Information Management Security Vulnerabilities in Smartphones Used by University Students: A Case Study in the Southwest of Colombia

Abstract

Currently, students who use smartphones are affected by theft and information leakage, to address this problem, this research aims to identify security vulnerabilities in these devices. In addition, an application to prevent phishing and information leakage was implemented. Effectiveness and performance tests were carried out to identify vulnerabilities and to alert users about them. The threats identified in Android smartphones used by university students in the southwest of Colombia were based on various techniques (phishing, DNS poisoning, identity theft, Man in the middle, foot-printing, spyware). To reach this result, we defined the problem, then we made a literature review, after that we defined the study population, methods, and instruments; finally, we collected the information and analyzed the results. An application was launched to show the security vulnerabilities of malicious software installation, which extracts information from student’s devices and makes the security of our mobile phones a priority nowadays; and to achieve greater security on Android smartphones. However, it is essential to be aware of the importance of self-care.

Keywords

Vulnerabilities, Mobile devices, Android, Phising, nformation leak

Author Biography

Cristian-Camilo Ordoñez-Quintero

Roles: Research, exploratory data analysis, model definition and refinement, implementation, model validation.

Hugo-Armando Ordoñez-Eraso

Roles: Research, Methodology, validation, Writing - review and editing.

Jose-Armando Ordoñez-Córdoba

Roles: Research, supervision, methodology, validation, writing - review and editing.

References

• N. Valero, Consumo móvil en Colombia, Deloitte, 2018
• W. C. Álzate, C. S. Romaña, Y. Q. Barco, “Factores y causas de la fuga de información sensibles en el sector empresarial,” Cuaderno Activa, vol. 7, no. 1, pp. 67-73, 2016
• R. Maya, “El cibercrimen y sus efectos en la teoría de la tipicidad: de una realidad física a una realidad virtual,” Nuevo Foro Penal, vol. 13, pp. 72–112, 2017. https://doi.org/10.17230/nfp.13.88.3 DOI: https://doi.org/10.17230/nfp.13.88.3
• A. C. Silva Calpa, D. G. Martínez Delgado, “Influencia del Smartphone en los procesos de aprendizaje y enseñanza,” Suma Negocios, vol. 8, no. 17, pp. 11–18, 2017. https://doi.org/10.1016/j.sumneg.2017.01.001 DOI: https://doi.org/10.1016/j.sumneg.2017.01.001
• A. Razgallah, R. Khoury, S. Hallé, K. Khanmohammadi, “A survey of malware detection in Android apps: Recommendations and perspectives for future research,” Computer Science Review, vol. 39, e100358, 2021. https://doi.org/10.1016/j.cosrev.2020.100358 DOI: https://doi.org/10.1016/j.cosrev.2020.100358
• H. Gao, S. Cheng, W. Zhang, “GDroid: Android malware detection and classification with graph convolutional network,” Computers & Security, vol. 106, e102264, 2021. https://doi.org/10.1016/j.cose.2021.102264 DOI: https://doi.org/10.1016/j.cose.2021.102264
• N. Zhang, Y. Tan, C. Yang, Y. Li, “Deep learning feature exploration for Android malware detection,” Applied Soft Computing, vol. 102, p. 107069, 2021. https://doi.org/10.1016/j.asoc.2020.107069 DOI: https://doi.org/10.1016/j.asoc.2020.107069
• M. Kinkead, S. Millar, N. McLaughlin, P. O’Kane, “Towards Explainable CNNs for Android Malware Detection,” Procedia Computer Science, vol. 184, pp. 959–965, 2021. https://doi.org/10.1016/j.procs.2021.03.118 DOI: https://doi.org/10.1016/j.procs.2021.03.118
• Y. Igarashi, “DREBIN: Effective and Explainable Detection of Android Malware in Your Pocket,” The Journal of Japanese Studies, vol. 36, no. 1, pp. 165–169, 2009. https://doi.org/10.1353/jjs.0.0130 DOI: https://doi.org/10.1353/jjs.0.0130
• Y. Wang, G. Xu, X. Liu, W. Mao, C. Si, W. Pedrycz, W. Wang, “Identifying vulnerabilities of SSL/TLS certificate verification in Android apps with static and dynamic analysis,” Journal of Systems and Software, vol. 167, e110609, 2020. https://doi.org/10.1016/j.jss.2020.110609 DOI: https://doi.org/10.1016/j.jss.2020.110609
• P. Runeson, M. Höst, “Guidelines for conducting and reporting case study research in software engineering,” Empirical Software Engineering, vol. 14, no. 2, e131, 2009. https://doi.org/10.1007/s10664-008-9102-8 DOI: https://doi.org/10.1007/s10664-008-9102-8
• NIST, Marco de Ciberseguridad del NIST, pp. 1–9, 2019
• R. Al-quraan, A. Hadi, J. Atoum, M. Al-Zewairi, “Ultrasurf Traffic Classification: Detection and Prevention,” International Journal of Communications, Network and System Sciences, vol. 8, pp. 304–311, 2015. https://doi.org/10.4236/ijcns.2015.88030 DOI: https://doi.org/10.4236/ijcns.2015.88030
• D. Howe, H. Nissenbaum, Engineering Privacy and Protest: A Case Study of AdNauseam, 2017
• A. Skendzic, B. Kovačić, “Open source system OpenVPN in a function of Virtual Private Network,” IOP Conference Series: Materials Science and Engineering, vol. 200, e12065, 2017. https://doi.org/10.1088/1757-899X/200/1/012065 DOI: https://doi.org/10.1088/1757-899X/200/1/012065
• J. Dai, C. Chen, Y. Li, “A Backdoor Attack Against LSTM-Based Text Classification Systems,” IEEE Access, vol. 7, pp. 138872–138878, 2019. https://doi.org/10.1109/ACCESS.2019.2941376 DOI: https://doi.org/10.1109/ACCESS.2019.2941376