Abstract
Smartphones have tremendously influenced the life of a person by helping him carry out a wide range of daily tasks. It is critical to ensure that hackers and malicious apps do not compromise user’s private data stored in the smartphone. Common user behavior patterns such as setting up weak/predictable passwords, sharing one’s phone with strangers, downloading apps outside trusted sources indirectly paves way to malicious activities such as exploitation of private or confidential data. A literature survey is conducted to identify various user behavior patterns that impact smartphone security and privacy. About 500 users participated in this study, which consisted of questions spanning topics such as System Design, Device Security, Private Data, Third Party Apps and Network/Wi-Fi. Their responses were thoroughly analyzed and user behavior patterns were categorized. In parallel, I also worked on implementations in the area of Device Security and Third Party Apps for the purpose of demonstrating some security threats from the survey. The first implementation is a new Screen Lock mechanism for Android that overcomes the threats faced by existing Pattern Based Screen Lock mechanism such as Smudge attacks and easy predictable patterns. The implementation requires the user to enter a unique PIN between 4-9 digits initially during setup. After that, a 3 x 3 grid with the digits placed in random order will appear. The user needs to draw the pattern of the digits in-order of the PIN to unlock the device. This way, pattern will change dynamically every time the user tries to unlock the smartphone thereby providing a new pattern for the same PIN. Additionally, a program to identify the difficulty level of the existing pattern lock set by users was developed. These have been designed as a public website hosted on the Salesforce.com servers. The website was developed using Visualforce Page, HTML, Jquery and JavaScript. The second implementation consists of developing a Loadable Kernel Module (LKM) for the Android Emulator to perform dynamic analysis of malicious third party applications through interception of File I/O and Network I/O system calls. Additionally, TcpDump is also used to capture the network packets sent/received during dynamic analysis. A system object dependency graph is then generated to identify the relationship between various OS objects. Five malicious applications were intercepted and the observed results of analysis reported suspicious activities performed such as stealing contact data and device information, recording incoming and outgoing phone calls, taking photos through front camera without users knowledge.