to mitigate system failures or vulnerability software from spreading malware into user’s devices. If the message needs attending, call the company directly to verify the information before acting online. (Tung 2017, cited 26.02.2018).

Secondly, download Android apps from official sources, such as the Google Play Store. Before downloading any applications, do some reading. How many times has the app been downloaded? A wildly popular app is a telltale sign of a high-quality app. Remember to read app reviews, look at the developer and research online more information. Other users may have written reviews or more information about their previous experience with the app. Attackers may try to dupe you with fake reviews that are often short and generic, so be sure to check out any other apps made by the developer. The more apps created by the developer, the greater chance that the developer is for real. (Tung 2017, cited 26.02.2018).

Some security or software update notifications can be trickier to decipher. Very often users receive a prompt to install an urgent security update. The best action to take as an end-user is to search online to find out information about that update. If there are multiple discussions online about that specific software update, then you can confirm it is genuine (Symantec 2018, cited 27.02.2018).

There are also some few clear signs that stick out if you want to identify fake Android apps. Spelling errors, Shoddy logos, and poorly formatted interfaces are clues the app may be fake. An easy approach step to protect yourself is by visiting Android settings and tick does not allow third-party app and do not allow USB debugging mode. An advice to all young sagacious minds who want to operate in Android developer mode option. (Symantec 2018, cited 27.02.2018).

Web Server AttacksIf web servers are vulnerable, then so are the websites they host and likewise the people who visit them. Attackers are exploiting any vulnerability they can to compromise websites and commandeer their host servers. The ease to use and wide availability of web attack toolkits is feeding the number of web attacks, which doubled in 2015. (Symantec 2016, cited 08.03.2018)
Web Servers store the web pages and provide them to the end-user on request processed via HTTP which is a protocol to give out information on the world wide web. The role of the web server depends on the way they are implemented. It stores HTML or server-side scripting files such as PHP, ASP, JavaScript, HTML5, etc. Web servers may also interact with databases in case they are implemented in a way to collect information from databases and provide them in a specific format. For Android devices to interact with web servers, they need to implement UIWebView. (Symantec 2016, cited 08.03.2018)
WebView is a system component that enables Android apps to display content from the web directly inside an application, creating the concept of hybrid applications. An application can be Native or Web. A Native app should be installed on the device, as the Web app runs on the browser with no need for installation. The Native approach will use the operating system’s supported language, which is Android in Java and Web approach will use HTML5, JavaScript and CSS. (Yalon 2018, cited 09.03.2018)
Cross-site Scripting (XSS)Developers implemented a sandbox mechanism that limits a script to access only resources associated with its origin site. Unfortunately, these security mechanisms fail if an end-user unknowingly executes a malicious script from an intermediate, trusted site. In this case, the malicious script is granted a full access to all resources (e.g. Authentication tokens and cookies) that belong to the trusted site. Furthermore, this attack can be modelled by executing the script residing at the server and sending the malicious content to the server through hijacking and impersonating a user using stolen cookies. (Bhavani 2013, cited 04.03.2018)
Stealing cookies from the user’s deviceThe most common behaviour of XSS attacks is to gather cookies. Cookies are small text files that reside on a user’s device and store name-value along with some metadata. Cookies are commonly used to store information intended to be persistent during a browser session or from session to sessions, such as session IDs, user preference, or logins and passwords information. The cookies specifications assume that only the domain that set the cookies are can access it. (Bhavani 2013, cited 04.03.2018)
552451343025CookieManager cookieManager = CookiesManager.getInstance();
final String cookies = cookiesManager.getCookie(url);
00CookieManager cookieManager = CookiesManager.getInstance();
final String cookies = cookiesManager.getCookie(url);
Attack Method; When a user runs the application through the WebView, Android applications can monitor the event occurred within WebView. Attacker overrides the shouldOverrideUrlLoading hook, which is triggered by the navigation event, when a user tries to navigate to another URL. Cookies can be gathered at every page the user navigated to using the method getCookies() from Cookies Manager class as shown below:
552451428750HttpClient httpClient = new DefaultHttpClient ();
HttpPosthttpPost= new HttpPost(“http://hackerScript/androidCookies.php”);
00HttpClient httpClient = new DefaultHttpClient ();
HttpPosthttpPost= new HttpPost(“http://hackerScript/androidCookies.php”);
Through HTTP Post, the malicious script can be run on the user’s Android device, cookies and URL can be sent to any third (i.e. the attacker’s server), hence avoiding the same-origin policy or cookies protection mechanism.

