Security Application for Smart Phones and other Mobile Devices

1,884 views

Published on

Submitted to International Conference on Informatics, Electronics & Vision (ICIEV 2013) by Nirjhor Anjum, Project Manager at SSL Wireless Ltd.

Published in: Education, Technology, Business
1 Comment
1 Like
Statistics
Notes
No Downloads
Views
Total views
1,884
On SlideShare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
83
Comments
1
Likes
1
Embeds 0
No embeds

No notes for slide

Security Application for Smart Phones and other Mobile Devices

  1. 1. A Security Application for Smart Phone and Mobile Device Nirjhor Anjum Computer Science Department American International University- Bangladesh Dhaka, Bangladesh nirjhor.anjum@gmail.com Abstract—with the development of technology now mobile devices can perform different official activities beside the personal ones. People can store password, valuable documents, pictures, videos and many other private and confidential contents inside their mobile devices. Moreover, high performing mobile devices are very costly. But mobile devices being stolen or missed is a worldwide daily affair, which incurs great loss upon people. In this paper, the idea as well as system architecture of an application has been proposed which helps to strengthen the security of mobile devices. It retrieves the International Mobile Station Equipment Identity (IMIE) number, recent contact list, geological location, and the new SIM's number from the lost device, and finally sends this information to the actual owner of the device. These information help to find the exact location and other details of that lost mobile device. Thus this proposed application acts as a security tool for the smart phones and other mobile devices. The contribution of this proposed application is that it would be very convenient for people of developing country for its cost effectiveness and less energy consumption and will be independent from telecom operator. Keywords-SmartPhone; Security; Trace Lost Phone I. INTRODUCTION Developing an efficient and effective mobile application is always a challenging matter that needs a proper idea and a standard implementation. The problem of good mobile application development is compounded by several factors. Firstly, different users have distinct goals. Secondly, the same visitor may seek different features at different times. Thirdly, an application may be developed for a particular type of device, which may not run in other devices. Fourthly, an application may be developed for particular geographical location or specific group of people. This project is taken in concern keeping all these factors in mind. Therefore, the project will fulfill the need of all the users who use Linux Operating System based smart phones or other mobile devices across the world. It is expected that this application will be a common like for all the users, and will be able to cover maximum users' expectation and attraction, because it will protect the safety of their valuable devices from unwanted situations. This proposed mobile application can help to retrieve any lost mobile device, and can strengthen the security of the devices. Therefore, it will act as a security tool for the mobile devices. This application is a very useful and a profitable one for both the user and the developer party because of its unique features and limitation-free nature. Moreover, this proposed application is developed with JAVA programming language which runs on the Linux Platform, Android OS. All types of mobile devices or tablets that use Linux OS will be able to run this application. In addition, this application can be modified further to make a stronger security tool for any kind of mobile device. The rest of the paper has been organized as following, section 2 discuss about the existing application or concept used for similar purpose. Section 3 describes the application’s feature, implementation process, working principle and algorithm. Finally section 4 focuses on future direction and concludes the proposed application with some remarks. II. LITERATURE REVIEW There are few applications on the Android market and in other Android shops which claim that these can trace a mobile after it gets lost. But there are many limitations of these applications, which make these applications ineffective for providing complete mobile security. Below is a list of such applications, their features and limitations. Point to be noted that, most popular applications of the market are described here. A. Wheres My Droid This application has the following features: 1. Ringtone and vibration is used to detect the lost phone. 2. GPS location is traced 3. Notification for SIM Change However this application is a defected with following limitations 1. This application will not be effective if the application is simply removed from the “Installed Application” option of the mobile. 2. GPS does not work properly. It cannot trace the exact GPS location if the GPS is disabled. 3. If sufficient balance is unavailable, no SMS is sent for SIM change. 4. ANR crash is another limitation B. Mobile AntiVirus Security PRO The claimed features of 'Mobile AntiVirus Security PRO' are [3]:
