Android smartphones were rapidly changing the personal and work environment. The modern smartphone devices were driven by modern mobile technologies. The Android smartphones were used for a variety of purposes including capturing the information, accessing sensitive data and sharing the information. The smartphones have found its ways in the work environment and these smartphone devices were connected to other devices for information exchange. Android smartphone devices are handling a variety of applications that were used for different purposes. The hardware capabilities of smartphone devices were used for location tracking, bar code scanning, RFID scanning, and geo-tracking (Woyke, 2014). Android Smartphones could store the data from the enterprise data systems. The smartphone supports a variety of applications that can be used for business transactions. The key challenges with smartphone devices are information confidentiality, integrity, and availability. Android smartphone users are not aware of the security risks for enterprise (Gonzalez, 2015).
The key threats of smartphone devices are malware attacks, unsecured wireless network attacks, denial of service attacks or distributed denial of service attacks, system malfunction, phishing attacks, and platform alteration. The malware attacks were targeted attacks that exploiting smartphone devices and sneak into device functions (Tounsi, 2019). The unsecured wireless network attacks were targeted to gain unauthorized access to critical information. The hackers use this opportunity to modify the files or corrupt the files to a level in which the information is not useful for the enterprise. The cyber attackers use sniffing and spoofing methods to determine vulnerable networks and gains access to the critical information (Loukas, 2015).
The smartphones were vulnerable to denial of service attacks and these attacks were targeting the smartphones for disruption of services. The distributed denial of services was targeting the network of systems and stops the entire network services. The malicious code is used to gain access to smartphone devices and gain access to the enterprise network. The systems were made malfunctioned by the introduction of malware including viruses, and trojans. The malfunction attacks make the smartphone devices not available for functioning. The phishing attacks were used to steal sensitive information and these attacks were triggered form the email chains and short messages. The platform alterations including jailbreaking or root folder tampering make these smartphones vulnerable for cyber-attacks The smartphone attacks were similar for Android smartphones and the security defense mechanism is required for Android smartphones to prevent the smartphone attacks (Loukas, 2015).
According to the 2018 report published by Cybersecurity week, the BYOD has increased the use of smartphone devices for the work environment. By the year 2022, the cybersecurity sales were expected to reach $231.94 billion. The security threats for Android have increased from 4 million in 2017 to 5 million in 2018. This is 1 million threats added in one year. The Google Play Store has detected more than 700,000 applications with privacy violations. The cyber-attackers were targeting the Android systems by using advanced attacks in the Wi-Fi and Bluetooth connectivity. The most frequent vulnerabilities used by the cyber-attackers on the Android systems are malvertisements, man-in-middle attacks, persistent attacks, and phishing attacks (Novinson, 2018). The cyber-attacker was targeting the vulnerabilities of the smartphones to gain access to enterprise networks and steal the information. The software development companies were targeted by the cyberattacks and the Android smartphones were used as the primary sources to steal intellectual property and critical client information (Misra, & Dubey, 2016).
Key Understandings From Smartphone US Market
According to the 2019 report published by Statista, the smartphones in the World are expected to be 3 billion between 2016 to 2021. The major contributors to the smartphone market are China, India, and the US. The global smartphone sales were 1.4 billion and it is expected to reach 7.26 billion smartphone users by 2022 (Holst, 2019). The leading manufactures of smartphones across the globe are Samsung, Apple, and Huawei. The worldwide mobile operating system share is dominated by Android and followed by iOS. In December 2019, Android is the leading mobile operating system worldwide with a74.13% share. Google Android and Apple iOS are dominating 99 percent of the global market share. (Holst, 2020). The most popular smartphone apps are Web Browsers with 97.94%, Communication & Social with 97.27%, Utilities, and tools with 96.09% and Entertainment with 95.5% (Clement, 2019).
