SECURITY MECHANISMS AND ANALYSIS FOR INSECURE DATA STORAGE AND UNINTENDED DATA LEAKAGE FOR MOBILE APPLICATIONS
AbstractUsing one mobile programming language like Objective-C, Swift or Java is challenging enough because of the many things that need to be considered from a security point of view, like the programming language secure guidelines and vulnerabilities. With the introduction of Swift in 2014 itâ€™s now possible to build Swift/Objective-C mobile applications. Building a mobile application using two languages also adds a greater attack surface for hackers because of the need for developers to stay up to date on vulnerabilities on more than one language and operating system.
To our best knowledge, since as of today, there is no academic-research based effort comparing Swift, Objective-C and Android from a programming language and platform security point of view. Our comparative analysis covers a subset of OWASP top ten mobile vulnerabilities and seeing how Swift, Objective-C and Android programming languages safeguard against these risks and how the built-in platform security mechanisms for Android and Apple for the chosen subset of OWASP vulnerabilities compare when placed side-by-side.
2. http://research-methodology.net/research-methodology/research-approach/ , Research Methodology - Research Approach, John Dudovskiy
3. https://www.owasp.org/index.php/OWASP_Mobile_Security_Project#tab=Top_10_Mobile_Risks , OWASP Mobile Security Project, 14 March 2016, at 02:32
4. https://developer.apple.com/swift/ , Apple Developer â€“ Swift, 2016
5. https://developer.apple.com/library/ios/recipes/xcode_help-source_editor/chapters/Analyze.html , iOS Developer Library, Performing Static Code Analysis, 2016-03-21
6. https://tailor.sh , Tailor - Tailor. Cross-platform static analyzer and linter for Swift., 2015
7. http://clang-analyzer.llvm.org , Clang Static Analyzer
8. http://developer.android.com/tools/help/lint.html , Android Developers - Lint
9. https://developer.apple.com/library/mac/documentation/Security/Conceptual/SecureCodingGuide/Articles/TypesSecVuln.html#//apple_ref/doc/uid/TP40002529-SW5 , Apple Secure Coding Guidelines (Buffer Overflows, Secure Storage)
10. http://www.drdobbs.com/security/security-issues-in-swift-what-the-new-la/240168882 , Dr. Dobbâ€™s, Security Issues in Swift: What the New Language Did Not Fix, Denis Krivitski, August 19, 2014
11. http://developer.android.com/training/articles/security-tips.html#InputValidation , Android Developers â€“ Security Tips
12. Hanan Beâ€™er, NorthBit, Metaphor â€“ A (real) real-life Stagefright exploit. Revision 1.1, 2016
13. Allamigeon, Xavier; Godard, Wenceslas ; Hymans, Charles. Static Analysis of String Manipulations in Critical Embedded C Programs
14. http://resources.infosecinstitute.com/ios-application-security-part-20-local-data-storage-nsuserdefaults-coredata-sqlite-plist-files/ , IOS Application Security Part 20 â€“ Local Data Storage (NSUserDefaults, CoreData, Sqlite, Plist files), Prateek Gianchandani, INFOSEC Institute
15. http://www.developer.com/ws/android/encrypting-with-android-cryptography-api.html , Android Encryption with the Android Cryptography API, Chunyen Liu, 5/20/13
16. http://www.example-code.com/swift/crypt2_aes.asp , (Swift) AES Encryption
17. http://www.example-code.com/swift/rsa_encryptStrings.asp , (Swift) RSA Encrypt and Decrypt Strings
18. http://blog.mdsec.co.uk/2012/05/introduction-to-ios-platform-security.html, Introduction to iOS Platform Security, MDSec - Consultancy, Training and Research from a global authority on Information Security, 5/10/2012
19. https://www.chilkatsoft.com/corporate.asp , About Chilkat Software Inc., 2016
20. https://developer.apple.com/library/mac/documentation/Security/Conceptual/cryptoservices/GeneralPurposeCrypto/GeneralPurposeCrypto.html , Encrypting and Hashing Data, Cryptographic Services Guide, 7/15/2014
21. https://www.owasp.org/index.php/Mobile_Top_10_2014-M2 , Insecure Data Storage, Mobile Top 10 2014-M2
22. https://www.owasp.org/index.php/Mobile_Top_10_2014-M4 , Unintended Data Leakage, Mobile Top 10 2014-M4
Copyright (c) 2016 INTERNATIONAL JOURNAL OF COMPUTERS & TECHNOLOGY
This work is licensed under a Creative Commons Attribution 4.0 International License.
Authors retain the copyright of their manuscripts, and all Open Access articles are distributed under the terms of the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided that the original work is properly cited.