Android mobile VoIP apps: a survey and examination of their security and privacy

Electronic Commerce Research

Volumn 16, Issue 1, 2016, Pages 73-111

  Azfar, Abdullah ^a   Choo, Kim Kwang Raymond ^a   Liu, Lin ^a  

^a UNIVERSITY OF SOUTH AUSTRALIA   (Australia)

Author keywords

Android applications; Mobile VoIP (mVoIP) applications; Security and privacy of mobile VoIP apps; Voice over Internet Protocol (VoIP)

Indexed keywords

ANDROID (OPERATING SYSTEM); INTERNET PROTOCOLS; INTERNET TELEPHONY; MOBILE SECURITY; SURVEYS; VOICE/DATA COMMUNICATION SYSTEMS;

ANDROID APPLICATIONS; MOBILE VOICE OVER INTERNET PROTOCOL APPLICATION; MOBILE VOIP; SECURITY AND PRIVACY; SECURITY AND PRIVACY OF MOBILE VOICE OVER INTERNET PROTOCOL APPLICATION; VOICE OVER INTERNET PROTOCOL; VOIP APPLICATIONS;

CRYPTOGRAPHY;

EID: 84958034911     PISSN: 13895753     EISSN: 15729362     Source Type: Journal    
DOI: 10.1007/s10660-015-9208-1     Document Type: Article

References (51)