With the code above, the attacker is now able to get cookies and able to launch several attacks on the user Android device, such as, a Session Hijacking and impersonating a user using stolen cookies. The attacks described above are quite dangerous as the user sees only the trusted content. (Bhavani 2013, cited 04.03.2018)
1695455080FIGURE SEQ Figure * ARABIC 6. Showing an attack using HTTP Client APIs to do Cross-site Scripting XSS on a victim’s Android device.

00FIGURE SEQ Figure * ARABIC 6. Showing an attack using HTTP Client APIs to do Cross-site Scripting XSS on a victim’s Android device.

78105118745451485193675Malicious Android
Application
00Malicious Android
Application

370522562230Trusted Site
00Trusted Site

2303145127635Username
and
Password
00Username
and
Password
382905120015
74104584455 WebView
00 WebView

188404526606500-912495266065User
00User
54292526416000
2257425109855Set Cookies as Headers and send malicious HTTP request with user’s credentials
00Set Cookies as Headers and send malicious HTTP request with user’s credentials
-22669522415500847725131445Cookies
00Cookies

106870524257000
15430517145CookieManager.

getCookies
00CookieManager.

getCookies

1884045246380003829051841500702945153670HttpClient
00HttpClient

230314521590Victim’s Stolen cookies
00Victim’s Stolen cookies

FIGURE SEQ Figure * ARABIC 6. A diagram explaining Cross-site scripting using http client APIs in attack on Android Webview (Bhavani 2013, cited 04.03.2018)
This diagram showing a user interface component that displays web pages, it can either display from a remote webpage or load static HTML data. Cross-site request forgery or XSRF attack the trusts of a web application in its authenticated user is exploited by letting the attacker make arbitrary HTTP requests on behalf of a victim user. When the user logged into the trusted site through the WebView the site authenticates the WebView and not an application. The application then launches attacks on behalf of the user with WebView APIs, exploiting user credentials resulting in Cross-site request forgery. Attacks can also be launched by setting cookies as HTTP headers and making malicious HTTP request on the victim behalf. (Bhavani 2013, cited 07.05.2018)
ENTERPRISE NETWORK SECURITY
Bring your own device (BYOD) is taking the corporate world by surprise, spurred on by the users that want to be able to use the technology they are most comfortable with and frequently perceive as being better than that provided by their employer. Organisations seeing the cost and productivity benefits also decide to take advantage of BYOD, but here lies the issue. Until now, many businesses have only made a passing glance at securing mobile phones. Smartphones and tablets have changed the threats landscape, yet few businesses have their policies; or their security. (Kerner 2017, cited 23.03.2018).

BYOD complexes the issues even further by moving away from the IT department’s normal stance to standardise. For organisations to implement BYOD securely requires a different mindset and a device agnostic approach. (Kerner 2017, cited 23.03.2018).

Benefits of Bring Your Own DeviceAssuredly one of the largest benefits of BYOD is an increase in productivity. No longer constrained as to when and where they can carry both work and personal activities, employees can better organise their time. (Kerner 2017, cited 23.03.2018).

It also helps to collaborate with colleagues on enterprise communication platforms or to reach out to prospects and customers on public social media sites. (Hassell 2012, cited 15.05.2018)
Shared ownership of smart devices does not just help an organization’s hardware costs but also helps to lower training and maintenance costs. (Mansfield-Devine 2012, cited 24.03.2018).

