|
1 <?xml version="1.0" encoding="utf-8"?> |
|
2 <!-- Copyright (c) 2007-2010 Nokia Corporation and/or its subsidiary(-ies) All rights reserved. --> |
|
3 <!-- This component and the accompanying materials are made available under the terms of the License |
|
4 "Eclipse Public License v1.0" which accompanies this distribution, |
|
5 and is available at the URL "http://www.eclipse.org/legal/epl-v10.html". --> |
|
6 <!-- Initial Contributors: |
|
7 Nokia Corporation - initial contribution. |
|
8 Contributors: |
|
9 --> |
|
10 <!DOCTYPE concept |
|
11 PUBLIC "-//OASIS//DTD DITA Concept//EN" "concept.dtd"> |
|
12 <concept id="GUID-68BBBA98-BDF7-4562-8168-5E90C73ADCF8" xml:lang="en"><title>Device |
|
13 security</title><prolog><metadata><keywords/></metadata></prolog><conbody> |
|
14 <p>The superior mobility and connectivity of mobile devices constitutes |
|
15 their greatest threat, and allows intruders to try different attack methods |
|
16 against the device. The figure below illustrates the most common methods of |
|
17 attack against mobile devices.</p> |
|
18 <fig id="GUID-2839B915-A025-4404-96A8-B9354F9E5A9F"><title>Mobile device and common attack methods</title><image href="GUID-A9E610B7-505C-41C4-9079-BC83C094982E_d0e6837_href.png"/></fig> |
|
19 <p>Due to the nature of mobile devices, including the potential vulnerabilities |
|
20 mentioned above, you should consider the following points when designing your |
|
21 application:</p> |
|
22 <ul> |
|
23 <li><p>If a mobile device is lost or stolen, confidential information |
|
24 (for example, calendar and contacts) can be read even by those with little |
|
25 expertise.</p></li> |
|
26 <li><p>Users can access confidential information and files at any |
|
27 time, including reverse engineering of software and algorithms.</p></li> |
|
28 <li><p>Data can be transferred from and to the mobile device through |
|
29 different methods, even accidentally. </p></li> |
|
30 <li><p>Users may detach removable media or the battery at any time, |
|
31 which can cause data loss or corruption.</p></li> |
|
32 </ul> |
|
33 <p>When you handle confidential information in your application, remember |
|
34 that with sufficient motivation and resources there are always ways to extract |
|
35 information from a mobile device. As the level of software security improves |
|
36 and attacks become less practical, interest in hardware attacks may in turn |
|
37 increase.</p> |
|
38 <p>In the continuously evolving digital world, every application should |
|
39 have a certain level of robustness against a changing and hostile environment. |
|
40 Applications should be prepared for data corruption and alteration, network |
|
41 and storage blackouts, plug-ins and components that misbehave, malicious attackers, |
|
42 and, perhaps most importantly, user errors.</p> |
|
43 <p>The Symbian <xref href="jar:GUID-35228542-8C95-4849-A73F-2B4F082F0C44.jar!/sdk/doc_source/guide/platsecsdk/index.html" format="application/java-archive">platform security</xref> architecture |
|
44 is designed to protect mobile devices and their contents.</p> |
|
45 <p>For more details, see <xref href="GUID-9058F379-C495-4B22-B270-FF6A80E450B8.dita">Device |
|
46 security mechanisms</xref>.</p> |
|
47 </conbody></concept> |