“Exploring Smart Phone Security through the Development of Applications on the Android Platform”
This is a paper I co-wrote with several other people in conjunction with CS capstone projects, including the Honeybadger Firewall. It was published in the 2012 edition of the Proceedings of the National Conference on Undergraduate Research.
Smartphone security is a growing concern in modern society. More people depend on their mobile phones to keep track of personal information, make online banking transactions, and access web-based applications. With rapid increases in the technological capabilities of smartphones, security issues are numerous and constantly increasing. With an open source, Linux-based operating system like Android, exploits are especially prevalent because of the easy access to source code. Accordingly, there is a need to develop robust firewalls and other protective measures in order to combat these threats. The focus of this paper is to explore possible ways to build applications that effectively enhance security on Android devices. One key question which had to be answered in selecting an approach to this problem was whether rely solely on the application programming interfaces (API) made available to all applications or to take advantage of the underlying Linux kernel through root access. The advantage of the first approach is that it provides compatibility on nearly all Android devices, while the second facilitates functionality well beyond the restrictions of Android APIs. It was determined that those restrictions associated with relying solely on Android APIs, made it infeasible to develop effective security applications, especially those affecting network traffic. Using the underlying Linux kernel on a device through the modification of settings via root access, however, proved to be both feasible and effective. Proof-of-concept of this was provided by creating two applications, one which is a firewall, and one which gives a user control over application permissions. Our tests showed that utilizing the tools available in the underlying Linux kernel is an effective method of implementing a firewall to manage network traffic on the Android operating system. Furthermore, the use root access is an effective way to modify permissions on an Android device to manage network access for Android applications.