Smartphone Operating System Security
Total Page:16
File Type:pdf, Size:1020Kb
£ Study into the Implications of Smartphone Operating System Security Commissioned by: www.goodeintelligence.com Study into the implications of Smartphone operating system security CONTENTS Executive Summary .............................................................................................................. 4 Scope of Study .................................................................................................................. 4 Introduction ....................................................................................................................... 5 The personal remote control for our lives ....................................................................... 5 Smartphone ecosystem and mobile app stores .............................................................. 7 Smartphones get more personal .................................................................................... 7 Security Threats ............................................................................................................. 8 What is being done to counteract these security threats? ............................................ 10 What more can be done? ............................................................................................. 13 Report Summary - Key Findings and Recommendations ................................................ 15 An investigation into the emerging Smartphone security threats to consumers ............ 15 How UK Mobile Network Operators are supporting Smartphone operating system updates ........................................................................................................................ 16 An examination into the challenges of supporting multiple versions of Smartphone operating systems ........................................................................................................ 18 An Investigation of Smartphone vulnerabilities and how they are being managed........ 19 An examination on whether current consumer Smartphone protection practices in the UK are working ............................................................................................................ 21 An Investigation and analysis on how other regions are dealing with Smartphone security ........................................................................................................................ 22 An overview and analysis on UK regulatory and institutional responsibilities for Smartphone security .................................................................................................... 23 A look at the impact of emerging mobile technologies to Smartphone security ............ 25 An investigation and security analysis into mobile app store (market) security ............. 26 An investigation and security analysis into ‘sideloading’ mobile apps ........................... 27 1. The emerging threat to consumers .............................................................................. 28 Goode Intelligence © 2013 P a g e | 1 www.goodeintelligence.com Study into the implications of Smartphone operating system security Overview ...................................................................................................................... 28 Threat analysis and impact to consumers .................................................................... 29 2. How UK Mobile Network Operators (MNOs) support Smartphone operating system updates ............................................................................................................................... 38 Overview ...................................................................................................................... 38 Analysis of mobile operating system updates ............................................................... 39 3. Analysis of how UK Mobile Network Operators (MNOs) manage mobile operating system software updates .................................................................................................... 62 4. Smartphone security vulnerabilities .............................................................................. 73 Overview ...................................................................................................................... 73 Levels of reported Smartphone operating system vulnerabilities .................................. 76 Smartphone operating systems vulnerabilities ............................................................. 79 5. Current consumer protection practices in the UK ......................................................... 92 Overview ...................................................................................................................... 92 6. How are other regions dealing with Smartphone security? ......................................... 100 Overview .................................................................................................................... 100 EU.............................................................................................................................. 100 United States of America ........................................................................................... 103 7. Current UK Smartphone security regulatory and institutional responsibilities ............. 108 Overview .................................................................................................................... 108 The Information Commissioner’s Office (ICO) ............................................................ 108 Telecommunications regulation .................................................................................. 109 Fraud and Financial Regulation ................................................................................. 110 UK legislation and Smartphone security ..................................................................... 111 Summary and Recommendations .............................................................................. 112 8. The impact of emerging mobile technology to Smartphone security ........................... 113 Overview .................................................................................................................... 113 Near Field Communications (NFC) ............................................................................ 114 Goode Intelligence © 2013 P a g e | 2 www.goodeintelligence.com Study into the implications of Smartphone operating system security LTE (4G) .................................................................................................................... 116 9. Investigation and security analysis into mobile app market security ........................... 118 Overview .................................................................................................................... 118 Official App Stores ..................................................................................................... 118 Third-party Android App stores .................................................................................. 121 10. Investigation and security analysis into sideloading mobile apps ............................ 123 Overview .................................................................................................................... 123 Android Sideloading ................................................................................................... 123 Appendices ....................................................................................................................... 126 Appendix A: Apple iOS Devices and Operating Systems ............................................... 126 Appendix B: Apple iOS Version History ......................................................................... 127 Appendix C: Apple iOS Wireless Software Update Process .......................................... 129 Appendix D: Apple iOS iTunes Software Update Process ............................................. 130 Appendix E: Google Android version history .................................................................. 131 Appendix F: A guide to mobile operating systems ......................................................... 132 Types of mobile operating systems – mobile models ................................................. 132 ROM and Mobile Operating Systems ......................................................................... 132 Appendix G: Goode Intelligence research methodology and assumptions ..................... 134 Appendix H: About Goode Intelligence .......................................................................... 137 Goode Intelligence © 2013 P a g e | 3 www.goodeintelligence.com Study into the implications of Smartphone operating system security EXECUTIVE SUMMARY Scope of Study Goode Intelligence was commissioned by Ofcom to prepare an independent expert report into emerging risks to users of Smartphones and to further Ofcom’s understanding of how these risks are addressed in this highly dynamic and nascent environment. Ofcom has a statutory duty to further the interests of citizens in relation to communications matters. Ofcom is also guided by a regulatory principle to research markets constantly and aims to remain at the forefront of technological developments and it is on this basis that this report was commissioned. This study investigates ten key areas of Smartphone OS security which are: 1. An investigation into the emerging Smartphone security threats to consumers 2. How UK mobile network operators (MNO)