Cybersecurity Concerns on Mobile Phones: A Systematic Review

Abstract

Mobile devices have become an important part of our everyday lives since they offer access to a large variety of ubiquitous services. Because of this technological revolution, the deployment of mobile systems can offer sophisticated and complex services; like mobile payments, mobile health and even mobile government. Due to these astounding reasons, the number and types of vulnerabilities exploiting these services and communication channels have increased as well. This signifies that continuous investigation and understanding of the challenges and issues in mobile platforms is crucial. Hence, the primary aim of this study was to conduct a systematic literature review on mobile phone attacks, to gain a better understanding of the different attacks and threats to mobile devices. The focus was on four critical elements of the device, which are the: mobile operating system, firmware, applications and websites and lastly, connectivity. The PRISMA 2020 statement guided the systematic literature review. 675 journal articles and conference papers published between 2018 and 2024 were retrieved and 32 were considered for this study. The findings suggest that in 2023 alone, the number of cyber-attacks on mobile devices surged to 33 million. Also, the study found that there are various malware that can attack mobile devices namely virus, worms, botnets, trojans, ransomware, backdoors and root kits, due to these attacks the users’ privacy is compromised. These attacks exploit mobile security vulnerabilities to capture sensitive data or impersonate trusted entities. Cybercriminals recurrently dispersed mobile threats through both official and unofficial application stores. Malicious applications and websites are amongst the most popular attacks, followed by mobile ransomware and phishing. This study highlights various attacks that warrant further investigation, and future research should examine the controls and safeguards associated with each security issue. Additionally, there is a pressing need to advance lightweight, real-time malware detection systems that can operate effectively on mobile devices with limited resource.