Forensic Analysis of Mobile Spyware: Investigating Security, Vulnerabilities, and Detection Challenges in Android and iOS Platforms

The role of digital forensics in law enforcement investigations is to identify, acquire, process, analyse, and report electronically stored data which could be used as a valid proof in the court of justice. Mobile phones are always a valuable source of data, due to their intensive use in everyday life and to the wide adoption of mobile device management solutions by companies. During the acquisition phase, data integrity must be preserved to avoid invalidating the proof. However, integrity is often put at risk by several factors. Mobile spyware are a major threat to data integrity, because of their ability to control and modify the infected device, and could potentially cause data alteration or even destruction. This thesis offers a complete and comprehensive explanation of mobile spyware targeting both Android and iOS operating systems. By going over this document, the reader will understand the differences between Android and iOS in terms of architecture and security, as well as the principles of mobile spyware design. Mobile applications designed for parental control and anti-theft purposes have been installed and tested on the latest versions of Android and iOS. These applications offer a set of features which could allow an attacker to spy on a victim and, in some cases, even control the target device by executing remote commands. After providing a detailed analysis of the tested applications, some open source malware detection tools have been used. All results have been reported and analysed as well.