POLYTECHNIC SULTAN MIZAN ZAINAL ABIDIN

DEPARTMENT OF INFORMATION AND COMMUNICATION TECHNOLOGY

DFP50123
SECURE MOBILE COMPUTING

TOPIC CHAPTER 3
ASSESMENT PRACTICAL EXERCISE 3
1) AHMAD YUSUF FARHAN BIN AWANG
2) MUHAMAD SYAFIQ IKRAM BIN MOHAMAD TARMIZI
NAME
3) MUHAMMAD HIDAYAT BIN AB AZIZ

1) 13DDT20F2008
2) 13DDT20F2056
REG NO
3) 13DDT20F2036

PROGRAMME DDT4 S1

INSTRUCTIONS:
1. Answer ALL the questions
2. Submit the assessment on

MARKING SCHEME
CLO 1 PLO 3
/20
TOTAL

THE ENTIRE QUESTION IS BASED ON JTMK’S QUESTION BANK APPROVED BY PROGRAMME

LEADER. SIGNATURE IS NOT REQUIRED.
 CHAPTER 3: MOBILE COMPUTING SECURITY
Duration: 2 hour

Learning Outcomes
At the end of this activity session, you should be able to:

1. Describe CIA Triad in mobile Computing.

2. Explain mobile risk ecosystem.
3. Explain Mobile Hacking.
4. Measure mobile phone security and forensics

Mobile malware, as its name suggests is malicious software that specifically targets
the operating systems on mobile phones. There are many types of mobile malware
variants and different methods of distribution and infection. One of the method used
in the distribution of malware is using APK file. There are various APK services
available on the web that allow users to download pirated apps from unknown
source. Not all of these may be trusted, with some APK files containing malicious
software that deliberately infects the mobile device. Find out how to make sure
whether APK file is safe or not. There are several ways to do this. 

Exercise:
In a group of 3 person find any sample of APK file and download it. Choose any
TWO (2) methods/ways to check the APK file status by using the appropriate tools.
Refer to below website in your findings:
https://bit.ly/3eGKpmQ
https://bit.ly/3luj09r
**any related sources are allowed.

Format Practical Exercise report:

P1. Introduction: Describe malicious software in mobile computing and identify
mobile risk ecosystem – simplified risk model.
P2. Tools: State and explain the tools.
P3. Steps: Construct step by step you download, install and configure the tools.
P4. Outcome: Display the APK file status by using tools.
P1 : Introduction: Describe malicious software in mobile computing and identify

INTRODUCTION:
Malicious software is a program or file that is intentionally harmful to a computer,
network or server. Types of malicious software include computer viruses, worms,
Trojan horses, ransomware and spyware. These malicious programs steal, encrypt
and delete sensitive data; alter or hijack core computing functions and monitor end
users' computer activity. Malicious software can infect networks and devices and is
designed to harm those devices, networks and/or their users in some way.
Depending on the type of malicious software and its goal, this harm may present
itself differently to the user or endpoint. In some cases, the effect malicious software
has is relatively mild and benign, and in others, it can be disastrous. No matter the
method, all types of malicious software are designed to exploit devices at the
expense of the user and to the benefit of the hacker the person who has designed
and/or deployed the malware.

Mobile network architecture:

Attack Surface:

Cycle Development:
Special Risks

• Mobile devices are connected to many networks

– Often insecure or unknown ones

• Mobile devices are used for personal, private purposes

– Banking, selfies, SMS messages, phone calls

Area of risk:
P2 Tools: State and explain the tools.

Hash Droid

As mentioned above, one way to see if you're downloading the right APK is to check its
hash. The SHA of a file is kind of like a digital fingerprint, and if the app you're looking
for has its SHA publicly mentioned by the developers, then you can compare that with
the SHA of the APK you have. If the two match, you're safe. This should show you the
APK's hash data, which would be a long string that looks something like
this:5a8679e3e4298b7b3ffac725106db12a21bdb0bcf746f44fa7e46c40dbf794aa.

By using this method, you can compare the hashes of APKs and what the app
publishers have revealed, to see if the APK is safe to install. With these three methods,
you can have a greater degree of security when using apps downloaded from third
party sources. However, it's worth noting that these methods are never 100 percent
secure, and if you're worried about malicious software, then it's probably better to stick
to the Play Store.
P3. Steps: Construct step by step you download, install and configure the tools.

Step 1 : Open apps installer such as Play Store or Apps Store

Step 2 :Go to the Search taskbar to find the apps

Step 3 : Type “HASH DROID” in Search Taskbar.

Step 4 : Choose the “HASH DROID” after searching in Play Store.

Step 5 : Download the “HASH DROID” and waiting untill the processs done.

Step 6 : Downloading “HASH DROID” done .

Configure the tools.

Step 1 : Open Hash Droid.

Step 2 : Select “HASH A File” and click “Select a hash function” to

change function.

Step 3 : Select “SHA-256”

Step 4 : Tap “CLICK HERE TO SELECT THE FILE TO HASH”

Step 5 : Press the file you want to check.

Step 6 : Next, press “Calculate”, Once Calculate is finished, press
“COPY CHECKSUM TO CLIPBOARD”

Step 7 : Press "HAS A TEXT", next, paste back the HASH CODE and
press calculate.
Step 8 : Press "COPY CHECKSUM TO CLIPBOARD" and go to
COMPARE HASHES.

Step 9 : Enter the results that have been "Calculated" the first
HASH and the second Hash
P4. Outcome: Display the APK file status by using tools.

Output : The result shows, "Hashes do not match!" . This means,

this file contains a very dangerous Malicious Virus.

That's how we can detect APK files that are harmful.

 PERFORMANCE LEVEL Weightage
Criteria (%) Standard Score
Excellent Good Moderate Poor
4 3 2 1
PRACTICAL SKILLS
1. Introduction Able to identify the Able to identify Able to identify some of Unable to identify
requirements with very some of the the requirements with the requirement
clear descriptions requirements with descriptions but need or with poor 20 /4*20
a clear description improvement descriptions
2. Tools Able to state the Able to state the Able to state the Unable to state the
appropriate tools and appropriate tools appropriate tools and appropriate tools or 20 /4*20
explain very well and explain quite explain but need without explanation
well improvement
3. Steps / Able to construct tools Able to construct Able to construct Unable to construct
Configuration very clear with tools clearly with tools with some tools or without 20 /4*20
appropriate labels some appropriate appropriate labels but labels
labels need improvement
4. Outcome Able to display Able to display Able to display Unable to
20 /4*20
appropriately very clear appropriately clear appropriately clear display the
outcome outcome outcome but need outcome
improvement
5. Punctuality Able to builds the Able to builds the Able to builds the outcome Unable to builds
outcome in the given outcome in the in the given time but need the outcome in
time appropriately very given time improvement the given time 20 /4*20
well appropriately well

Total Score /100

Total Score * 20/100 /20