Eliminating Android Security Threats Arising from Deletion Flaws Using Headless Block Swapping (HBS)
No Thumbnail Available
Date
September, 2020
Authors
Journal Title
Journal ISSN
Volume Title
Publisher
KNUST
Abstract
Description
Keywords
Citation
The Android operating system continues to dominate the smartphone market with an estimated 85% market share in 2017 (IDC, 2017) due to a growing number of positive features offered by the open source operating system. Rapid growth and improvements to features and capabilities has made it very strong alternative to larger and less mobile desktop operating systems within computing devices in the domain of business and personal functions. Smart phones have now become an integral part of our lives and a common medium of transfer and storage of highly confidential information and transaction. Thus, accessibility of sensitive information on smartphones have become a growing concern due to the lack of ownership consent or approval for access. The flexibility and universal usage of smartphones now serves as an attack vector for privacy infringement and loss of confidential information by attackers who dedicate time and effort to identify and exploit existing smart phone vulnerabilities. This research prioritizes data persistence after deletion as a major concern regarding smartphones and identifies the vulnerabilities android smart phones possess within that domain. The focus area identified the high risks accompanying smartphone device reselling, repossession and disposal to privacy; should the device fall into the hands of anyone who has the intention of extracting data from it. This study investigated the degree of vulnerability for a number of Android smartphone brands which have high market share in Ghana and the knowledge level of users regarding confidential information safety. The study began with a survey to find out which smartphone brands have the most widespread use in the country as well as the awareness of the smartphone users of the data deletion flaw that is inherent to the currently prevalent versions of Android. Following that, the study made use of open source forensic tools to assess the vulnerability of the previously identified brands and various Android versions, to ascertain the average percentage of data that can be retrieved from the devices after they have been factory reset. Finally, in order to address the absence of an efficient data deletion methodology, the study proposed a data deletion solution, dubbed Headless Block Swapping, which aims to unobtrusively handle sanitizing the storage device after a file has been deleted, by removing the data record from the physical disk to make it impossible to recover.