Smartphones have become an integral part of our daily lives that offer a multitude of features in a small form factor. Users store sensitive personal information on their phones and perform financial transactions. Moreover, people use their personal phones to access corporate/government resources and vice versa. We perform tasks on smartphones that require multiple security models to execute the tasks securely. However, most smartphone operating systems need to focus on the usability which compromises security.
In this project, we present a security framework for smartphone operating systems. The core idea of the framework resembles the security of a modern smart city. The operating system acts as the government of the city and the applications are the citizens. It has components to protect resources and perform policing (monitor, detect, and control). There are multiple application zones with different security constraints. Smartphones with this framework automatically switch to a different security mode based on the detected context to satisfy the security requirements in different use cases. Installed applications are monitored to identify anomalous behavior as well as certain specific malicious behavior like click-fraud. The operation of the framework is mostly automated and requires no input from users for default operations. We implement a significant portion of the framework for Android and our experiments suggest that the framework improves the overall security of Android increasing its ability to protect user resources as well as to detect and control malware.