  2. 2. 1. Application locks screen of lost device and send alert message 2. A message is displayed on the locked screen to request user if anybody find that 3. Make loud noisy sound 4. Use Google Map to trace the location of lost device Mobile Antivirus Security PRO has some Limitations, like [3]: 1. If the device is lost in a distant place then 'ringing' feature of this application becomes valueless to trace the device, and becomes helpful for the thief to grab the device. This option can only be implemented when the owner of the device is fully sure that the lost device is somewhere near, and not stolen. 2. If somehow the Google Map does not work, the application will not work properly. C. AVAST Mobile Security Though AVAST is an Antivirus actually, but it also have some Anti-Theft features. The claimed features of 'AVAST Mobile Security' are [4]: 1. Remotely trace the GPS location of lost device 2. Activate loud sound 3. Remotely erase memory AVAST Mobile Security has some limitations, like [6]: 1. GPS tracking is of no use if the original SIM is changed 2. Loud sound can help only if the lost device is somewhere surround the owner, otherwise this feature is also useless 3. Deleting memory cannot protect the data but can destroy it; therefore this application cannot protect the data of the lost device. From above mentioned discussion it can be seen that, some common features of existing application can be identified such as locking the phone, erasing the phone memory, making loud noise, and tracing the device via GPS. None of these application returns IMIE information or the SIM's activity to its owner which is most important for tracing the lost mobile device. Therefore the limitations of existing applications are destroying complete memory rather than preserving that information, inappropriate use of GPS tracking, without consideration of ensuring owner about the activity of lost device. However, all these limitations are making all existing applications ineffective to retrieve a lost or stolen mobile device especially lost data. D. Comparative Analysis of Proposed Application and Existing Research on Lost Mobile phone Detection There is a research that was found on finding lost mobile devices, thought that was not detailed about the entire application development process. This research was done by some students of Singapore [8]. They explained the conceptual theories of how a lost mobile phone can be traced in their research report. In their prototype their proposed application gathers IMIE number, MNC (Mobile Network Code), MCC (Mobile Country Code), captured image of the thief, recorded voice of the thief while calling somewhere etc. Finally this information will be sent to the owner of the mobile device via MMS. IMIE retrieving is a good concept which is also similar with this proposed research. But there are some other limitations with this research. These are: • MNC (Mobile Network Code) code is not familiar to normal users; they need help form Mobile Network Provider to use MNC. Therefore, the proposed application does not use MNC. • MCC (Mobile Country Code) is not required to trace the lost mobile. As, it is highly probable that no thief goes abroad after stealing mobiles. As a result, we also have not considered MCC and make the proposed application more user-friendly. • Captured image collection is not a good concept, because front-side camera is not available with all the mobile phones, and it is hardly possible that the mobile has captured the thief's photo. This option is completely not feasible, so in this work, image collection is ignored. • Recorded voice collection is not a good idea again for all these cases. Recorded audio files take large space in the memory, therefore while sending those to the owner it will take a large bandwidth. In the case of low bandwidth GPRS networks concept will not work properly. • The researchers of prototype using MMS (Multimedia Messaging Service) to send the collected information to the actual owner of lots mobile. This is again not a good concept. For example, in many developing countries the MMS service is not activated by default. The user needs to activate the MMS service manually or by requesting the Mobile Network Provider. So in such case the MMS will never be able to send information to the actual owner. There is no confusion that use of MMS is not user friendly and flexible to use. On the other hand, this is costly. In this work, all costly means are not considered. Therefore, this work is cheap and potential to be more popular than existing applications, • Their proposed concept does not have any alternative option for sending information. There is option for keeping the tracing activity in pending status so that later when the application finds scope it can send the grabbed information to the actual owner of the mobile. Use of alternative data sending from lost device makes our proposed application more authentic and efficient. • Their research was only on Symbian Operating System (7.0), specifically on Nokia 6600. Point to be noted that only Nokia uses Symbian Operating System. So this research will be helpful only for the old versions of the Nokia mobiles. Android is used by Samsung, Sony, LG, Motorola and other smart phone users, this application is also developed using android SDK. Therefore, it can be implemented by most of the smart phone manufacturer.