BYOD also assist in helping to get over employee’s fear of new technology that is frequently a hindrance for organisations when rolling out new equipment. (ESET 2014, cited 24.03.2018)
Too often when a new device or application designed to make user’s life easier is rolled out within an organisation there is an uphill battle to persuade the employee to use it. With BYOD the user knows and understands the device already and is far more likely to use it to its fullest extent. (ESET (2014), cited 24.03.2018)
For the employee, BYOD delivers greater freedom in choosing the device they believe help them do their job to the best of their ability. It often creates a better work or life balance, and generally improves employee satisfaction, helping to retain staff and attract new talent. Most of BYOD enables greater mobility – faster, lower costs and increase productivity helping an organisation becomes agiler. (ESET 2014, cited 24.03.2018)
Bring Your Own Device Security ThreatsIn the past, standardisation of IT equipment has made it easier for organisations to maintain a secure infrastructure. However, with the advent of smartphones and now BYOD a new series of issues challenges traditional viewpoints to secure mobile devices. The first step is the understands the threats and where they come from. (ESET 2014, cited 24.03.2018)
Malware; there is very small that the average smartphone is not capable of doing when compared to a desktop computer. SMS, email, social networks, chat functionality, internet access, banking applications etc. This creates the smartphones and tablets attention to criminals. The combination with high-speed access whether from 3G or Wi-Fi that enables users to constantly online offer many ways for malware to gain a foothold. (ESET 2014, cited 24.03.2018)
In a recent survey carried out by ESET of the 55% of businesses that had experienced threat over social media, 44% had experienced problems with malware. Whether it’s clicking on a phishing link on a social networking site or downloading supposedly legitimate applications that have malware embedded in the path leads to allowing executable to run on a mobile device. It’s certain to have exploited already by criminals. (ESET 2014, cited 24.03.2018)
Data Leakage; smartphone does not just provide a variety of ways to let malware in, it also creates easy access to data to leak. For example, with gigabytes of memory available on these smart devices, an easy access to applications such as Dropbox which is part of enterprise’s cloud storage can transfer the latest copy of the sales forecast or customer database and take it out of the organisation is an easy task for the unscrupulous employee. The ease of using social media using a smartphone or tablet has led to an increase in data leakage. A typical example is an ongoing investigation into Facebook data leaks scandal. (Claburn 2015 cited 23.03.2018).
Public Wi-Fi; Users desire for data-hungry computing means that Wi-Fi hotspot now appears almost everywhere – ensuring connection to a trusted provider is not always easy since many criminals can set up a rogue access network to appear as trusted. In addition, user unaware of the dangers or just desperate for Wi-Fi access can use any open connection, particularly if this is how they used to connect with their personal smart devices before use. However, tethering a smartphone to a laptop to use the cellular data-package is likely to be more secure than connecting to a Wi-Fi hotspot. Users should be aware that the data being transferred from the laptop to the phone is still likely to be Wi-Fi and therefore can be easily intercepted. (ESET 2014, cited 24.03.2018)
Spam; spamming is not just annoying but it can lead to the user accidentally infecting their mobile device, running remote access Trojans and even end up dialling premium rate numbers. The success of social media has meant that spammers have switch tact and following their audience. For instance, during an internship at Ficonic Solutions, I experience numerous spam emails. Some of these spam messages are from the social media, others from anonymous website posing to be legitimate organisations invitations employees to conference meetings etc, most often these emails have website links provided which might contain malware or Trojan. (ESET 2014, cited 24.03.2018)
Security CountermeasuresFor safety reasons, multiple approach methods are needed to be done for users connecting to enterprise network with their smart devices. Organisations should set up a secured policy for all mobile device users to prevent risking data bridge.

6.3.1Controlling Mobile Device AccessTo secure mobile devices and enable BYOD organisations first to need to conduct a full risk assessment and develop new mobile computing policies. The best practice will be to implement anti-malware software on each device, either employee’s own device or a device provided by the organisation, to minimise the risk from infection or social engineering techniques such as phishing. The customisable firewall should be implemented by blocking all unknown IP sources, block IP flooding and raised the network ports to the highest level. Any device detected from the network with no recognised name or IP address should be blocked from accessing the network or internet access. This practice will help protect against breaches and anti-spam software. (Zahadat, Blessner, Blackburn, Olson. 2015, cited 23.03.2018)
Data from the organisation should always be encrypted in case a device is stolen or lost can be wiped remotely clean from data leaks even if the perpetrator has already replaced the sim. A device-agnostic will require different security software depending on the device operating system. However, it is equally important that management of the security does not become an onerous task for the IT department, therefore, it is essential that the central management console is able to operate across the platform. In this case, the network administrator will be able to ensure all devices are complying with organisation policy. (Zahadat, Blessner, Blackburn, Olson. 2015, cited 23.03.2018)
6.3.2Operation and MaintenancePeriodic maintenance is needed to be done by the administrator, including all updates to enable control of other aspects such as data roaming settings. Reviewing logs performance vulnerability scan, penetration testing etc. (ESET 2014, cited 13.04.2018).

