Ensuring
Mobile Device Security
Quick HealTechnologies Private Limited

• App stores and mobile apps are the
greatest hostile code and malware
delivery mechanism ever created.
— Winn Schwartau, chairman of MobileActiveDefense.com
• For most enterprises and consumers
today, mobile and cloud security are
viewed in a pretty straightforward
way — don't assume there is any.
— Russ Dietz,CTO of SafeNet
Introduction

What do we do with mobile devices?
Phone service and text messaging
Personal email
Scheduling appointments & reminders
Accessing social websites
Listening to music and watching videos
Playing online games
Online shopping, banking and bill paying
Document & other data storage

Information stored in mobile devices
Usernames
Contacts
Passwords
Cookies
Location data
UDID/IMEI, Device name, Network
connection name
Personal information: DoB, address, social,
credit card data, photographs etc.
Application data
Confidential and official documents
Transaction history

Number Crunching..

Mobile device explosion
There are officially more mobile devices than people in the world
And they’re multiplying five times faster than we are
December 2014
7.1 Billion
People
7.7 Billion
Mobile Devices
14.1 Lac Apps
on Google Play
1.4+ million apps available
75+ billion apps downloaded

Do you agree?
With the explosive growth of smartphones, tablets
and other mobile devices, consumers must make
security of the mobile devices a priority & find means
for securing their mobile devices seamlessly and
efficiently.

Risks associated with mobile devices
Portable data storage
Wireless connections
3rd party applications
Data integrity
Data availability

To ensure mobile device security
Ensure the security of the mobile device
 Ensure the security of mobile data
 Ensure the security of mobile applications

ThreatsTo
Mobile Devices
Quick HealTechnologies Private Limited

Threats to mobile devices
Mobile malware
 Smartphones and tablets are susceptible to
worms, viruses,Trojans and spyware
similarly to desktops
Mobile malware can steal sensitive data,
rack up long distance phone charges and
collect user data

Threats to mobile devices
Eavesdropping
Wireless networks have good link-level
security but lack end-to-end upper-layer
security
Data sent from the device to the outside
world is often unencrypted
Intruders eavesdrop on user’s sensitive
communications

Threats to mobile devices
Unauthorized access
Unauthorized access to mobile devices also
means unauthorized access to emails,
apps, social media profiles, multimedia files
and more.

Threats to mobile devices
Theft and loss
Mobile devices are easily susceptible to loss
or theft
Leaving your phone in a taxi or getting your
phone stolen during a bus commute
Data stored in such devices is at risk
The data could be corporate mails,
passwords, bank statements & other crucial
information

Threats to mobile devices
Unlicensed and unmanaged applications
Even popular apps have vulnerabilities that
are open for exploits
Needless to say, the security threats posed
by unlicensed apps
Whether apps are licensed or not, they
must be updated regularly to fix
vulnerabilities that could be exploited to
gain unauthorized access or steal data

Threats to mobile devices
Unlicensed and unmanaged applications
Access to confidential data
In-app ads get the same permissions
Malicious and suspicious app activity
System instability

Methods to handle mobile security
Authentication
 Encryption
 Filtering

Authentication
Authentication is the process of
determining whether someone or
something is, in fact, who or what it is
declared to be
User authentication is usually handled with
username & password combinations,
biometric identifications, PINs etc.
Ultimate aim is to ensure device access to
authentic users only

Authentication
Mobile devices by default are not password
enabled
However, most of the devices have
technical capability to support
authentication - passwords, PINs, pattern
screen locks, and biometric readers
It is up to the users to ensure these are
enabled

Encryption
Encryption is the conversion of data into a
form, called a ‘ciphertext’, that cannot be
easily understood by unauthorized people
In simple words, encryption is the method
of converting plain text to encoded text
which is unreadable by intruders

Encryption
Encrypting mobile devices helps in
securing data stored on a mobile device
or transmitted from mobile devices
Most mobile devices have data
encryption capabilities
Data encryption has little or no impact on
the way users access the data

Encryption
Encryption limits the ability of
intruders to obtain readable and
reckonable data from the mobile
device
Encryption also makes it difficult
to generate important data for
authentication

Filtering
Filtering is the process of removing threats
arising due to web access, email and apps
Mobile devices by default do not have
filtering capabilities
Web pages & email attachments are often
used as carriers of viruses and malware
attacks
Filtering can be done with the use of a
mobile security software and it is not a
default facility provided by mobile devices

Ensuring
Mobile Device Security
Quick HealTechnologies Private Limited

To prevent damage from theft or loss
Set a PIN or password
 Set to automatically lock screens
Backup your contact info
Install a security app
Turn on encryption
Turn on location settings
Enable remote wipe if available
Act immediately if lost - Report to the
authorities
Ervins Strauhmanis / Foter / CC BY
https://www.flickr.com/photos/ervins_strauhmanis/14365412089/

Review application permissions
Take time to read the small print
• What information does the app
require access to?

Encrypt your phone
Encrypt the device data to make it difficult for
intruders to gain and understand sensitive
information

Apps from unknown sources -Take a call
Apps from unknown sources are necessary
sometimes

Mobile Device Management (MDM) - For
enterprises
Mobile Device Management (MDM) apps
allow enrollment of corporate devices over
a seamless cloud-based solution for all
mobile devices within the enterprise
Once a device is connected to the corporate
network, an authorized administrator can
manage and control the mobile fleet
MDM solutions secure, monitor and
manage mobile devices within the
enterprise
It also blocks phishing and malicious
websites and filters web access

How can Quick Heal help?
Quick HealTechnologies Private Limited

How can Quick Heal help?

Quick Heal Khareedo Gaadi Jeeto Contest

Write to us at:
corporatecommunications@quickheal.co.in
Follow us on:
Facebook - www.facebook.com/quickhealav
Twitter - www.twitter.com/quickheal
G+ - http://bit.ly/QuickHealGooglePlus
YouTube - www.youtube.com/quickheal
SlideShare - http://www.slideshare.net/QuickHealPPTs
Visit us:
Website - www.quickheal.com
Official Blog - http://blogs.quickheal.com

ThankYou!

• http://www.itsecuritywatch.com/mobile-security/10-great-quotes-about-mobile-
security/?mode=featured
• http://www.independent.co.uk/life-style/gadgets-and-tech/news/there-are-officially-more-
mobile-devices-than-people-in-the-world-9780518.html
• blogs.quickheal.com
References