  3. 3. • The thief can easily stop the application, as it is noted by them in their research by stopping the software which is another limitation of their research. The major limitation of existing application is the device trace can be disabled by vulnerable user who finds it after lose. However in this proposed application, the second user cannot control the device trace feature. Therefore, the proposed application outperformed the existing applications due to their unavoidable limitations those have been discussed in this section. III. PROPOSED APPLICATION In this section the proposed application has been described as following A. Special Feature of Proposed Application There are several new features of this application which makes this application very useful. These are as following: • The police or any mobile company can trace any lost mobile, but they can do it only when the owner of the mobile device knows his/her lost mobile's IMIE number. Maximum of the available mobile security applications do not send IMIE number to its owner. Besides, in 99% cases the mobile owners do not know their mobile's IMIE number. For this reason, this application will grab the IMIE number at first and will send it to the mobile owner. • GPS Location can be traced by the mobile companies, but that service is costly and time consuming. If the owner can find the location of the mobile device with the help of a small application then he or even the police does not need to go to mobile company for GPS location anymore. • If the mobile device is lost, and if the new user (or maybe thief) changes the SIM (of the lost mobile) frequently, in that case it will be hard for one mobile company to trace the GPS location or the even the IMIE number. This situation will not impact the application anyhow, because in any situation proposed application will be able to send the IMIE number or the GPS location by either SMS or via Email. • Android mobiles are now being available even within 6500 BDT. The mobile owners must not go to file a case to the Mobile Service Provider or to the Police and expend huge money to retrieve their cheap mobile if this recovery work can be done using a small application. This application is making the recovery cost of the lost mobile devices cheaper and the process easier. • This application uses both SMS and Email based communication media with the owner after it gets stolen or lost. Keeping two options makes this application more effective to retrieve it. Maximum available applications do not provide this facility. • Maximum applications lock the screen at first and make loud siren, which is not a clever step to retrieve a lost device at all. Because when the application will lock the mobile and make loud siren, the thief will be alert and will try to format the mobile to destroy the application. This application is developed to work staying background. This special feature will not let the thief understand about the activities of the application. B. Working process of Proposed Application This application is able to take different actions to retrieve the lost devices while running on an Android OS based smart phone or any other mobile device. These actions are described below: 1. This application will force the user to install it on the Phone Memory. • Generally the applications are installed on flash memory. In such case, if the device is stolen and the thief removes the flash memory, all the applications of that mobile get lost. Therefore, forcing the users to install the application on the phone memory will strengthen the security of the application. 2. When the application will run for the first time, it will ask the owner of the mobile device to save his alternative mobile number and email address. • When the mobile device will be lost, the application will automatically send SMS or Email to the owner about its current location and other details of its lost state. 3. When the application finds that the mobile device is lost, it will try to send the device's current location and other details of its lost state to the owner of the device both via SMS and Email. • If the SIM has no balance or no internet connection, in this case the application will try to resend the SMS or Email when the SIM's account is recharged next time, or the internet connection is activated. The information that this application will send to the owner are: IMIE Number: IMIE refers to 'International Mobile Station Equipment Identity' which is a unique number to identify any mobile devices [9]. GPS Location: GPS refers to the Global Positioning System, which is a space-based satellite navigation system that provides location and time information in all weather, anywhere on or near the Earth, where there is an unobstructed line of sight to four or more GPS satellites [10]. SIM Number: SIM refers to "Subscriber Identity Module" which has a unique number to identify a user of any mobile service providing company [11]. Last 10 Dialed Numbers: This will help to trace the people with whom the intruder or the new receiver of the mobile device is contacting. 4. If any person tries to uninstall the application, it will prevent that by asking the master key password
