HomeOffice of Sponsored ProgramsResearchArticle Display


Secure Collaboration on Personally Owned Devices and Mitigating Mobile Adware Tracking for Force Protection

  • Published
  • By 55WG/A2 & JSOU

The exponential growth in cell phone usage and technology comes with a corresponding exponential growth in applications and techniques that exploit mobile adware identification (MAI) in cell phones to track users. Simultaneously, there is a heavy reliance among military personnel on insecure commercial communication apps—such as GroupMe, Discord, Slack, WhatsApp, Facebook Messenger, and Signal—for operational and tactical coordination. This combination of MAI tracking and the use of insecure communication channels presents severe operational security (OPSEC) and force protection vulnerabilities.

Acknowledging that an outright ban on these insecure apps is impractical and ineffective, can the military provide a centralized collaboration application to surpass existing commercial tools in usability, functionality, and security? This application must address the critical need for accessibility on personally owned devices while maintaining robust information security, empowering personnel to collaborate effectively without compromising operations.

In conjunction with developing this secure application, this research should provide a better understanding of MAI usage, including its applicability and the specific potential dangers it poses to Special Operations Forces (SOF) personnel and broader military operations. Ultimately, what are the legal and policy considerations, effective countermeasures, and the necessary framework for an informational campaign required to protect the force from these mobile adware and commercial application vulnerabilities?

 

