The mobile environment

Android is an operating system (OS) created for intelligent mobile devices with a touchscreen, such as smartphones or tablets. Knowing the features of a device is important to identify the vulnerabilities that can potentially compromise the integrity, confidentiality, or availability of your application (app).

A smartphone is a connected device and so malicious software can infect it in several ways. The smartphone can communicate with different devices by a wireless or wired connection. For example, it can connect to a computer by a cable or it can connect to another mobile device by a wireless Bluetooth network. These communications allow the user to transfer data, files, or software, which is a possible path to infect the smartphone with malware.

A smartphone is also a connected device in the sense that it can connect to the Internet by cellular networks like 3G or access points via Wi-Fi. Internet is therefore another path of potential threats to the security of smartphones.

Smartphones also have internal vulnerabilities, for example, malicious apps that are installed by the user themselves. These malicious apps can collect the smartphone's data without the user's knowledge. Sensitive data might be exposed because of implementation errors or because of errors that occur while sending data to the wrong receiver. Communication between the apps installed in the smartphone can become a way to attack them.

The following figure represents the types of existing vulnerabilities in smartphones. The connection to the network is one of the external vulnerabilities, since network connections are susceptible to sniffing or spoofing attacks. The connections to external devices also involve potential vulnerabilities as mentioned earlier. Regarding internal vulnerabilities, implementation errors can cause failures and attackers can take advantage of them. Finally, user unawareness is also a vulnerability that affects the internals of the smartphone. For example, installing apps from untrusted sources or setting an imprudent configuration for Wi-Fi or Bluetooth services is a risk.

As a developer, you cannot control the risks associated with external devices or the network, not even those related to user unawareness. Therefore, your responsibility is to create robust apps without implementation errors that can cause security breaches.