Abstract:
Enterprises around the world have been searching for a way to securely enable Android™ devices for work, but have shied away from the platform due to ongoing security and fragmentation concerns. With the release of Android 5.0, Google laid the groundwork for dual-persona support right in the OS with "managed profile" APIs. Different vulnerabilities have been reported in Android devices since its release. These vulnerabilities have raised serious security concerns for the enterprises, willing to implement Android’s dual persona-support. I have studied and reviewed the major security threats and vulnerabilities aimed at Android smart phones. To tackle the security concerns, a survey of vulnerabilities that may threat dual persona feature of Androidhave been done. All such vulnerabilities have been compiled and their impact have been statistically analyzed. Then a detailed comparison of dual persona support feature marketed by the top vendors and manufacturers have been carried out. Based on analysis, necessary controls have been recommended. Every smartphone manufacturer designs a dual persona solution per its hardware framework with limited features. For enhanced features, companies go for third party solutions offered by smartphone vendors. However, use of such solutions may comprise company's security policies. asAndroid has the largest market share so we have offered a security model for the highest occurring vulnerability that threat smartphone applications in Android. A security model to tackle Inter Processor Communication (IPC) abuse has been suggested and implemented in java.