  4. 4. • This strengthens the security of the application. C. Technology Used for Proposed Application This application has been developed using Java Programming Language (J2SE) to run on the Android OS, one of the Linux Operating Systems. As tool we have used are Eclipse and Android SDK. For designing the interface we have used Photoshop and Eclipse's built-in designing features. 1) Java Programming Language The Java Standard Edition (J2SE) will be used which is a widely used platform for programming in the Java language. It is the Java Platform used for deploying portable applications. 2) Linux Operating System Android is a Linux based operating system which is designed primarily for Touch Screen mobile devices such as Smart-Phone and Tablet-Computers [14]. The Android OS will be used for developing this application because now a days maximum mobile are being developed on the Android OS platform. 3) Eclipse It is a tool that helps to develop desktop and mobile applications. It has a plugin ADT (Android Development Tools) that will also be used for developing this application [15]. 4) Android SDK It is a Software Development Kit developed by Android, which is necessary to develop this application [16]. Point to be noted that, now a days, Google has released a software bundle named 'Android ADT' (i.e. Android Development Tool) which contains both 'Eclipse' and 'Android SDK' together [17]. This has made the setup and configuration of Eclipse and Android SDK easy to the mobile application developers. D. Implementation Process of Proposed Application The implementation process of the proposed application can be as following 1) Confirmation of Mobile Loss First step of this proposed application is to confirm that the device is lost. Unlike some other existing applications [23], the proposed application also detect whether the mobile is lost if the SIM card is changed. This process may cause confusion as SIM card can be changed by owner of the mobile device which is not a lost state for the mobile. But, as for an application there is no alternative way to understand whether the mobile is lost or not, it is considered that generally the owners do not change their SIM card very frequently. To track the "SIM card change" the application will compares current SIM number with the last time used SIM number. For this the AndroidManifest.xml should contain the android.permission.READ_PHONE_STATE uses permission. On Application layer, “TelephonyManager” class and the “getLine1Number()” function. Here, the “getLine1Number ()” function will retrieve the current SIM's number, which will be compared with the previously used SIM's number [18]. When this comparison will return that, both the numbers are not same, the application will understand that the SIM card is changed; therefore, the mobile is lost or stolen. Moreover, in developing country usually SIM card may not contain SIM number. Therefore, sometimes getLine1Number() returns NULL. In such case getSimSerialNumber method returns the SIM identification Number. Another way to detect SIM number is to retrieve that number from operator by dialing specific string. For example, in Bangladesh SIM Number can be grabbed by dialing following key strings [22]: a. From GrameenPhone : *2# b. From Banglalink : *511# c. From Robi : *140*2*4# d. From Airtel : *121*6*3# When this code is dialed, it returns the number from the operator, and that can be saved using proposed application. 2) Obtain IMIE Number Obtaining IMIE number is the main action to be done for tracing a mobile device. As maximum people do not know their device’s IMIE number, tracing it can help best to retrieve the lost devices. When the application finds that it is lost, it will trace the IMIE number and will send it to the actual owner of the device either via SMS or Email [19]. In AndroidManifest.xml file READ_PHONE_STATE permission should be added. In addition the following code snippet returns the IMIE Number. getDeviceId() method of TelephonyManagerclass returns the IMIE number. 