ANALYSIS OF UNSTRUCTURED DATA PROTECTION ON MOBILE DEVICES: CURRENT CHALLENGES AND TRENDS
DOI:
https://doi.org/10.35546/kntu2078-4481.2025.3.2.9Keywords:
continuous authentication, multibiometrics, data-centric access policies, hybrid AES/ECC encryption, session monitoringAbstract
This article examines the challenges of protecting unstructured data on mobile devices in the context of prolonged sessions, where one-time authentication does not ensure an adequate level of security. A conceptual framework is proposed that combines continuous behavioral authentication, data-centric access policies, and a hybrid cryptographic configuration: symmetric encryption for content and asymmetric encryption for keys.Purpose. To substantiate a model that minimizes the risks of unauthorized access to messages, media, attachments, and cached data within an active session. The focus is on integrating AES with ECC, MFA with behavioral verification, as well as continuous monitoring based on touch dynamics, inertial sensor data, feature fusion, scoring and decision systems, risk-adaptive actions, local and federated learning, and reproducible metrics.Methods. A literature review was conducted using Web of Science and Scopus databases; approaches to continuous authentication and sensor fusion were systematized; permission hygiene and the lifecycle of temporary copies were analyzed; reinforcement learning (RL)-based policies for step-up authentication and re-verification were examined; the proposed model was aligned with modern session management standards and cryptographic resilience requirements.Results. One-time authentication does not guarantee the continuity of user identity. Continuous verification enhanced by sensor fusion reduces the “risk window” without requiring excessive explicit actions. Touch-based features demonstrate high effectiveness, while inertial sensors provide background monitoring. RL-driven policies trigger interventions only under elevated risk conditions (reauthentication, preview masking, export suspension). Data-centric access policies reduce the attack surface by accounting for permissions, side-channel sensor leaks, forensic artifacts, and platform vulnerabilities. The regulatory block consolidates the hybrid model “AES for content ↔ ECC for keys/signatures” and complements it with MFA and post-login monitoring.Conclusions. The proposed configuration incorporates three key components: continuous behavioral verification; data-centric access policies (management of previews, caches, temporary copies, permissions); and hybrid cryptography, where symmetric encryption protects content while asymmetric encryption secures keys and digital signatures.The integration of these components ensures a balance between accuracy, latency, and energy efficiency, making the model suitable for corporate environments and secure messengers.
References
James Jose C., S. Rajasree M. Implicit Continuous User Authentication for Mobile Devices based on Deep Reinforcement Learning. Computer Systems Science and Engineering. 2023. Vol. 44, no. 2. P. 1357–1372. URL: https://doi.org/10.32604/csse.2023.025672 (date of access: 10.09.2025).
Reichinger D., Sonnleitner E., Kurz M. Continuous Mobile User Authentication Using Combined Biometric Traits. Applied Sciences. 2021. Vol. 11, no. 24. P. 11756. URL: https://doi.org/10.3390/app112411756 (date of access: 10.09.2025).
A Framework for Continuous Authentication Based on Touch Dynamics Biometrics for Mobile Banking Applications / P. M. A. B. Estrela et al. Sensors. 2021. Vol. 21, no. 12. P. 4212. URL: https://doi.org/10.3390/s21124212 (date of access: 10.09.2025).
Mekruksavanich S., Jitpattanakul A. Deep Learning Approaches for Continuous Authentication Based on Activity Patterns Using Mobile Sensing. Sensors. 2021. Vol. 21, no. 22. P. 7519. URL: https://doi.org/10.3390/s21227519 (date of access: 10.09.2025).
Bansal P., Ouda A. Continuous Authentication in the Digital Age: An Analysis of Reinforcement Learning and Behavioral Biometrics. Computers. 2024. Vol. 13, no. 4. P. 103. URL: https://doi.org/10.3390/computers13040103 (date of access: 10.09.2025).
Lee H.-H., Sung H.-C. Unveiling the Confirmation Factors of Information System Quality on Continuance Intention towards Online Cryptocurrency Exchanges: The Extension of the Expectation Confirmation Model. Information. 2023. Vol. 14, no. 9. P. 482. URL: https://doi.org/10.3390/info14090482 (date of access: 10.09.2025).
