Mobile Device Security: Challenges and Risks
1. General Challenges of Mobile Device Security
- Mobile devices are inherently difficult to secure.
- Require additional policies, procedures, and technologies.
- Devices are:
- Small and easily concealed.
- Constantly in motion, making them hard to track.
- Frequently connected to the internet, increasing exposure.
2. Sensitivity of Stored Information
- Devices may contain:
- Personal data.
- Organizational information.
- Global internet connectivity increases the risk of remote access by attackers.
3. Jailbreaking and Rooting
Mobile operating systems are typically locked down for security. Modifying or replacing the operating system removes these protections.
| Term |
Platform |
Description |
| Rooting |
Android |
Replaces original OS with a third-party version for deeper access. |
| Jailbreaking |
iOS (Apple) |
Similar to rooting but for Apple devices. |
- Bypasses Mobile Device Management (MDM) controls.
- Circumvents default security mechanisms.
- Enables installation of unapproved applications.
4. Risks from Malicious Apps
- Users may install unverified or malicious applications.
- One compromised app can endanger all data on the device.
5. Sideloading Applications
- Sideloading refers to installing apps from sources outside official or company-approved app stores.
- Often enabled through jailbreaking/rooting.
6. Security Controls and Policy Enforcement
- Restrictions can be implemented via MDM or OS-level settings to:
- Control what apps can be installed.
- Restrict the sources apps can be installed from (e.g., corporate app store).
7. Organizational Policies
- Enforced through:
- Acceptable Use Policies (AUPs)
- Employee handbooks
- Violations, such as unauthorized OS modifications, may result in:
- Disciplinary action
- Termination of employment