A Novel Taxonomy for Mobile Applications Data
Society of Digital Information and Wireless Communications
Security Research Institute
Smartphones are used to perform various types of activities, such as sending emails, transferring money via mobile Internet banking, making calls, texting, web browsing, and playing games. Some of these activities are considered as sensitive and confidential, and are becoming an ever more pressing concern, with high risks associated with scenarios such as loss of sensitive data. Currently, after the point-of-entry authentication at the beginning of a session, using a PIN or password, the user of the device can perform almost all tasks without having to periodically re-authenticate or re-validate their identity. Likewise, the current point-of-entry (PoE) authentication mechanisms consider all applications on the mobile device as if they have the same level of importance; thus maintaining a single level of security for all applications, without any further access control rules. This paper presents a novel taxonomy of mobile applications data, studying the risk for each process within the application. To accomplish this, 10 of the most popular mobile categories were analysed to gain a comprehensive understanding on various risk level associated with user actions on those applications. The analysis concludes that mobile application processes can clearly have different level of risk. From the set considered in the analysis, the results show that 81% of user actions are considered as risky processes, and may therefore merit additional protection beyond the PoE provision.