Case Study: Mobile Device Security

Rowena Pagarigan
October 9, 2018
IS326: E-Commerce
CUNY SPS: Fall 2018

1 of 8
 The case study, “Insight on Technology: Think Your Smartphone is

Secure?” (Laudon & Traver, 2016, p. 282-283) discusses the vulnerabilities that exists in

mobile phones and how Apple and Google handle these concerns in respect to their

app distribution process. Moreover, it brings to light the average consumer’s

misinformation regarding the level of security their mobile device has. The following

paper elaborates on that case study’s contents while expanding upon such issues as

the perceived security of IOS devices and the ethical and privacy issues tied into law

enforcement’s ability to effectively perform mobile device forensics.

App Store Management: Apple VS. Google

Apple has a closed platform, also popularly referred to as a walled garden

approach, meaning they tend to be highly selective about which apps can be distributed

in their app store for quality assurance purposes. They have a strict set of guidelines

that must be adhered to by developers which then will undergo a vetting process for

qualification. A pre-review checklist include topics on safety, performance, business,

design, legal, IP, gaming / gambling / lotteries, VPN apps, and developer code of

conduct (Apple.com, 2018).

Google’s Android App Store has more of an open concept and as a result, more

developer-friendly. Open source promotes creativity and ingenuity by using the

exponential power of the crowd to advance its state. According to BigCommerce (n.d.),

“The fundamental functions of the Internet are built on open source technologies.” In

terms of security the Google method is better at being able to spot malicious apps and

vulnerabilities since it is essentially being crowd-sourced rather than having an isolated

ecosystem such as Apple. Google requires “developers to register and be approved by

2 of 8
Google before they can distribute apps through Google Play” (Laudon & Traver, 2017,

p. 283).

While Apple’s App Store approval process can take 3-6 days, Google’s Play

Store process takes at most 3 days, but on average, 24 hours (Girdhar, 2017). The

level of ease that comes with Google’s process can unfortunately invite bad actors to

exploit this system. According to E-commerce: Business, technology, society, “Apple’s

app rules make some user information available to all apps by default” (Laudon &

Traver, 2017, p. 282). Apple quietly changed these App store rules in June of 2018.

According to a Bloomberg.com article, “The phone maker didn’t publicly mention

updated App Store Review Guidelines that now bar developers from making databases

of address book information they gather from iPhone users” (Frier & Gurman, 2018)

during their annual developer conference. The same article further elaborates on what

has been a standard practice by both Apple and Google’s mobile platform: “Developers

ask users for access to their phone contacts, then use it for marketing and sometimes

share or sell the information -- without permission from the other people listed on those

digital address books.”

Jailbreaking and its Security Risks

Jailbreaking is the process of removing any imposed restrictions and limitations

on Apple devices, allowing a user to download apps from other sources besides the

official Apple App Store. “Jailbreaking can also be used to bypass Digital Rights

Management” (Rouse, n.d.) in order to download and distribute copyrighted content via

torrents and media servers. In this context, jailbreaking is the term used for Apple

devices, but it can also be done to Amazon devices which has a similar closed

3 of 8
ecosystem. For Android users, the term rooting is widely used and synonymous to

jailbreaking. They all essentially have the same meaning behind it: privilege escalation.

According to Apple’s support site (n.d.), some of the ramifications of jailbreaking

are security vulnerabilities, instability, shortened battery life, unreliable voice and data,

disruption of services, and inability to apply future software updates. Modifying an

Apple mobile device to allow root access to system files means your device is not

contained in that conceptual walled garden anymore. This increases the exposure to

malware and hacking efforts since the built-in security layer has been removed. There

are jailbreak tweaks that are actually designed to create a backdoor into the system

(Benjamin, 2015), granting unauthorized persons unfettered access to your mobile

device and all of its contents. Once a device has been jailbroken, all manufacturer and

service warranties are null and void, meaning you simply cannot walk into an Apple

Store and expect them to troubleshoot and fix it for you.

Apple’s Walled Garden

To a certain extent the walled garden concept does promote a more secure

operating system due to its selectiveness and exclusivity. My personal electronics

arsenal is a mixed bag: iMac Desktop, Android phone (LG), and a Windows Convertible

Laptop (ASUS). I have Norton Security installed in all of them. It does feel like my

Apple desktop is more secure because of the stringent management of its proprietary

software and app store. I can only base my judgement on my own experience with the

technologies I have owned previously. In recent years, I have owned Windows laptops;

two out of three succumbed to damages resulting from malware, despite having a

security system and routine maintenance in place. I have only owned two Apple

4 of 8
devices: a laptop and my current desktop, neither one have experienced any security

issues.

