Title: Security-enhanced Android for an enterprise

Authors: Syed Rameez Rehman; Mudassar Waheed; Ammar Masood

Addresses: Devices and Network Security Lab, National Center for Cyber Security, Air University, Islamabad, Pakistan ' Devices and Network Security Lab, National Center for Cyber Security, Air University, Islamabad, Pakistan ' Devices and Network Security Lab, National Center for Cyber Security, Air University, Islamabad, Pakistan

Abstract: Mobile devices today play an essential role in communications, especially in accessing or storing private information of the users, making it a treasure trove for malicious intent attackers. Additionally, enterprises also encourage use of employee-owned devices resulting in convenience, lower costs and higher employee productivity. In this scenario, an employee's mobile device compromise not only results in leakage of personal information but also enterprise secrets and protected data. Thus, requirement for strong protection of stored data and hardening of mobile devices against malicious attacks is essential. One such approach for an enterprise would be to reinforce underlying Android operating system; the most widely used system due to its open-source nature. In this work, we followed a risk assessment approach and conducted security feature comparison of Android (AOSP) with iPhone's (iOS) to identify potential security enhancements for enterprise use, and later on also performed a comparison of Android custom ROMs to further refine the security enhancements.

Keywords: Android security; Android custom ROMs; enterprise security requirement; security enhancements in Android; mobile OS security analysis; iOS security.

DOI: 10.1504/IJSN.2022.123296

International Journal of Security and Networks, 2022 Vol.17 No.2, pp.92 - 106

Received: 31 Aug 2020
Accepted: 05 May 2021
Published online: 08 Jun 2022 *

Full-text access for editors Full-text access for subscribers Purchase this article Comment on this article