Social engineeringTechnology is just part of the picture when it comes to cyber-security. Most of the breaches involve some form of social engineering, in other words manipulating user’s or employee’s trust to gain access to their systems.

Social engineering is almost a necessary tool for any attacker, the writer’s opinion. One would be surprised what valuable information people will give away to a stranger with the attacker using the proper approach. Social engineering is the art of manipulating a person into revealing sensitive information. Social engineering is using a computer code to create another system to spew out valuable information about the machine. (Lord 2015, cited 16.04.2018).

Social Engineering TechniquesUsually, social engineering portrait a legitimate designed method to trick users or employees into decreasing their defences. For example, either through emails, social media, phone calls, text messages and physical hardware access. While most users might think they are too smart to fall for this technique, it is rather surprising, how convincing and successful they can be. (Vasu 2011, cited 16.04.2018)
Social engineers usually ask information that seems innocuous on its own, such information can be used to devastating effect when link with additional details gathered from somewhere. For example, they might ask whether your software is up to date, or the name of IT Admin manager; information that seems perfectly innocent. They can also prey on the instinct of some employees to be friendly or pretend to render services especially those that are in sales or customer services roles. (Vasu 2011, cited 16.04.2018)
A statistic shows that enough businesses fall for it, with a recent report finding that 60% of enterprises were victims of social engineering attacks in 2016 and nearly a fifth of that 17 % having their company financial accounts accessed as a result. Meantime, the Federation of Small Business estimates that these attacks cost small business over £5bn each year. So, it pays to be careful and uses common sense. (Smith 2016, cited 16.04.2018)
Social Engineering AttacksHere are some common social engineering attacks to beware of, they are Phishing, Spear-phishing, Pretexting and Baiting.
Phishing, according to the Federation of Small Business, approximately half 49% of a small business strike by cyber-attack in the last two years were victims of phishing. Social engineering involves a hacker contacting an individual or organisation, posing as a trusted source, being their bank or mobile phone service provider, and tricking them into sharing certain sensitive personal, financial or business details. It possible to happen over email, nevertheless, social engineers can also use social media, phone, or text message approach to get what they need. (Smith 2016, cited 16.04.2018).

Spear-phishing, similar to phishing, but this time it’s personal, with attackers targeting a specific individual, using details they have gathered from other sources, such as social media, dating sites etc. By including this personal detail, the communication seems more legitimate and convincing. Nine out of ten users fall for this attack. (Smith 2016, cited16.04.2018).

Pretexting, is where an attacker made up a scenario to persuade a user or a help desk in an enterprise to divulge sensitive information. An attacker can pose as Internet service provider, asking for users’ log-in details or pretend to be from user’s bank. In few cases, the social engineer will introduce some form of urgency to the situation, for example, calling to a help desk to extract information, with some distraction techniques to show how hurry they are. To create the under pressure felling so the victim cannot have time to think clearly about the legitimacy of the request. (Smith 2016, cited16.04.2018)
Baiting, it is possible to watch out for attacks where attackers use physical hardware, such as USB stick or external hard drive, which attackers might leave in the office of the victim or somewhere near to find. Once you inadvertently install the hardware, the system is introduced to malware and can be given an access to a sensitive or confidential data. A typical example is an attack on Ukraine power grid in December 2015. (Smith 2016 cited16.04.2018).

Avoiding Social Engineering AttacksThe best practice to avoid falling to attack is to educate all employees of what to look out for, how to respond should in case they are targeted. According to security through Education Blog (2018, cited 18.04.2018), this includes:
Always verify a caller, should anyone call up out of the blue requesting information, be sure to verify their identity by asking for details they should know.
Call back, if a user is unsure of the legitimacy of a call, give the company a call back on a number that you know is authentic.
Beware of suspicious links and attachments, is necessary to check where an email has come from before downloading the attachments or clicking on links. If a user is uncertain, then do not open it. Instead, delete it or report a spam.
Avoiding physical attacks, it is very important to check the identity of a visitor before letting them into your building. Also, do not leave confidential information lying around, ensure to lock computer screen when not at the desk.
Social media awareness, employees should understand the dangers of oversharing on social media and have the necessary privacy controls in place
It only takes one click on a link and all your hard work and investment in security is wasted. Hackers know that it is much easier to hack a human than machine.

conclusion
Based on what we’re seeing in this bachelor’s thesis, we now know the potential risks existing in our Android smart devices, we also know that a malicious application cannot require any special permits. We know that Android Operating system is far vulnerable to malware threats than we thought. It is up to users to take cautions on how to surf the internet.

