Mobile technology has come a long way in a relatively short span of time. Mobile device usage has increased and the amount of data consumption has grown drastically. Faster and more efficient cellular data access means, consumers enjoy a revolutionary mobile experience, which is better than the last. At the same time, cyber-attacks on mobile devices, especially on smartphones, have become more prevalent. This is indicative of the fact that ensuring security of data on mobile devices has become more important than ever.
It’s easy to perceive why malicious intenders target mobile devices these days. Users now store more information and access more services on smartphones and tablets than ever before. All that personal data and behavioral information is attractive to hackers and thieves. In order to protect the data of businesses and end users, from such mischiefs, the Government of India has recently launched an Android based mobile security application, M-Kavach. It comes bundled up with several security features such as secure storage of files; call/SMS filtering, where a black list and white list of numbers can be entered; anti-theft option which tracks the change of SIM card on phone; settings like device restrictions for secure Wi-Fi, Bluetooth mobile data access, etc.
Another feature of this application is that it doesn’t display advertisements, which is quite unusual for a free solution. It also enables users to lock important applications with a pin. Overall, the application is user-friendly and feature rich. It combines the features of various apps in one single application. It serves its purpose by providing a safe and secure platform for the consumption of digital services. It will also boost the confidence of common man in the security of nation’s infrastructure.
With M-Kavach, the Government has taken a step forward towards transforming India into Digital India. However, it is still in a nascent stage and needs improvements before it can be considered as a full-fledged security application. Following are few suggestions that could be incorporated in the next release /update:
- The splash screen that opens, upon the application launch, is not essential to the functioning of the application. Therefore, it could be dropped or replaced with a screen displaying security tips.
- The applications protected by PIN remain locked until the first launch and can be accessed without the PIN on subsequent launches. There should be an option of setting a time limit post which the applications gets auto-locked.
- Every time the phone is started, a SMS is sent on the registered number. It happens even if the application is uninstalled and the mobile number is unregistered from the application. This glitch should be addressed.
- The user interface could be made more user-friendly with the help of few animations.
- The PIN menu floating over the locked application doesn’t hide the background properly; the application’s/pic’s background still remains visible. The background should be made opaque to ensure better user privacy.
- Though the application supports commonly used authentication mechanisms, it should also integrate the use of biometrics, i.e., using fingerprint scanner, wherever available, for providing advanced level of protection to the users. Through this the application can also support two-factor authentication. This form of authentication comes in handy for protecting critical applications such as banking, messengers, photo galleries, etc.
Some tips to safe guard mobile devices against today’s threats:
- Geo-Location: This feature is used to report a device’s location to apps and to associate the device with real-world locations. Applications use this service to quickly determine the device’s location in order to provide services directed towards the user. However, it’s important to think critically about leaving these permissions on at all times, as they can allow hackers to uncover user’s whereabouts and understand their movement patterns. Users should ensure that Geo-location permissions are activated only for those applications which require them to work as intended.
- Apps: Each application is as vulnerable as the device’s OS and hackers have been able to find and expose holes in popular applications, attacking phones and their data. Users should make a habit of updating not only the device’s operating system, but also every application installed on their phone. If not needed, it’s better to uninstall them than not updating them.
- Camera: Hackers can access the device’s camera to keep an eye on the user. Certain spy applications can get installed, allowing miscreants to hijack a smartphone’s camera and microphone to track and monitor the user. Users should ensure that camera and microphone permissions are activated only for those applications which require them to work as intended.