According to the Statcounter report 2020, the mobile vendor market share across the globe is dominated by Samsung which is 31.29%, Apple is 24.76%, Huawei is 10.61%, Xiaomi is 81%, Oppo is 4,25% and Mobicel is 3.02%. Android is the firmware platform for all the vendors except Apple (Statcounter, Mobile Vendor Market Share Worldwide, 2020). The mobile operating system market share across the globe is dominated by Android with 74.3%, iOS with 24.76%, KaiOS with 0.21%, and Samsung is 0.2% (Statcounter, Mobile Operating System Market Share Worldwide, 2020)
Android Smartphone Risks
According to the Kryptyowire report on Android firmware vulnerabilities in November 2019, the preinstalled apps and firmware are with risks from the pre-purchase. The study provided interesting facts in the devices used in the US. According to this report, the devices are shipped with the pre-installed software that is not in the official app stores and default system access. The pre-installed apps are with backdoor functionality and data exfiltration. The vendors customize the Android version with unintentional vulnerabilities. The vulnerabilities of Android are categorized as PII leakage, Command execution, record audio, record screen, capture screenshot, SMS sending, modification is system properties, App installation, sending AT command, logcat leakage, factory reset, dynamic code loading, and modification of wireless setting. According to this report, vulnerability types are dynamic code loading (4.1%). Audio recording (5.5%), App installation (23.3%), AT command execution (0.7%), command execution (20.5%), wireless setting modification (17.8%), and system properties modification (28.1%). Total vulnerabilities were 146 from 29 vendors (Kryptowire, 2019).
According to the Google Android Security report 2018, the potentially harmful applications in Android are keeping user data and devices at risk. The devices that installed the application from Google Play have less likely affected by potentially harmful applications. The percentage of potentially harmful applications installed between Google Play for 2016 is 0.05%, 2017 is 0.08%, and 0.08 in 2018 and Outside Google play for 2016 is 0.74%, 2017 is 0.8%, and 2018 is 0.68%. The device hygiene for the latest Android market is more than o,5% in the US.
The percentage of devices with potentially harmful applications 2018 based on the version is Lollipop is 0.65%, Marshmallow is 0.55%, Nought is 0.29%, Oreo is 0.19%, and Pie is 0.18%. As the version mature the potentially harmful applications have been reduced. The percentage of potentially harmful applications installed by category in 2018 clicks fraud at 0.023%, Trojan at 0.007%, SMS fraud at 0.03%, spyware at 0.002%, backdoor at 0.002%, hostile downloader at 0.001%, privilege escalation at 0.001%, phishing less than 0.001%, and commercial spyware at 0.001% (Google, 2019).
Android Smartphone Risks For Enterprise
According to the 2018 report published by Mobile Iron, the mobile device risk is related to the device, operating systems, network, and applications. The mobile device risks are related to hardware and firmware risks. The network risk can be due to cellular network risks and Wi-Fi network risks. The application risk includes the applications installed in the systems including malware, leaky apps, spyware, and other harmful apps. The application threats for android systems are 80%. The mobile device concerns for the employee-owned devices are 26% and company-owned devices are 15%, and IoT devices are 8% (MobileIron, 2018).
According to the 2019 report published by Verizon on the mobile security index, it was identified that the security risks from mobile devices have been increased from 83% to 86%. Around two-thirds of the organization doesn’t have work[place security for mobile devices. More than 85% of the organizations were looking for mobile devices security which could be mobile device management. It was observed that 48% of the organizations have awareness of mobile device security threats. Around 33% of the enterprise have experience of systems compromise. More than 46% of organizations have absorbed the risk of mobile device security. Around 62% have faced the breach consequences and 43% had costly breach management (Verizon, 2019).
Android Smartphone With Mobile Device Security
Android smartphone security for the software enterprise requires mobile devices management (MDM), mobile application management, mobile application reputation services, and Android device anti-virus (Pierer, 2016). The enterprise mobile security systems require centralized device management with a complete view of enterprise users across various devices. The mobile device security detects malicious applications and blocks these applications and their data files. The malicious web files and sites need to be blocked with web reputation services (Misra, & Dubey, 2016). The attacks on the networks, applications, ports, and services were detected with firewall and intrusion detection prevention systems. The data is protected with data encryption and regulated smartphone features The mobile application management and mobile device management monitors enterprise mobile security (Au, & Choo, 2016).