Stay up to Date
It is not fair for we Android users to constantly detaching our smart device because they have the older versions of Android OS, but if we want to get help for security patches, then we must. Updating security software is not enough to get enhanced features and better processing speeds, as Google and other device manufacturer pack many back-end fixes into these updates. Android devices using latest operating system version are protected by more than three-fourths of the malware out there, therefore be sure to check for updates frequently and download them when available.
Avoid Third-Party Download Sites
Due to the availability of Android apps is one reason end-users are drawn to its platform. It is easy to install the application from other sources apart from the Google app store. While there are few interesting applications out there that cannot be downloaded from Google, and that is the easy way to get malware onto your device. Google is going a great deal to scan all apps in its official store for the traces of malware, and manages to stop a great deal of them from affecting the user. The third-party app does not necessarily have these protections, an attacker is aware of this.
Pay Attention to Permissions
Most end-users blindly just click through the permissions section when installing a new application, and this is one-way to come across potential threats. The new extra feature camera app you downloaded to kill some time will need an access to your file and gallery system to work properly, which certainly doesn’t need access to your text message or contact list. It is important to read through permission section before agreeing to the terms when installing any application. It any request permission seems odd, then do not.
Avoid Free Open Wi-Fi
Public Wi-Fi reduces the cost of our internet bills, but we now know these unsecured connections could prove disastrous for your sensitive information. We also know to use VPN or Sandbox when browsing in public open Wi-Fi or best option is to focus on our mobile data. The world of Android device threats may be initiated such as our personal computer, being smart about using a mobile device is the best step in protecting yourself. There are a few free antiviruses out there for end-users to use.

Bring Your Own Device
Enterprises should not encourage such practice in their working environments. Organisations should take countermeasures by given protected devices to employees. These devices can be monitored and restricted from all social media websites. HTTPS protocols can be installed on these devices since it belongs to the organisation. If any employee’s contract in terminated or quit his employment, this device should be wiped clean by formatting the hard drive and making a fresh installation to prevent any username, password, or any malicious code that might be hiding in the device. We also learnt about the benefit of BYOD, how it affects employee’s overall productivity, reduce the fear of having to adopt new technology provided by the organisation.
Although organisations are operating to make a profit, they are preparing to take any opportunity that can benefit them reduce cost rather gaining. E.g. it favours them if employees bring their own device to use at work, as a result, they do not have to purchase expensive equipment for work.

Social Engineering
These threats have no cure, it is based on human error. It’s also the leading cyber threats in the world of today. It is fair to say that anyone who has an email address is exposed to phishing threats and more and more users are falling victims of these attacks. Social engineering however can be a real challenge and can be much more effective than we think. The only way to fight it is to actively engage employees, users in spotting such attacks and calling them out. It should be done right, employees might enjoy the process by getting a reward for finding one and reporting. Organisations might benefit from that strategy if implemented.

discussionAuthentication, data privacy, a vulnerability which cause the attacks and attacks are a major open issue of security. Lack of protection is a major problem of a security breach. An appropriate solution to protecting problem can overcome many security threats and save Android smart device from a security breach. All users want to protect their data; therefore, data privacy is one of the biggest concerns to the smartphone users. This data privacy issues can mostly be dealt with by using trusted sites and applications. Usually, most of the attack occurred due to vulnerabilities. If vulnerabilities are minimised, it can save smartphones from most attacks. Today’s era of technology is rapidly growing at a fast pace which makes it difficult to keep track on 100% security, but with careful design and development processes, it can lead to more secure devices. Via the Internet of Things (IoT), which includes an electronic device, machines, vehicles, security-based entrance, etc. Moreover, this will cause a lot of issues regarding smartphone such as performance and security issues. As we know, we do not have a mechanism for complete security regarding Android smartphone, we cannot say our data privacy is completely safe and sound. However, manufacturers as well as developers require building and presenting a mechanism that provides maximum security. Users are to consider logging into a trusted site and connecting to a secure Wi-Fi hotspot.
The purpose of writing this review is to provide a holistic account of smartphone vulnerabilities and data protections especially in Android device since it is dominating the market with its product. To also look at the various possible solutions suggested in the literature. These solutions and problems have been collected from reviews of previous researchers.

