Recently, mobile security has garnered considerable interest in both the research community and industry due to the popularity of smartphones. The current smartphone platforms are open systems that allow application development, also for malicious parties. To protect the mobile device, its user, and other mobile ecosystem stakeholders such as network operators, application execution is controlled by a platform security architecture. This book explores how such mobile platform security architectures work. We present a generic model for mobile platform security architectures: the model illustrates commonly used security mechanisms and techniques in mobile devices and allows a systematic comparison of different platforms. We analyze several mobile platforms using the model. In addition, this book explains hardware-security mechanisms typically present in a mobile device. We also discuss enterprise security extensions for mobile platforms and survey recent research in the area of mobile platform security. The objective of this book is to provide a comprehensive overview of the current status of mobile platform security for students, researchers, and practitioners.

1. Introduction -- 1.1 Mobile security history -- 1.2 Book overview. 2. Platform security model -- 2.1 Stakeholders -- 2.2 Mobile software architecture -- 2.3 Platform security model -- 2.3.1 Software deployment -- 2.3.2 Application installation -- 2.3.3 Runtime protection -- 2.3.4 Platform management. 3. Mobile platforms -- 3.1 Java ME -- 3.2 Symbian -- 3.3 Android -- 3.4 iOS -- 3.5 MeeGo -- 3.6 Windows phone. 4. Platform comparison -- 4.1 Software deployment -- 4.1.1 Distribution model and application signing -- 4.1.2 Application identification -- 4.1.3 Permission request -- 4.1.4 Access control declaration and scope -- 4.1.5 Access control granularity -- 4.2 Application installation -- 4.2.1 Permission assignment -- 4.2.2 Permission presentation -- 4.2.3 Application updates -- 4.3 Runtime protection -- 4.3.1 Runtime permissions -- 4.3.2 Access control enforcement -- 4.3.3 Execution protection -- 4.3.4 Application data protection -- 4.3.5 Hardware security APIs -- 4.4 Platform management -- 4.4.1 Platform boot integrity -- 4.4.2 Platform data integrity -- 4.4.3 Platform updates and device management -- 4.5 Device rooting -- 4.5.1 iOS -- 4.5.2 Android -- 4.5.3 Other mobile operating systems. 5. Mobile hardware security -- 5.1 Platform boot integrity -- 5.1.1 Secure boot -- 5.1.2 Authenticated boot -- 5.2 Secure storage -- 5.3 Isolated execution -- 5.4 Device identification -- 5.5 Device authentication -- 5.6 Hardware security architectures -- 5.7 TEE standards. 6. Enterprise security extensions -- 6.1 Enterprise security extension model -- 6.1.1 Infrastructure components -- 6.1.2 On-device components -- 6.2 Selected commercial solutions -- 6.2.1 Application level extensions -- 6.2.2 Platform level extensions -- 6.2.3 Mobile device management software. 7. Platform security research -- 7.1 Android-based platform security research -- 7.1.1 Attacks and threats -- 7.1.2 Security extensions for Android -- 7.2 Platform security research on iOS -- 7.2.1 Limits of Apple's application vetting process -- 7.2.2 iOS security extensions -- 7.3 Discussion. 8. Conclusions -- Bibliography -- Authors' biographies.