The NIST mobile security framework has defined the regulatory standards and implementation approach for BYOD mobile device for enterprise. The mobile devices management provides a complete security solution for enterprise-level with access restrictions, network security, application authorization system security, and encryption (Souppaya & Scarfone, 2016). NIST cybersecurity provided the security standards for mobile devices management and cloud security. These security characteristics have provided an approach for the enterprise to secure the enterprise. The industry specific cyber-security approach providers enterprise security framework that can be implemented for the software companies (Franklin, Bowler, Brown, Dog, Edwards, McNab & Steele, 2019).
Android smartphones were popular across the globe and there are security vulnerabilities that can be a risk for software enterprises. The literature review is focused on understanding the smartphone market in the US and determine the smartphone risks for the enterprise. This review helped to understand the risks that were impacting the enterprise security. Mobile device security provides enterprise-wide information security across the network, devices, applications, and data. The frameworks defined by NIST provides cybersecurity and mobile devices security to prevent information security breach in software development companies (Kratzer, Gruber, Clementi, Lahee, Rödlach, & Stelzhammer, 2014).
- Au, H., A. & Choo, R. (2016). Mobile Security and Privacy: Advances, Challenges, and Future Research Directions, Cambridge, MA: Elsevier.
- Clement, J. (2019). Mobile App Usage- Statistics and Facts, Retrieved from https://www.statista.com/topics/1002/mobile-app-usage/
- Franklin, J., Bowler, K., Brown, C., Dog, E., S., Edwards, S., McNab, N., & Steele, M. (2019). Mobile Device Security: Cloud and Hybrid Builds, Gaithersburg, MD: NIST.
- Gonzalez, D. (2015), Managing Online Risk: Apps, Mobile, and Social Media Security, Waltham, MA: Butterworth-Heinemann
- Google. (2019). Android Security & Privacy 2018 Year In Review, Retrieved from https://source.android.com/security/reports/Google_Android_Security_2018_Report_Final.pdf
- Holst, A. (2020). Mobile operating systems’ market share worldwide from January 2012 to December 2019, Retrieved from https://www.statista.com/statistics/272698/global-market-share-held-by-mobile-operating-systems-since-2009/
- Holst, A. (2019). Smartphone users worldwide 2016-2021, Retrieved from https://www.statista.com/statistics/330695/number-of-smartphone-users-worldwide/
- Kratzer, P., Gruber, C., Clementi, A., Lahee, D., Rödlach, P & Stelzhammer, P. (2014). Mobile Security Products for Android: Security for the Android Platform, Paris, FR: BoD.
- Kryptowire. (2019). Android Firmware Vulnerabilities – November 2019, Retrieved from https://www.kryptowire.com/android-firmware-2019/
- Loukas, G. (2015). Cyber-Physical Attacks: A Growing Invisible Threat, Oxford, UK: Butterworth-Heinemann.
- Misra, A., & Dubey, A. (2016). Android Security: Attacks and Defenses, Boca Raton, FL: CRC Press.
- MobileIron, (2018). Global Threat Report, Retrieved from https://www.mobileiron.com/en/resources-library/security-reports/Global-Threat-Report-Mid-Year-2018
- Novinson, M. (2018). The 10 Biggest Android Security Threats In 2018, Retrieved from https://www.crn.com/slide-shows/security/the-10-biggest-android-security-threats-in-2018/9
- Souppaya, M. & Scarfone, K. (2016). National Institute of Standards and Technology Special Publication 800-114 Revision 1, Gaithersburg, MD: NIST
- Statcounter. (2020). Mobile Vendor Market Share Worldwide, Retrieved from https://gs.statcounter.com/vendor-market-share/mobile
- Statcounter. (2020). Mobile Operating System Market Share Worldwide, Retrieved from https://gs.statcounter.com/os-market-share/mobile/worldwide
- Tounsi, W. (2019). Cyber-Vigilance and Digital Trust: Cyber Security in the Era of Cloud Computing and IoT, John Wiley & Sons.
- Woyke, E. (2014). The Smartphone: Anatomy of an Industry, New York, NY: New Press
- Verizon. (2019). Mobile Security Index 2019, Retrieved from https://enterprise.verizon.com/content/dam/resources/reports/msi-2019-report.pdf