As for mobile devices, I prefer Android phones due to their flexibility and file

storage. The reason why I dislike IOS is not based on security but more on lack of

customization. I am restricted to the apps they offer (via App store with a poor search

feature), the user interface they designed (versus Android custom launchers), and the

storage allotted (no input for external storage). If I had to isolate a security issue, it

would be the single point of failure caused by Trustjacking; an IOS flaw in establishing

trust to a computer in order to pair devices that enables hackers to hijack the device via

a persistent or remote attack (Cimpanu, 2018).

Law Enforcement and Mobile Phone Encryption

Cell phone encryption presents a major obstacle to law enforcement agencies

who need to be able to perform digital forensics to seized devices in order to collect,

preserve, and document evidence. In addition, a digital footprint can be used to

investigate possible leads and aid in the prevention of criminal activities. A closed

architecture such as Apple’s iPhone have security that can only be unlocked by its

owner, hindering any investigation in the process.

“Absolute power corrupts absolutely.” - Lord Acton

Should law enforcement agencies have the power to bypass encryption and

phone security? My answer is no. Giving anyone unquestioned and unlimited backdoor

access to technology will enable other exploits to get through the system. Do they need

access to critical data in a device used by someone who committed a crime? Yes. In

order to do their job to investigate unlawful acitivity, access to digital evidence is crucial.

5 of 8
However, the method of obtaining that evidence needs to be agreed upon by both law

enforcement agencies and the technological providers and should not encroach upon

basic human rights. Having an all access skeleton key that bypasses security defeats

the purpose of having security not to mention opens up the floodgates for invasion of

privacy. Perhaps the tech companies can assist by unlocking the device in their

controlled environment and letting forensics extract what they need before locking it

back up.

Summary

Regardless of which platform a mobile device has, security should always be of

primary concern to individuals. In a digital world full of identity thefts, credit card frauds,

and mass surveillance, your personal information is currency. Security is only as strong

as the weakest link and this usually means the end user. The best way to combat

security issues is through persistent education since digital threats evolve just as quickly

as the technology that makes it possible. Lastly, while the highest standard of mobile

security should be sought out and implemented, it should not impede or take away an

individual’s right to privacy.

I will close with an Edward Snowden quote: “Arguing that you don't care about

the right to privacy because you have nothing to hide is no different than saying you

don't care about free speech because you have nothing to say.”


6 of 8
 References:

Apple.com - Support. (n.d.). Unauthorized modification of iOS can cause security

vulnerabilities, instability, shortened battery life, and other issues. Retrieved from

https://support.apple.com/en-us/HT201954

Apple.com. (2018, June 4). App store review guidelines - Apple developer. Retrieved

from https://developer.apple.com/app-store/review/guidelines/

Benjamin, J. (2015, August 25). Report: 220,000 iCloud accounts breached due to

jailbreak tweak backdoor. Retrieved from https://www.idownloadblog.com/

2015/08/25/report-220000-icloud-accounts-breached-due-to-jailbreak-tweak-

backdoor/

BigCommerce. (n.d.). What is open source, and why is it important? Retrieved from

https://www.bigcommerce.com/ecommerce-answers/what-open-source-and-why-it-

important/

Cimpanu, C. (2018, April 18). iOS trustjacking attack exposes iPhones to remote

hacking. Retrieved from https://www.bleepingcomputer.com/news/security/ios-

trustjacking-attack-exposes-iphones-to-remote-hacking/

Fox-Brewster, T. (2018, February 28). The feds can now (probably) unlock every iPhone

model in existence -- updated. Retrieved from https://www.forbes.com/sites/

thomasbrewster/2018/02/26/government-can-access-any-apple-iphone-cellebrite/

#f97103e667a0

7 of 8
Frier, S., & Gurman, M. (2018, June 13). Apple tries to stop developers from sharing

data on users’ friends. Retrieved from https://www.bloomberg.com/news/articles/

2018-06-12/apple-cracks-down-on-apps-sharing-information-on-users-friends

Girdhar, A. (2017, June 2). 7 ways Apple App Store can become better than Google

Play Store. Retrieved from https://thenextweb.com/apple/2017/06/03/7-ways-apple-

app-store-can-become-better-google-play-store/

Laudon, K. C., & Traver, C. G. (2017). E-commerce security and payment systems. In

E-commerce: Business, technology, society (12th ed., p. 282).

Rouse, M. (n.d.). What is jailbreaking? Retrieved from https://whatis.techtarget.com/

definition/jailbreaking

8 of 8