ReferencesAndroid Version History 2018. Wikipedia. Cited 05.04.2018.

https://en.wikipedia.org/wiki/Android_version_historyAndroid developer 2018a Guides: Security tips. (Cited 16.02.2018).

https://developer.android.com/training/articles/security-tipsAndroid Developer 2018b Platform Architecture, Cited 03.05.2018.

https://developer.android.com/guide/platform/?nav=trueArp D., Quiring E., Wressnegger C., Rieck K. 2017. Privacy Threats through Ultrasonic Side Channels on Mobile Devices. Cited 15.02.2018. http://christian.wressnegger.info/content/projects/sidechannels/2017-eurosp.pdfBhavani A. B. 2013. Cross-site Scripting Attacks on Android WebView. IJCSN Internation Journal of Computer Science and Network, Vol 2, April 2013, ISSN:2277-5420. Cited 04.03.2018.

https://www.researchgate.net/publication/236455748_Crosssite_Scripting_Attacks_on_Android_WebViewBernat, V. 2011 SSL/TLS ; Perfect Forward Secrecy. Vincent Bernat’s blog. Cited 05.04.2018
http://vincent.bernat.im/en/blog/2011-ssl-perfect-forward-secrecy.htmlBell Lee 2013 The Inquirer: Developer – Outdated Android devices are exposing 400 million users to security threats. (Cited 09.04.2018).  
https://www.theinquirer.net/inquirer/feature/2235734/outdated-android-devices-are-exposing-400-million-users-to-security-threatsClaburn Thomas. 2015. Information Week: Dropbox Enterprise Targets Large Businesses.

Cited 23.03.2018.

https://www.informationweek.com/cloud/cloud-storage/dropbox-enterprise-targets-large-businesses/d/d-id/1323023Corporation Symantec. 2018. Norton: How to Spot a Fake Android App. Cited 27.02.2018.

https://us.norton.com/internetsecurity-how-to-how-to-spot-a-fake-android-app.htmlBezroukov Nikolai 1996 – 2016 Android (in)security. Cited 03.05.2018.

http://www.softpanorama.org/Commercial_linuxes/Android/android_insecurity.shtmlESET (2014) BOYD- Empowering Users, Not Weakening Security. Cited 24.03.2018
http://www.tidytechsolutions.co.uk/wp-content/uploads/2014/11/BYOD-Empowering-Users.pdfEDUCBA, 2016. Structure of an Android Operating System, Cited: 05.02.2018.

https://www.educba.com/structure-of-an-android-operating-system/ 
Farkade Amit M., Miss. Kaware Sneha R. (2015) The Android – A Widely Growing Mobile Operating System With its Mobile based Applications. Cited 15.05.2018 http://ijcsma.com/publications/january2015/V3I109.pdfFarmer Ryan. 2011. A Brief Guide to Android Security. Cited 17.02.2018
https://www.slideshare.net/ryanfarmer/white-paper-android-securityFoley Sean (2018) Hacking wireless networks for dummies. Cited 15.05.2018
https://issuu.com/seanfoley0/docs/hacking_wireless_networks_for_dummi_fac7425a5341e1Goodin D. 2017. Your Android phone may be listening to ultrasonic ad beacons without your knowledge. Ars Technica. Cited 15.02.2018.
https://arstechnica.com/information-technology/2017/05/theres-a-spike-in-android-apps-that-covertly-listen-for-inaudible-sounds-in-ads/https://arstechnica.com/information-technology/2017/05/theres-a-spike-in-android-apps-that-covertly-listen-for-inaudible-sounds-in-ads/Green, A. 2017. SSL and TLS 1.0 No Longer Acceptable for PCI Compliance. Varonis Security Suite blog. Cited 09.04.2018
https://blog.varonis.com/ssl-and-tls-1-0-no-longer-acceptable-for-pci-compliance/Hassell Jonathan 2012, 5 Keys to Enterprise Social Networking Success. Cited 15.05.2018.

