Architecture and design principles

The following is a merge of ENISA, OWASP and Veracode top 10. Note that there is a mixture of threats and vulnerabilities here - we should decide whether to use risks (threats with impact on assets which occur with probability) and vulnerabilities (system flaws which increase the probability of a threat occurring). I have cut those risks/vulnerabilities which cannot be addressed in any way by developers. We should decide whether to include recommendations in the style of "code of practice"- e.g. activity monitoring should only be used in circumstances xyz...

Top Risks/Vulnerabilities

1. Unsafe sensitive data storage
   1. Consider the whole data lifecycle in writing your application
   2. Automatically delete data which is not required (how to know when it's not required?).
   3. Securely delete data using standard shredding techniques.
   4. Store a minimum of data on the client side device.
   5. Securely wipe removable media
   6. Be aware of caches and temporary storage as a possible leakage channel.
   7. Implement key and password storage best practice.
   8. Figure out what data needs to be protected most and what doesn't.

1. Unintentional disclosure of data: The smartphone user unintentionally discloses data on the smartphone.
   1. Apply the principle of minimal disclosure - only collect and disclose data which is required for the application (how to know what this is?)
   2. Apply techniques for the detection of covert channels - e.g. covert flow trees to discover information which may flow through shared resources such as file systems, resource use etc...

1. Attacks on decommissioned smartphones: The smartphone is decommissioned improperly allowing an attacker access to the data on the device.
2. Phishing attacks: An attacker collects user credentials (such as passwords and credit card numbers) by means of fake apps or (SMS, email) messages that seem genuine.
3. Spyware: Spyware covers untargeted collection of personal information as opposed to targeted surveillance.
4. Network Spoofing Attacks: An attacker deploys a rogue network access point (WiFi or GSM) and users connect to it. The attacker subsequently intercepts (or tampers with) the user communication to carry out further attacks such as phishing.
5. Surveillance attacks: An attacker keeps a specific user under surveillance through the target user’s smartphone.
6. Diallerware attacks: An attacker steals money from the user by means of malware that makes hidden use of premium SMS services or numbers.
7. Financial malware attacks The smartphone is infected with malware specifically designed for stealing credit card numbers, online banking credentials or subverting online banking or ecommerce transactions.
8. Network congestion Network resource overload due to smartphone usage leading to network unavailability for the end-user.
9. Unauthorized network connectivity (exfiltration or command & control)
10. UI Impersonation
11. System modification (rootkit, APN proxy config)
12. Logic or Time bomb (including runtime interpreter)
13. Unsafe sensitive data transmission
14. Hardcoded password/keys
15. Lack of data protection in transit
16. Client-side injection
17. Client-side DOS
18. Malicious third-party code
19. Client-side buffer overflow
20. Failure to properly handle inbound SMS messages
21. Failure to properly handle outbound SMS messages
22. Failure to disable insecure platform features in application (caching of keystrokes, screen data)