1. Appelman, M., Bosma, J., & Veerman, G. (2011). Viber communication security: Unscramble the scrambled.
2. Australian Government Department of Broadband Communications and Digital Economy. (2013). Statistical Snapshot.
3. Azab, A., Watters, P., & Layton, R. (2012). Characterising network traffic for skype forensics. In Proceedings of theThird Cybercrime and Trustworthy Computing Workshop (CTC), Australia, 29–30 October 2012 (pp. 19–27).
4. Azfar, A., Choo, K.-K. R., & Liu, L. (2014). A study of ten popular android mobile voip applications: Are the communications encrypted? In Proceedings of the 47th Anual Hawaii International Conference on System Sciences (HICSS), Hawaii, 6–9 January 2014 (pp. 4858–4867).
5. BKAV Internet Security Corporation (2013). Critical flaw in Viber allows full access to Android Smartphones, bypassing lock screen. Accessed April 30, 2013, from http://www.bkav.com/top-news/-/view_content/content/46264/critical-flaw-in-viber-allows-full-access-to-android-smartphones-bypassing-lock-screen.
6. Blond, S. L., Zhang, C., Legout, A., Ross, K., & Dabbous, W. (2011). I know where you are and what you are sharing: exploiting P2P communications to invade users’ privacy. In Proceedings of theACM Internet Measurement Conference (SIGCOMM 2011), Germany, 2–4 November 2011 (pp. 45–60).
7. Cagnina, M., & Poian, M. (2009). Beyond e-business models: The road to virtual worlds. Electronic Commerce Research,9(1–2), 49–75.
8. Carpenter, M., & Wright, J. (2009). Advanced metering infrastructure attack methodology. http://inguardians.com/pubs/AMI_Attack_Methodology.pdf.
9. Chang, H. (2013). The security service rating design for IT convergence services. Electronic Commerce Research,13(3), 317–328.
10. Chang, Y. F., Chen, C. S., & Zhou, H. (2009). Smart phone for mobile commerce. Computer Standards & Interfaces,31(4), 740–747.
11. Chen, Q., Chen, H.-M., & Kazman, R. (2007). Investigating antecedents of technology acceptance of initial eCRM users beyond generation X and the role of self-construal. Electronic Commerce Research,7(3–4), 315–339.
12. Choo, K. K. R. (2009). Secure key establishment. Advances in information security (Vol. 41). New York: Springer.
13. Choo, K.-K. R. (2014). Mobile cloud storage users. IEEE Cloud Computing,1(3), 20–23.
14. Choo, K.-K. R., Smith, R. G., & McCusker, M. (2007). Future directions in technology-enabled crime: 2007–2009. Canberra: Australian Institute of Criminology.
15. Does Skype use encryption? Retrieved January 30, 2014, from https://support.skype.com/en/faq/FA31/does-skype-use-encryption.
16. Dorfinger, P., Panholzer, G., & John, W. (2011). Entropy estimation for real-time encrypted traffic identification (Short Paper). In J. Domingo-Pascual, Y. Shavitt, & S. Uhlig (Eds.), Traffic monitoring and analysis (Vol. 6613, pp. 164–171, Lecture Notes in Computer Science): Springer Berlin Heidelberg.
17. Fring. Retrieved January 27, 2014, from http://www.fring.com/.
18. Ghaemmaghami, H., Dean, D., Sridharan, S., & McCowan, I. (2010). Noise robust voice activity detection using normal probability testing and time-domain histogram analysis. In Proceedings of theIEEE International Conference on Acoustics Speech and Signal Processing (ICASSP), USA, 14–19 March 2010 (pp. 4470–4473).
19. Goldreich, O. (2004). Foundations of cryptography: Volume 2, basic applications. Cambridge: Cambridge University Press.
20. Gomes, J., Inacio, P., Pereira, M., Freire, M., & Monteiro, P. (2013). Identification of peer-to-peer VoIP sessions using entropy and codec properties. IEEE Transactions on Parallel and Distributed Systems,24(10), 2004–2014.
21. Google How Hangouts encrypts information. Retrieved April 3, 2015, from https://support.google.com/hangouts/answer/6046115?hl=en#.
22. Guo, J.-I., Yen, J.-C., & Pai, H.-F. (2002). New voice over Internet protocol technique with hierarchical data security protection. IEE Proceedings: Vision, Image and Signal Processing,149(4), 237–243.
23. Hester, J. (2009). Big Blue Ball.com: Instant messaging & social networking. Accessed January 25, 2014, from http://www.bigblueball.com/im/googletalk/.
24. ICQ. (2011). ICQ Privacy Policy. Accessed April 3, 2015, from http://www.icq.com/legal/privacypolicy/en.
25. Infonetics Research raises VoLTE forecast; Over-the-top mobile VoIP subscribers nearing 1 billion mark (2013). Accessed January 15, 2014, from http://www.infonetics.com/pr/2013/Mobile-VoIP-Services-and-Subscribers-Market-Highlights.asp.
26. Jahanirad, M., AL-Nabhani, Y., & Noor, R. M. (2011). Security measures for VoIP application: A state of the art review. Scientific Research and Essays,6(23), 4950–4959.
27. Johnson, M., Ishwar, P., Prabhakaran, V., Schonberg, D., & Ramchandran, K. (2004). On compressing encrypted data. IEEE Transactions on Signal Processing,52(10), 2992–3006.
28. King, A., & Lyons, K. (2011). Automatic status updates in distributed software development. In Proceedings of the2nd International Workshop on Web 2.0 for Software Engineering, USA, 21–28 May 2011 (pp. 19–24).
29. Lee, J., Ko, H.-S., Park, S., Seo, M., & Kim, I. (2011).Study on secure mobile communication based on the hardware security module. In Fifth International Conference on Mobile Ubiquitous Computing, Systems, Services and Technologies (UBICOMM 2011), Portugal, 20–25 November 2011 (pp. 23–26)
30. Ludwig, S., Beda, J., Saint-Andre, P., McQueen, R., Egan, S., & Hildebrand, J. (2009). XEP-0166: Jingle. Accessed January 30, 2014, from http://xmpp.org/extensions/xep-0166.html.
31. Menghui, Y., Hua, L., & Tonghong, L. (2010). Implementation and performance for lawful intercept of VoIP calls based on SIP session border controller. In Proceedings of the IEEE 10th International Conference on Computer and Information Technology (CIT), United Kingdom, 29 June-1 July 2010 (pp. 2635–2642).
32. Misra, S. K., & Wickamasinghe, N. (2004). Security of a mobile transaction: A trust model. Electronic Commerce Research,4(4), 359–372.
33. Nimbuzz. Accessed January 30, 2014, from http://www.nimbuzz.com/en/support.
34. NSA slides explain the PRISM data-collection program. (2013). The Washington Post.
35. PcapHistogram. Retrieved January 30, 2014, from http://www.willhackforsushi.com/code/pcaphistogram.pl.
36. Perez, J. C. (2013, May 25). Google defends its use of proprietary tech in Hangouts. PC World
37. pyNetEntropy. Accessed January 30, 2014, from https://github.com/batidiane/pyNetEntropy.
38. Sarkar, A. (2012). Yahoo! Voice Compromised, 450 K Login Credentials Stolen & Posted In Plain Text. Accessed January 30, 2014, from http://www.voiceofgreyhat.com/2012/07/yahoo-voice-compromised-450k-login.html.
39. Shannon, C. E. (1951). Prediction and entropy of printed English. Bell Systems Technical Journal,30(1), 50–64.
40. Shepard, B. (2013). 10 Cool Ways Companies Use Skype. Accessed January 30, 2014, from http://blogs.skype.com/2013/08/28/happy-10th-ten-cool-ways-companies-use-skype/.
41. Soupionis, Y., Basagiannis, S., Katsaros, P., & Gritzalis, D. (2011). A formally verified mechanism for countering SPIT. In C. Xenakis, & S. Wolthusen (Eds.), Critical Information Infrastructures Security (Vol. 6712, pp. 128–139, Lecture Notes in Computer Science): Springer Berlin Heidelberg.
42. Tango. Accessed January 27, 2014, from http://www.tango.me/.
43. Viber are my messages secure? Accessed April 3, 2015, from https://support.viber.com/customer/portal/articles/1600146-are-my-messages-secure-#.VR321vmUeSo.
44. Viber Connect Freely. Accessed January 15, 2015, from http://www.viber.com/.
45. VoIP Users Conference. Accessed January 27, 2014, from http://www.voipusersconference.org/2011/jabber-jitsi-nimbuzz/.
46. Vonage Mobile. Accessed January 30, 2014, from http://www.vonagemobile.com/.
47. Vrakas, N., & Lambrinoudakis, C. (2013). An intrusion detection and prevention system for IMs and VoIP services. International Journal of Information Security,2(3), 201–217.
48. Wang, C.-H., & Liu, Y.-S. (2011). A dependable privacy protection for end-to-end VoIP via Elliptic-Curve Diffie-Hellman and dynamic key changes. Journal of Network and Computer Applications,34(5), 1545–1556.
49. WeChat The New Way to Connect. Accessed January 15, 2015, from http://www.wechat.com/en/.
50. Wright, C. V., Ballard, L., Monrose, F., & Masson, G. M. (2007). Language identification of encrypted VoIP traffic: Alejandra y Roberto or Alice and Bob? In USENIX Security, 2007 (Vol. 3, pp. 43–54, Vol. 3.6)
51. Yahoo! 7 Messenger. Accessed January 30, 2014, from http://au.messenger.yahoo.com/features/.