With ever growing complexity of individual systems and of the entire network, rapidly increasing number of interconnected devices and continuously growing number of threats, designing secure and trustworthy mobile systems is a permanent challenge. In order to design such systems, both hardware and software threats have to be taken into account, and suitable solutions must be provided. In this chapter, we first give a short overview of the main hardware threats the system has to be protected from. Later, we describe and focus more on description of existing software threats, mostly reflected in malware, that affect mobile devices, as well as currently proposed solutions to cope with them. Additionally, the chapter discusses the main challenges and difficulties posed in front of designers during design process.


  • 1. 2015 cyberthreat defense report. Tech. rep., CyberEdge Group (March 2015). http://www.
  • 2. 2016 threats prediction. Tech. rep., McAfee Labs (November 2015). us/resources/reports/rp-threats- predictions- 2016.pdf.
  • 3. 2016 trend micro security predictions: The fine line. Tech. rep., Trend Micro (October 2015). rpt-the-fine-line.pdf.
  • 4. Internet security threat report volume 20. Tech. rep., Symantec (April 2015). https:// security- threat- report- volume- 20- 2015.pdf.
  • 5. It threat evolution in q2 2015. Tech. rep., Kaspersky Lab (July 2015). files/2015/08/IT_threat_evolution_Q2_2015_ENG.pdf.
  • 6. Mcafee labs threats report. Tech. rep., McAfee Labs (August 2015). us/resources/reports/rp-quarterly-threats-aug-2015.pdf.
  • 7. New rules: The evolving threat landscape in 2016. Tech. rep., FortiGuard Labs (November 2015). Predictions.pdf.
  • 8. Arp D, Spreitzenbarth M, Hubner M, Gascon H, Rieck K. DREBIN: effective and explainable detection of android malware in your pocket. In: NDSS; 2014.
  • 9. Becher M, Freiling FC, Hoffmann J, Holz T, Uellenbeck S, Wolf C. Mobile security catching up? Revealing the nuts and bolts of the security of mobile devices. In: Symposium on security and privacy. SP ’11, IEEE Computer Society; 2011. p. 96-111.
  • 10. Bose A, Hu X, Shin KG, Park T. Behavioral detection of malware on mobile handsets. In: 6th international conference on mobile systems, applications, and services (MobiSys). ACM; 2008. p. 225-38.
  • 11. Breiman L. Random forests. Mach Learn. 2001;45(1):5-32. 1010933404324.
  • 12. Burguera I, Zurutuza U, Nadjm-Tehrani S. Crowdroid: behavior-based malware detection system for android. In: Proceedings of the 1st ACM workshop on security and privacy in smartphones and mobile devices. SPSM ’11. New York, NY, USA: ACM; 2011. p. 15-26. http://
  • 13. Canfora G, Medvet E, Mercaldo F, Visaggio CA. Detecting android malware using sequences of system calls. In: Proceedings of the 3rd international workshop on software development lifecycle for mobile. DeMobile 2015. New York, NY, USA: ACM; 2015. p. 13-20. http://doi.
  • 14. Cheng J, Wong SH, Yang H, Lu S. Smartsiren: virus detection and alert for smartphones. In: 5thinternational conference on mobile systems, applications and services. MobiSys ’07, ACM; 2007. p. 258-71.
  • 15. Dini G, Martinelli F, Saracino A, Sgandurra D. Madam: a multi-level anomaly detector for android malware. In: Kotenko I, Skormin V, editors. Computer network security. Lecture notes in computer science, vol. 7531. Berlin Heidelberg: Springer; 2012. p. 240-53. http://dx.doi. org/10.1007/978-3-642-33704- 8_21.
  • 16. Felt AP, Finifter M, Chin E, Hanna S, Wagner D. A survey of mobile malware in the wild. In: 1st ACM workshop on security and privacy in smartphones and mobile devices (SPSM). ACM; 2011. p. 3-14.
  • 17. Felt AP, Greenwood K, Wagner D. The effectiveness of application permissions. In: 2nd USENIX conference on web application development (WebApps). USENIX Association; 2011. p. 7.
  • 18. Ham HS, Choi, MJ. Analysis of android malware detection performance using machine learning classifiers. In: 2013 international conference on ICT Convergence (ICTC). p. 490-5.
  • 19. Kim CH, Quisquater J. Faults, injection methods, and fault attacks. IEEE Des Test Comput. 2007;24(6):544-5.
  • 20. Kim H, Smith J, Shin KG. Detecting energy-greedy anomalies and mobile malware variants. In: Proceedings of the 6th international conference on mobile systems, applications, and services. MobiSys ’08. New York, NY, USA: ACM; 2008. p. 239-52. 1378600.1378627.
