Welcome to the Linux Foundation Forum!

Similar way to secure smart phones and tablets?

I was going to do this as a blog post but I thought I get some feedback first. To see if its good enough to publish at all.:unsure:

Similar way to secure smart phones and tablets.

One way to move away from the problem of the malware ridden Windows platform was to run a Linux LiveCD. Why not use a similar approach to secure smart phones and tablets? The method works by bypassing any contaminated apps that have been installed on the user system by booting and running a minimal default system. Ideally the second system would be on a read-only media but a secure write protect system is perhaps good enough. Here the user can not install anything to compromise the system.

To make it as simple as possible one can add a button to restart the device and to run the secure system, like a built in splashtop in a dualboot configuration.

This method does not exclude the need for checking the applications in the appstore. However when security matters. When we do online banking and other money transactions we need to have a dedicated device. Be it a PC, smart phone or tablet.


  • mfillpot
    mfillpot Posts: 2,177
    The concept is good, however the issue you will face with read-only mediums is not being able to upgrade applications to patch known vulnerabilities. If you are using a read-only medium you can be open to old vulnerabilities between reboots, in which any successful exploitations will not resume after the next reboot, but will remain active until that point doing as they wish.

    I think the best approach would be to build a mobile OS that has a clean core which can effectively jail or sandbox all applications from any resources that they do not list in the dependency/library list that the user must acknowledge prior to installation.
  • perrabyte
    perrabyte Posts: 20
    Thanks for the input. The problem with user acknowledgement is the rather large potential for mistakes. They have to know what there doing.

    What I meant is that you have essentially the same mobile OS twice. Both can be updated through a trusted system but user manipulation ( installing all kinds of apps ) is restricted on the secure system. This could also work as backup system if the user somehow trashes it.
  • mfillpot
    mfillpot Posts: 2,177
    I think I understand what you mean, basically have a user mode and a Read-Only secure mode that a user can easily switch between by physical button, if the user does something wrong then they can "reset to factory state" which in effect will write the Read-Only image into the user mode effectively resetting the device to a base state.

    Is that assessment correct?
  • perrabyte
    perrabyte Posts: 20
    Yes as a last resort this should be possible. Like the uses for a liveCD the user should also be able to run the device in the secure mode. I hope this method has the affect of bypassing any installed apps that are bad.

    Running in the secure mode should not require you to reset the device, it could be that the user with his jail braked smartphone wants a secure environment to conduct money transactions.
  • marc
    marc Posts: 647
    I don't see it practical: rebooting everytime you want to access something in particular? Not for me, thanks.

    Besides, if your devices gets "hacked" you can always flash a firmware image :)

  • For me I'd chose tablet and I reboot it everytime I want to access something. Thanks
    Upcoming Verizon Phones
    New T-Mobile Coming Soon


Upcoming Training