A Configurable and Extensible Security Service Architecture for Smartphones

In current Bring-Your-Own-Device (BYOD) settings, companies struggle to assess and control the security level of their employee´s smartphones. Application distribution points like the Apple Application Store and Google Play provide application reviews and malware checks, but these measures are opaque and not aligned with corporate-specific security guidelines. In this paper, we present a framework which allows companies to run automated security checks, tailored to their specific security requirements and independent of app markets. Our framework orchestrates different plug-in security services for checking mobile devices for malware, misbehaving application, and configurations. The framework operates on a virtual replica which is created from the physical device, thereby allowing deeper inspection than current industry´s state-of-the-art solutions. We implemented the framework as a prototype and evaluated its performance and feasibility.