  • 21. Kocher PC. Timing attacks on implementations of Diffie-Hellman, RSA, DSS, and other systems. In: Koblitz N, editor. CRYPTO ’96, Proceedings of the 16th annual international cryptology conference on advances in cryptology, Santa Barbara, California, USA, August 18-22, 1996. Lecture notes in computer science, vol. 1109, Springer; 1996. p. 104-13. http://dx.doi. org/10.1007/3-540-68697-5_9.
  • 22. Kocher PC, Jaffe J, Jun B. Differential power analysis. In: Wiener MJ, editor. CRYPTO ’99, proceedings of the 19th annual international cryptology conference on advances in cryptology, Santa Barbara, California, USA, August 15-19, 1999. Lecture notes in computer science, vol. 1666. Springer; 1999. p. 388-97.
  • 23. Liu L, Yan G, Zhang X, Chen S. Virusmeter: preventing your cellphone from spies. In: 12th international symposium on Recent Advances in Intrusion Detection (RAID). Springer; 2009. p. 244-64.
  • 24. Milosevic J, Dittrich A, Ferrante A, Malek M. A resource-optimized approach to efficient early detection of mobile malware. In: 2014 ninth international conference on Availability, Reliability and Security (ARES). IEEE; 2014. p. 333-40.
  • 25. Milosevic J, Ferrante A, Malek M. What does the memory say? Towards the most indicative features for efficient malware detection. In: CCNC 2016, The 13th annual IEEE consumer communications and networking conference. Las Vegas, NV, USA: IEEE Communication Society; 2016.
  • 26. Moser A, Kruegel C, Kirda E. Limits of static analysis for malware detection. In: Twenty-Third annual computer security applications conference, 2007. ACSAC; 2007. p. 421-30.
  • 27. Oberheide J, Veeraraghavan K, Cooke E, Flinn J, Jahanian F. Virtualized in-cloud security services for mobile devices. In: 1st workshop on virtualization in mobile computing. MobiVirt ’08, ACM; 2008. p. 31-5.
  • 28. Portokalidis G, Homburg P, Anagnostakis K, Bos H. Paranoid android: versatile protection for smartphones. In: 26th Annual Computer Security Applications Conference (ACSAC). ACM; 2010. p. 347-56.
  • 29. Quisquater J, Samyde D. Electromagnetic analysis (EMA): measures and counter-measures for smart cards. In: Attali I, Jensen TP, editors. Proceedings of the smart card programming and security, international conference on research in smart cards, E-smart 2001, Cannes, France, September 19-21, 2001. Lecture notes in computer science, vol. 2140. Springer; 2001. p. 200-10.
  • 30. Schmidt AD, Bye R, Schmidt HG, Clausen J, Kiraz O, Yuksel K, Camtepe S, Albayrak S. Static analysis of executables for collaborative malware detection on android. In: IEEE international conference on communications, 2009. ICC ’09; 2009. p. 1-5.
  • 31. Schmidt AD, Peters F, Lamour F, Albayrak S. Monitoring smartphones for anomaly detection. In: 1st international conference on MOBILe wireless MiddleWARE, operating systems, and applications. MOBILWARE ’08, ICST (Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering); 2007. p. 40:1-40:6.
  • 32. Shabtai A, Kanonov U, Elovici Y, Glezer C, Weiss Y. “Andromaly”: a behavioral malware detection framework for android devices. J Intell Inf Syst. 2012;38(1):161-90. http://dx.doi. org/10.1007/s10844-010-0148-x.
  • 33. Spreitzenbarth M, Freiling F, Echtler F, Schreck T, Hoffmann J. Mobile-sandbox: having a deeper look into android applications. In: Proceedings of the 28th annual ACM symposium on applied computing. SAC ’13. New York, NY, USA: ACM; 2013. p. 1808-15. http://doi.acm. org/10.1145/2480362.2480701.
  • 34. Truong HTT, Lagerspetz E, Nurmi P, Oliner AJ, Tarkoma S, Asokan N, Bhattacharya S. The company you keep: mobile malware infection rates and inexpensive risk indicators. CoRR abs/1312.3245; 2013.
  • 35. Wu DJ, Mao CH, Wei TE, Lee HM, Wu KP. Droidmat: android malware detection through manifest and API calls tracing. In: 2012 seventh Asia joint conference on information security (Asia JCIS). p. 62-9.
  • 36. Xie L, Zhang X, Seifert JP, Zhu S. PBMDS: A behavior-based malware detection system for cellphone devices. In: Proceedings of the third ACM conference on wireless network security. WiSec ’10. New York, NY, USA: ACM; 2010. p. 37-48. 1741874.
  • 37. Zhou Y, Jiang X. Dissecting android malware: characterization and Evolution. In: Proceedings of the 2012 IEEE symposium on security and privacy. SP ’12. Washington, DC, USA: IEEE Computer Society; 2012. p. 95-109.
< Prev   CONTENTS   Source   Next >