A Framework for Enhancing Security and Privacy on Unmodified Mobile Operating Systems

Mobile device utilization continues to experience considerable growth and the privacy and security of these devices are becoming more critical with their continued rise in utilization. In this paper, we discuss the components of a mobile operating system that require enhancements in the security and privacy controls that are inherent in modern mobile operating systems. We then propose a policy that can be used to provide the semantics of defining additional security and privacy controls. Using this policy, we propose a framework that can be utilized by an application to enforce a user-defined policy while taking into account the computing constraints of a mobile platform. We then describe the implementation of a limited prototype of this framework and demonstrate its effectiveness in enforcing a user-defined policy.