3) Get Current Geographical Location Getting the lost mobile’s current location is another major action to be taken. For this the Android “Geocoder” class is used. This class helps to retrieve the accurate latitude and longitude of the lost device, by which one can trace his device’s exact location wherever it is [23, 24]. At first, an object of the “Geocoder” class is created. Then, the “getFromLocation” function is called to which retrieves the latitude and longitude of the device. Next, the application will check whether the latitude and longitude is correctly retrieved or not, and finally it will be sent to the owner via SMS or Email [25, 26]. From the latitude and longitude the country name, city name, road name etc can be found [27]. But Google Map or other maps are not 100% accurate in the case of undeveloped and newly developing countries. For this reason, the application will retrieve only latitude and longitude, as it can be said as 100% perfect. This entire process is done through 3 steps, which can be clear from the below figure 2. SIM Card Changed Mobile is Lost Mobile is not Lost YesNo Figure 1: Mobile Lost State Detection
  5. 5. Figure 2: Workflow of GeoCodeRetrival 4) Get Last Dialed Numbers List This application also grabs last dialed numbers of the thief. Sometime this helps to trace about whom the thief is contacting. For retrieving the last dialed numbers the “getContentResolver ()” function is called at first [28]. If the number is saved in the mobile, then this application will also be able to trace the numbers including the number’s owner. For this action the “getColumnIndex ()” function is used [29]. 5) Sending Automatic SMS to the Mobile Owner Sending the grabbed information to the Mobile Owner is the main action that will help the owner to retrieve the lost mobile device. At first, for sending SMS the application will request permission from the OS by calling “android.permission” for “SEND_SMS” and “RECEIVE_SMS” options both. Next the “Intent” class will be called to call the Intent function so that the SMS can be delivered to the owner. After that, the “smsIntent.putExtra()” function will prepare the SMS for the owner. And finally, with the help of “start Activity () function the SMS will be sent to the owner [30]. 6) Keep the Action as Pending in case of Unsuccessful Notification There may be a case like the mobile is out of balance or has no internet connection. In such case the application will keep its action pending, and wait for future favorable condition. When the application will find balance or internet connection it will instantly send notification about the detailed statement of the lost mobile. The below figure can make this action clear. Table 1: Notation used in Algorithm 1 Notation Meaning MAX_DAILED Maximum number of recent called numbers MAX_GEO_LOCATION Maximum number of recent location PRE_CONFIGURD_NUMBER The SIM number to which SMS would be sent E. Algorithm of Proposed Application Figure 3 depicts the whole scenario of the proposed application. Finally algorithm 1 describes the functionality of proposed. Algorithm 1: Algorithm of Proposed application Pre-condition: i. The application (A) is installed and running background ii. SIM card is changed from previous SIM card Number Post-Condition: i. Owner can know the current location and phone activity of lost mobile 1 Service of A is invoked 2 Retrieve IMIE Number, SIM number, Last MAX_DAILED dialed number, last MAX_GEO_LOCATION Geographical locations and stored as a SMS as well as offline email 3 Check Balance to send SMS to PRE_CONFIGURD_NUMBER 3.1 If Balance is sufficient for SMS, Send Saved SMS with information retrieved at step 2 3.2 Else Check for internet connection 3.2.1 If Internet Connection is available Send saved offline email Else wait for Internet Connection and periodically check step 3 and 3.2 IV. CONCLUSIONS This application is a very useful one for users to make their mobile devices secure. Up to now lost mobile devices are tracked with the support of national security services with the help of telecommunication service providers, which needs a lot of steps and formalities. But this application makes this process easy and convenient for even the normal user level. This application reduces expense, at the same time increase Run GeoCoder Get Latitude and Longitude Find the Street, Road, City and Country by comparing the Latitude and Longitude from the database of Google Map Figure 3: Scenario of Proposed Application
  6. 6. the potentiality to find out the lost device. Another significant contribution of this paper is decrease in energy consumption. As the service is not running continuously, therefore an imminent level of energy consumption can be reduced. Further development can help this application to be a strong tool for mobile security. This project can be a very profitable and as well as effective one for the user and the service provider. This project covers all the needs of the anti-theft and anti-lost protection. Additionally the Virus and other Mobile Infection Protection features can be added with this application. Therefore, this application can be turned into a Total Security Software for any mobile device. This application can be