Requirements, Design and Functionalities

In order to understand the current security problems affecting smartphones and tablets being used for m-learning in Nigeria, we investigated threats, vulnerabilities and attacks specific to these devices and examined ways in finding solutions to them. In particular, we reviewed literature, journal publications, policy documents and carried out surveys with stakeholders in higher education institutions, focusing our attention on high-level attacks as discussed in chapter four, five and six of this thesis. Stakeholders play the most important role in the system design process. In this research, the stakeholders are the learners and the teachers and some administrative staff in relevant departments where the survey where conducted. In agreement with

139

this, Paolucci (2014) mentioned the three main components in developing m-learning technology as the learner, the teacher and the learning platform.

The requirements are then documented and thereafter used to develop a system based on the user requirements. The user requirements in this research refer to the learner’s needs for a secured mobile learning system in order to engage m-

learning without concerns or worries. The contextual resources in this case were

the devices that learners mostly had access to, which were the smartphones and tablets. This meant that the development process of the system would mainly be customised for these devices. Having identified some issues, our intervention is to design and develop a mobile app that will enhance the security of any device that is installed on, through promoting awareness, scanning devices for vulnerabilities and reporting threats.

7.3.1 The App Objectives and Architecture

The three main objectives of the intervention app are: 1) to enable students to understand not only the standard in-built security models and solutions, but also issues in evolving regions of mobile learning security; 2) to scan or check students’ m-learning devices in order to identify possible vulnerabilities in such devices, and if some security lapses are detected, to give tips on how to resolve them; and 3) to present a report on the identified security threats to the users as well as recommendations on tackling the identified issues. With these objectives in mind, the app architecture, which is based on our proposed security framework for mobile client is designed as follows.

The architecture of the app adopts an activity-list modular structure that arranges the security issues into a sequence of self-contained units; each activity-list emphases on a specific security issue as identified during our research study and those obtained from academic publications which include lecture notes, survey questions and interviews as well as case studies. There are awareness tips on each m-learning

140

security issue which are based on current research findings. Following the tips comes a security scan or check facility to analyse the mobile device and its installed app for any infection and provide advice on how to deal with the issue.

The app is developed on JAVA programming language for Android platforms

due to the following three motives. Firstly, the Android devices dominated the

world-wide smart phone market with 82.8% as at second quarter of 2015 according to data from the International Data Corporation (IDC) in 2015 on Worldwide Quarterly Mobile Phone Tracker. Secondly, the platform is popular and open-source having less restrictive market policy which makes it a prime target for malicious applications. Lastly, the Android platform, although it has big major backers such as Samsung and Google, is very affordable in comparison to other mobile computing platforms. The architecture of the app is outlined in the system diagram in Figure 7.1 below. The diagram provides an activity-list of security issues on which awareness tips are given and vulnerability scans that can be related to each issue.

M-learning Security Enhancement Awareness tips Threats Reports Vulnerability Scans/Checks Limiting unauthorised access Avoiding malware Learning content security

Free Wi-Fi Concern

Unusual Device Behaviour Bluetooth Security Concerns Browsing securely Tips on Regular updates Check password Scan apps permissions File/Document lock Scan Wi-Fi Security Scan apps for unusual tasks

Check Bluetooth Status

Check for Ads blocker Check OS update status

141 7.3.2 App Architectural Design

As this thesis does not concentrate on the technical aspects of systems development, we used an existing software development approach based on user-centred design methodologies in designing the security enhancement app as it is important in providing support for the design and development process. Many conventional development methods have been criticised for their lack of user involvement and lack of flexibility during the systems development process as they require a stringent sequence of development. Thus, we engaged a user-centred design and development approach as this method often provides higher user involvement throughout the design process while maintaining product quality through continuous iterations with the users (Galer et al., 2016). Two methods are adopted for use in the development of the security enhancement app, they are Structured Systems Analysis and Design Method (SSADM) and Rapid Application Development (RAD).

SSADM stipulates that an initial feasibility study must be performed before any system development occurs and the requirements of the system are then analysed focusing on the needs gathered from the feasibility study and on the context where the system will be used. The Rapid Application Development (RAD) is a methodology which follows a ‘trial development approach’. The development of the system involves a high amount of user involvement as different prototypes of the system are developed and tested through an iterative process before a final product is achieved. The method is also best used for development of system which require consistent change to the design of the system (Konstantinou, 2013). As this method is often used in low budget product development as it requires fewer resources for small iterations of the prototype, it fits into the financial capacity of the researcher.

The development and implementation of the m-learning security enhancement app as an intervention is a main goal of this research. The design content of this app reflects users’ requirements which were gathered in the initial survey study in chapter four of

142

this thesis. The flowchart in the Figure 7.2 below shows the basic flow of activities within the app.

APP FLOWCHART

Start

Read Security tips Select Activity Do any vulnerability exits? Check recommendation Yes Scan/Check Vulnerability Select another Activity No Get Security Report End

Figure 7.2: The app flowchart