A Security Framework for Mobile Application Systems: Case of Android Applications.
Main Article Content
Abstract
Smartphones have become a major part of human’s life. And also it has been seen that new mobile applications are built day by day. Currently mobile applications are playing major role in many areas such as banking, social networking, financial apps, entertainment and many more. With this increasing number of applications, security is an important issue. The growth of android market has increased security risk and thus focus should be given to the security. Security is the biggest issue in the field of mobile technology. Therefore, mobile applications need to be assessed and ensure that secure coding practices have been followed during development. Mobile application security breach can lead to fraudulent transactions through mobile applications, confidentiality and revenue loss through communications services misuse. Data that is shared on an unsecured channel is vulnerable to attacks and to stop unauthorized access to this data, there is need to encrypt the data before it is sent to the server. In this research work, different cryptographic algorithms for encrypting data and secure data sharing in mobile applications across communications channels were examined. Simulation methodology was used to investigate a suitable cryptographic algorithm and to design a security framework for mobile applications to solve mobile application security problems. The proposed framework employs the use of Advanced Encryption Standard (AES) algorithm for encrypting meter readings data being exchanged between a smart phone and the server. The results obtained from the simulation of the security framework, showed that the four fields namely: Account number, image path, meter number and phone number on which AES encryption was applied were in an unreadable format (ciphertext), implying that the fields have been successfully encrypted. This solution allows application users to transfer (upload readings) data between a smart phone and database server in a secure manner without facing the problem of data attack. Data being uploaded to the server is encrypted before it is transferred and decrypted once it reaches the server side. This solution addresses android application security in the application and network communications layers and data transmission. The research paper ensures information security is guaranteed between an organisation and its customers.