implemented in Linux based small electronic devices to detect lost vehicles and other aspect. Though, now-a-days, this service is available by some security providing companies, but this project can make the costing of this type of device detection cheaper. REFERENCES [1] Wheres My Droid Application Manual - Android Application Store - https://play.google.com/store/apps/details?id=com.alienmanfc6.wheresm yandroid [2] Wheres My Droid Application Manual - Android Application Store - https://play.google.com/store/apps/details?id=com.alienmanfc6.wheresm yandroid&review [3] Mobile AntiVirus Security PRO - Android Application Store- https://play.google.com/store/apps/details?id=org.antivirus [4] avast! Mobile Security - Android Application Store- https://play.google.com/store/apps/details?id=com.avast.android.mobiles ecurity [5] Bitdefender Anti-Theft - Android Application Store - https://play.google.com/store/apps/details?id=com.bitdefender.antitheft [6] https://play.google.com/store/apps/details?id=com.comodo.mobile.como doantitheft [7] Anti Theft Free - Android Application Store - https://play.google.com/store/apps/details?id=br.com.maceda.android.an tifurto [8] Proactive Detection and Recovery of Lost Mobile Phones - Ong, Chen Hui; Kasim, Nelly; Jayasena, SajindraKolithaBandara; Rudolph, Larry; Cham, Tat Jen - January 2005 - Massachusetts Institute of Technology, Singapore. [9] http://en.wikipedia.org/wiki/International_Mobile_Station_Equipment_I dentity [10] Global Positioning System http://en.wikipedia.org/wiki/Global_Positioning_System [11] Subscriber identity module http://en.wikipedia.org/wiki/Subscriber_identity_module [12] http://download.oracle.com/javase/1.5.0/docs/ [13] http://en.wikipedia.org/wiki/Android_(operating_system) [14] Eclipse IDE for Andorid -http://www.eclipse.org/downloads [15] Android SDK - http://developer.android.com/sdk/index.html [16] Android Developer Site - http://developer.android.com/tools/help/index.html [17] http://stackoverflow.com/questions/4896715/how-to-fetch-own-mobile- number-in-android [18] http://www.strazzere.com/blog/2008/11/uniquely-identifying-android- devices-without-special-permissions/ [19] http://stackoverflow.com/questions/1972381/how-to-programmatically- get-the-devices-imei-esn-in-android [20] http://stackoverflow.com/questions/10173030/fetch-own-mobile- number-in-android [21] http://tech4u.mwb.im/how-to-know-your-own-mobile-number- grame.xhtml [22] Geocoder for Android- http://developer.android.com/reference/android/location/Geocoder.html [23] Location for Android http://developer.android.com/guide/topics/location/obtaining-user-loca tion.html [24] http://stackoverflow.com/questions/5028830/get-current-location- address-for-android-app [25] http://android-er.blogspot.com/2011/02/get-address-from-location- using.html [26] http://stackoverflow.com/questions/12047507/easy-way-to-get-city- from-locationmanager-on-android [27] http://stackoverflow.com/questions/9095824/how-to-get-latest-dialed- no-android [28] http://developer.android.com/reference/android/provider/CallLog.Calls.h tml [29] http://stackoverflow.com/questions/10607361/android-send-sms- automatically-on-button-click [30] Howard Edward Kagay, Jr. -Method and apparatus for operating a lost mobile communication device - Patient No: US6782251 B2 - August 24, 2004. [31] SeppoHelle, Paimio -Method and Apparatus for controlling and security mobile phone that are Lost, Stolen or Missed - Patient No: US6662623 B1 - December 9, 2003. [32] D. Chincholle, Michael Goldstein, M. Nyberg, M. Eriksson - Lost or Found? A usability evaluation of Mobile navigation and location-based Service - Human Computer Interaction with Mobile Devices, Lecture Notes in Computer Science - Vol: 2411 - Year 2002 - PP. 211-224. [33] James Keogh - The Complete Reference, J2ME - TATA McGraw-Hill Publishing Company Limited - New Delhi. [34] Jeff Friesen - Learn Java for Android Development - Apress - Canada. [35] Peter Hsieh, Troy Steinbauer - Mobile Device Theft Recovery Application - University of California, Santa Barbara. http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.175.9985&rep =rep1&type=pdf [36] George Stefan Bogdan - Mobile Remote Control Architecture - Journal of Mobile, Embedded and Distributed Systems (2012) - Vol 4, No 1. [37] Y Fledel, AShabtai, D Potashnik, Y Elovici - Google Android: An Updated Security Review - International Arab Journal of Information Technology (2010) - Volume 76, 2012, PP. 401-414. [38] Ben Fagin, Frank Sposaro, and Gary Tyson - Indoor tracking of geriatric patients using bluetooth - First AMA IEEE Medical Technology Conference on Individualized Healthcare - March 2010. [39] R. Agarwal -Android authentication and device administration API - Journal of Computing Sciences in Colleges archive - Volume 27 Issue 5 - May 2012 - PP. 187-195.

×