dc.description.abstract |
Bring Your Own Device (BYOD) is an IT policy being adopted by corporate organizations
worldwide. It permits the employees to bring their own devices like smartphones, tablets, etc
to their place of work and use them to access the privileged corporate information while being
both inside and outside their place of work. Therefore, employees use the same device for their
personal and o ce work. Such a corporate policy brings in a number of advantages like increased
employee productivity, improved employee satisfaction, and reduction in corporate expenses.
However, one of the major concerns in implementing such a policy is data security and privacy.
Permitting employees to access the privileged corporate information on their personal device
can lead to pertinent corporate data being compromised. On the other hand, employees are
apprehensive that the corporate organizations may spy or track their personal cyber activities.
Existing solutions for BYOD can be categorized into Mobile Device Management (MDM)-based
and Network Access Control (NAC)-based. MDM-based solutions are comprised of a client
software, which runs on the users' mobile devices 24/7 monitoring, securing, and managing the
mobile device from a corporate-based server. Such a solution could lead to breach of employees'
privacy and extensive battery drainage. NAC-based solutions assumes the use of corporate
network. Such a solution is not full proof because the corporate data is at a security risk, when
the device is not connected to the corporate network.
In this study, we formulate a generic BYOD policy from a corporate data security perspective,
study the possible security breaches on that policy from Android devices' perspective, and
propose ways to defend against them. We propose a solution architecture for Android-based
mobile devices. Our approach, unlike the existing BYOD solutions, provides data security,
preserves privacy, and consumes less energy. Our approach successfully detects (a) root status
of the device and (b) malicious apps, which steal information or subvert information. Our
detection is 70 % accurate when tested on real malicious applications. Finally, we present
limitations of our approach. |
en_US |