  • Alberts, Robert et al, "Cyber...Disorder: Streamline the Battle within Cyber Now," AF Fellows (Kennedy School), 2014.
    • Highlights the severe operational risks that occur when adversaries target and co-opt civilian mobile devices on the battlefield. It details threat scenarios where hostile actors hack unsecure civilian mobile networks to co-opt built-in GPS and mobile signals to direct military personnel or civilians directly into targetable kill zones (such as minefields) or track tactical units. Because approximately 95 percent of military communications utilize civilian or privately owned networks at some point during transmission, these networks represent highly lucrative targets for adversaries. The paper concludes that the government must actively share cyber-derived intelligence with the commercial sector to prevent insider threats and human-enabled malware infections.
  • Allison, Capt. Roberta et al, "Integrated Wearable Technology in Rescue," SOS AUAR 2025.
    • Evaluates the cybersecurity and data protection vulnerabilities of commercial mobile and wearable operating systems, concluding they are not viable for secure military operations. Commercial off-the-shelf (COTS) architectures are inherently vulnerable to malware, file-stealing, and geolocation/geofencing exploits, with sensitive location and biometric data stored on commercial databases beyond military jurisdiction. This collection creates a major vulnerability where sensitive data is subject to "classification by compilation," meaning an adversary breaching a commercial database could reconstruct military operations. To mitigate these force protection risks, the paper recommends bypassing COTS platforms entirely in favor of military-produced, closed-system devices backed by robust emission control (EMCON) policies.
  • Arrington, Gabe S., "America Needs a Global Approach to Maritime and Telecommunications Strategies," AF Fellows, 2022.
    • Discusses the geostrategic and surveillance risks associated with foreign-controlled mobile network infrastructures, showing how adversaries exploit cellular networks to track users. It warns that global adoption of cheap telecommunications hardware from Chinese vendors like Huawei provides the Chinese government with massive access to information, influence, and network control. This allows adversaries to support state surveillance and political control through the exploitation of terrestrial-based 5G networks, creating a severe operational security hazard for US military and special operations forces operating in environments dominated by foreign 5G ecosystems.
  • Ashmore, Lt. Col. Jacob S., "Organizational Resiliency: Developing Adaptive Capacity for Times of Crisis," SAASS 2020.
    • Focuses on the organizational need to develop adaptive communication and operational capabilities to maintain resiliency during multi-location crises. Recognizing that commercial social media platforms have fundamentally changed how service members communicate and share ideas, commanders must proactively adapt by utilizing a variety of applications, including Signal, WhatsApp, Facebook, Slack, Microsoft Teams, and Desktop Anywhere. Rather than trying to enforce outright bans on commercial apps—which are often impractical—leaders must build a culture of adaptive communication and organize squadrons into smaller, agile, and distributed nodes to enhance survivability in contested environments.
  • Borcuk, Maj. Katie N., "More than Flights of Fancy: The Critical Need for a United States Pigeon Messenger Service in the Age of Electronic Warfare," AFGC thesis, 2021.
    • This paper provides stark real-world evidence of how adversaries can exploit personal cell phones to compromise operational security and execute precision strikes. During the conflict in Eastern Ukraine, Russian-backed separatist forces geolocated Ukrainian troops by intercepting personal cellular emissions. By sending spoofed text messages (such as false notifications of casualties) to soldiers' families, Russian intelligence tracked the clusters of mobile devices receiving frantic incoming calls and subsequently targeted those exact coordinates with devastating artillery strikes. This demonstrates how personal communication habits and unmasked electromagnetic signatures on personally owned devices represent a direct threat to life and force protection.
  • Boylan, Maj. Edward V., "Finding the Truth: Exploring Strategies for Countering Artificial Intelligence Generated Propaganda, Misinformation and Disinformation in the Digital Age," AFGC thesis, 2024.
    • Details the structural frameworks and technologies utilized by adversarial states to spread propaganda, misinformation, and disinformation, explaining how social media platforms monetize and accelerate the velocity of these operations. Boylan describes how adversaries deploy automated "bots," coordinated troll networks, and "cyborgs" (human-guided automated accounts) to saturate the digital environment and manipulate social media algorithms to maximize target audience exposure. This digital saturation erodes public trust in key information channels, making it difficult for personnel to verify authenticity. To counter these grey-zone campaigns, Boylan advocates for a comprehensive strategy combining the development of advanced artificial intelligence (AI) detection algorithms to verify domain and user credibility with structured, public-facing digital media literacy and education campaigns modeled after successful European frameworks.
  • Cody, Maj. Andrew P., "Fire the Duty! The Efficiency Imperative for Improving the Marine Corps' Interior Guard Program," AFGC thesis, 2024.
    • Addresses the critical need for secure, mobile collaboration on personally owned devices to replace insecure commercial messaging channels. In the Marine Corps and other branches, duty officers and service members frequently rely on unapproved commercial applications like Signal and WhatsApp for after-hours coordination and command-interest reporting because they lack mobile access to secure military networks. To mitigate this vulnerability, the author advocates for the widespread implementation of the Bring Your Own Device (BYOD) program utilizing secure, government-approved collaboration suites. Specifically, the Department of Defense can leverage the Platform One infrastructure and the Mattermost mobile application, which are fully rated for Impact Level 4 (IL-4) information, compliant with Controlled Unclassified Information (CUI) standards, and HIPAA-compliant. This secure architecture allows personnel to securely communicate sensitive data remotely from any location without being physically tethered to base workstations.
  • Daniels, Jessi K., "Personal and Portable Electronic Devices: Threatening the Protection of National Security," GCPME thesis, 2023, 58 pgs. 
    • Provides a comprehensive analysis of the physical, cyber, and human security risks associated with personal, portable, and wearable electronic devices, such as smartphones, smartwatches, and fitness trackers. Daniels explains that these devices contain internal hardware—including sensors, microphones, cameras, and GPS tracking—that can be manipulated by hackers and foreign intelligence services to record, transmit, or exfiltrate sensitive data through the cyber domain. This location-tracking capability poses an immediate threat to operational security and force protection; for example, in 2018, personal fitness trackers worn by troops in deployed environments publicly mapped and exposed sensitive patrol routes, compromising the element of surprise. Furthermore, consumer devices are highly susceptible to malicious third-party software that harvests personal data, while Chinese-supplied Internet of Things (IoT) network equipment presents a persistent espionage risk. To mitigate these vulnerabilities, the study recommends prohibiting personal devices in classified spaces altogether, or establishing strict Trained Subject Matter Expert (SME) capability inspections, device-use agreements, and random yearly audits.
  • Frizzell, Capt. Matthew E., "Strategizing Air Mobility Support in an Operationally Challenging Indo-Pacific Environment," AFGC thesis, 2024.
    • Underscores the severe operational and mission risks that arise when military personnel rely on unclassified communications—such as standard cellular phones, text messages, and mobile messaging applications—for mission planning and coordination. In contested theater environments like the Indo-Pacific, these insecure channels are highly vulnerable to adversary interception, eavesdropping, and cyber exploitation, potentially exposing sensitive logistics, support, and flight data. Frizzell emphasizes that to secure operational information, the military must migrate its communications to classified networks and secure systems. Furthermore, Frizzell advocates for the widespread implementation of pre-planned Mission Type Orders (MTOs), which delineate clear objectives and decentralized decision-making authority in advance, dramatically reducing the force's dependence on real-time mobile communications and mitigating the risk of communication denial.
  • