Introduction

Mobile computing has finally arrived. After decades of promises on how a computer will eventually be the size of one’s hand, the day when mobile devices mirror the capabilities of a desktop/laptop computer are here. The first step in this evolution was the smart phone, also called PDA phone, which was built with mini operating systems to allow users to check e-mail and access the Internet. Although e-mail and the Internet were significant features, there is no doubt that the item that pushed the mobile phone from simply an extension of the laptop to slowly replacing the laptop is the host of mobile applications. Similar to the 1980s, when it was less about the hardware on desktop machines and more about the different types of software that could be used on them, mobile devices are being used more for the applications they can support, not their ability to mirror desktop computers. A good example is Apple’s iPhone, where users migrated to the mobile device due to its many applications, not simply because it could be used for e-mail and the Internet. In addition to the iPhone, there is the BlackBerry device, which extends many business functions right to the palm of one’s hand, including the 44th President of the United States. In addition to the iPhone and BlackBerry, there are new players in the market, such as Google’s Android, and familiar faces, such as Windows Mobile, and finally, Symbian, which is used almost everywhere.

In addition to mobile applications, a strong catalyst to the mobile revolution is the advances in the communication technology, specifically high bandwidth with wide wireless freedom. For example, 802.11 came a while ago to mobile devices, which gave the user bandwidth, but it did not give the user freedom to leave the house/office with a continuous connection, a major component to true mobility. The communication paradigm brought by true end-to-end freedom with high bandwidth is a very critical part of the mobile device’s success. For example, it has always been easier to build small operating systems on light hardware, but it took wireless broadband longer to arrive. Before this, one could sync data, but it became stale very quickly. Once the “mobile communication paradigm” provided high enough bandwidth to give the user a continuously connected model, the user acceptance of these devices (and the applications that were written for them) grew drastically. This shift added a physical/tangible property to data, and made it “ubiquitous.”

The Book’s Overview

Now that we have reviewed some of the challenges facing mobile devices, let’s discuss how this book intends to address them. This book is divided into two parts, with the first being “Mobile Application Platforms” (Chapters 2 through 8). These chapters discuss the major operating system platforms on mobile devices, including Google’s Android, Apple’s iPhone, Windows Mobile, RIM BlackBerry, J2ME, and Symbian. These chapters strictly discuss how to use the platforms to build secure applications. For example, they address many of the items in the top 15 list discussed in Chapter 1, including secure storage, application isolation, and malware threads. These chapters should be considered a “how-to” guide for application developers who are interested in leveraging the security models of each platform. Many of the topics are shared between each chapter, so you can read the Google Android chapter about application isolation and compare that with the same section in the Apple iPhone chapter or Microsoft WinMobile chapter. The operating system chapters uses many of the same categories, such as application isolation, application signing, and updates, to allow you to compare and contrast between them. Also, there will be categories specific to each platform as well, such as a specific implementation of an application store. After you have read all the base operating system chapters, be sure to visit Chapter 13, which summarizes the platforms in a condensed format.

The latter half of the book is more diverse—it discusses a few specific attack classes from the top 15 list (discussed in Chapter 1) as well as introduces new areas of concern, such as SMS and Bluetooth issues. These chapters do not necessary relate to mobile applications directly, but tangential parts as many mobile applications leverage Bluetooth support, SMS, or GPS. These chapters will allow you to fully grasp many of the technical issues introduced in the top 15 list as well as a few new ones. For example, although SMS is not a mobile application, it is used heavily by many mobile applications today, even for security purposes. Many bank sites will send users certain banking information if they send a request to a specific SMS number and source the request from a certain mobile phone number (discussed more in Chapter 8). This integration blends the SMS features/exposures on the phone with the mobile HTML use. Such blending makes it important to discuss SMS, Bluetooth, GPS, and other features on the phone that mix with the application layer.