https://www.cio.com/article/2390121/collaboration/5-keys-to-enterprise-social-networking-success.htmlKaran Tanmay 2013, Wi-Fi-Hacking. Cited 15.05.2018 https://www.scribd.com/document/373134139/283119185-01-2013-Wifi-Hacking-pdfKerner Sean Michael. 2017. eSecurity Planet: BOYD Security: Understanding Bring Your Own Device Security Risks. Cited 23.03.2018
https://www.esecurityplanet.com/mobile-security/byod-bring-your-own-device.htmlKoriat Oren. 2017. Check Point: Preinstalled Malware Targeting Mobile Users. Cited 26.01.2018 https://blog.checkpoint.com/2017/03/10/preinstalled-malware-targeting-mobile-users/Linux-NTFS. 2010 ZDNet: Linux NTFS File System Support. Cited 08.02.2018 http://downloads.zdnet.com/product/2248-75220269/Liang Y. William W. 2010. Engineering: System Integration for the Android Operating System. National Taipei University. Cited 05.02.2018.

https://www.scribd.com/presentation/233608545/Android-System-Integration-SJU-2010-04Lord Nate. 2015. Social Engineering Attacks: Common Techniques & How to Prevent an Attack.

Cited 16.04.2018
https://digitalguardian.com/blog/social-engineering-attacks-common-techniques-how-prevent-attackMansfield-Devine, Steve. 2012. Science Direct: Interview: BOYD and the enterprise network.

Cited 24.03.2018.

https://www.sciencedirect.com/science/article/pii/S1361372312700313Mobile Top 10 2014-M3, 2015. Insufficient Transport Layer Protection. Cited 02.04.2018
https://www.owasp.org/index.php/Mobile_Top_10_2014-M3Nagpal Rohas 2012, a2z of cyber crime, Cited 15.05.2018.

https://www.scribd.com/document/105994475/a2z-of-cyber-crimePetrung Ponglang. 2017. Android Libraries: A Medium Corporation. Cited 06.02.2018
https://medium.com/@PongPloyAppDev/top-android-libraries-may-september-2017-for-android-developer-library-github-280859685963Promons’ Security Team. 2016. Application Security. Cited 07.03.2018
https://promon.co/security-news/10-application-security-threats/Rustic, I. 2013. SSL Labs: Deploying Forward Secrecy. Security professional community.

Cited 09.04.2018
https://blog.qualys.com/ssllabs/2013/06/25/ssl-labs-deploying-forward-secrecySymantec. 2016. Symantec Report: Internet Security Threat Report. Cited 27.02.2018
https://www.symantec.com/content/dam/symantec/docs/reports/istr-21-2016-en.pdfSims Gary. 2016. Public Free Wi-fi: Android Authority. Cited 06.03.2018.

https://www.androidauthority.com/capture-data-open-wi-fi-726356/SSLSocket. N.d. Official Android developer site. Cited 08.04.2018
https://developer.android.com/intl/zh-cn/reference/javax/net/ssl/SSLSocket.htmlSmith Mark. 2016. The Guardian: Social engineers reveal why the largest threat to your business could be you. Cited 17.04.2018
https://www.theguardian.com/small-business-network/2016/oct/04/social-engineers-reveal-largegest-threat-businessSecurity through Education Blog 2018. The Social Engineering Framework. Cited 18.04.2018
https://www.social-engineer.org/framework/general-discussion/Titanadmin (2018) Cybersecurity Threat Level at All Time High: Industry News, Internet Security, Phishing ; Email, Spam News. Cited15.05.2018
https://www.spamtitan.com/blog/Tung Liam. 2017. ZDNet: Fake WhatsApp app fooled million Android
users on Google Play. Cited 26.02.2018
http://www.zdnet.com/article/fake-whatsapp-app-fooled-million-android-users-on-google-play-did-you-fall-for-it/Tutorials point 2018. Android – Support Library, (Cited 02.05.2018)
https://www.tutorialspoint.com/android/android_support_library.htmVasu Vasanth. 2011. Banking Security Magazine: Social Engineering (Security). Cited16.04.2018.

https://www.scribd.com/document/86221168/Banking-Security-Magazine-2-20112Yalon Erez. 2018. Checkmarx: Android WebView: Secure Coding Practices. Cited 09.03.2018. https://www.checkmarx.com/2017/11/16/android-webview-secure-coding-practices/Zahadat Nima, Blessner Paul, Blackburn Timothy, Olson Bill A. 2015. Science Direct: BOYD security engineering: A framework and its analysis. Cited 23.03.2018
https://www.sciencedirect.com/science/article/pii/S0167404815000978