Abuhamad M., Abusnaina A., Nyang D., Mohaisen D. Sensor-based continuous authentication of smartphones’ users using behavioral biometrics: a contemporary survey. IEEE Internet of Things Journal. 2020. Vol. 7, no. 10. P. 9128–9143. URL: https://davidmohaisen.github.io/files/iotj20.pdf (date of access: 09.09.2025).
A Survey of Privacy Vulnerabilities of Mobile Device Sensors / P. Delgado-Santos et al. ACM Computing Surveys. 2022. 2022. Vol. 54, Iss. 11s. Art. 224. P. 1–30. URL: https://doi.org/10.1145/3510579 (date of access: 10.09.2025).
Weichbroth P., Łysik Ł. Mobile Security: Threats and Best Practices. Mobile Information Systems. 2020. Vol. 2020. P. 1–15. URL: https://doi.org/10.1155/2020/8828078 (date of access: 10.09.2025).
Muñoz A. Cracking the Core: Hardware Vulnerabilities in Android Devices Unveiled. Electronics. 2024. Vol. 13, no. 21. P. 4269. URL: https://doi.org/10.3390/electronics13214269 (date of access: 10.09.2025).
Lee S. Distributed Detection of Malicious Android Apps While Preserving Privacy Using Federated Learning. Sensors. 2023. Vol. 23, no. 4. P. 2198. URL: https://doi.org/10.3390/s23042198 (date of access: 10.09.2025).
Understanding Users’ Behavior towards Applications Privacy Policies / S. Ullah et al. Electronics. 2022. Vol. 11, no. 2. P. 246. URL: https://doi.org/10.3390/electronics11020246 (date of access: 10.09.2025).
A Survey on Sensor-Based Threats and Attacks to Smart Devices and Applications / A. K. Sikder et al. IEEE Communications Surveys & Tutorials. 2021. Vol. 23, no. 2. P. 1125–1159. URL: https://doi.org/10.1109/comst.2021.3064507 (date of access: 10.09.2025).
Investigating Wearable Fitness Applications: Data Privacy and Digital Forensics Analysis on Android / S. Hutchinson et al. Applied Sciences. 2022. Vol. 12, no. 19. P. 9747. URL: https://doi.org/10.3390/app12199747 (date of access: 10.09.2025).
Smartphone Security and Privacy: A Survey on APTs, Sensor-Based Attacks, Side-Channel Attacks, Google Play Attacks, and Defenses / Z. Muhammad et al. Technologies. 2023. Vol. 11, no. 3. P. 76. URL: https://doi.org/10.3390/technologies11030076 (date of access: 10.09.2025).
Alkinoon A., Dang T. C., Alghuried A., Alghamdi A., Choi S., Mohaisen M., Wang A., Salem S., Mohaisen D. A Comprehensive Analysis of Evolving Permission Usage in Android Apps: Trends, Threats, and Ecosystem Insights. Journal of Cybersecurity and Privacy. 2025. Vol. 5, № 3. P. 58. URL: https://doi.org/10.3390/jcp5030058 (date of access: 11.09.2025).
Behavior-based user authentication on mobile devices in various usage contexts / D. Progonov et al. EURASIP Journal on Information Security. 2022. Vol. 2022, no. 1. URL: https://doi.org/10.1186/s13635-022-00132-x (date of access: 10.09.2025).
Temoshok D., Fenton J. L., Choong Y.-Y., Lefkovitz N., Regenscheid A., Galluzzo R., Richer J. P. Digital Identity Guidelines: Authentication and Authenticator Management. NIST Special Publication 800-63B-4. Gaithersburg: National Institute of Standards and Technology, 2025. 142 p. URL: https://doi.org/10.6028/NIST.SP.800-63B-4 (date of access: 11.09.2025).
Barker E., Chen L., Roginsky A., Vassilev A., Davis R., Simon S. Recommendation for key management. Part 1 – General. NIST Special Publication 800-57, Part 1, Rev. 5. Gaithersburg: National Institute of Standards and Technology, 2020. 171 p. URL: https://doi.org/10.6028/NIST.SP.800-57pt1r5 (date of access: 10.09.2025).
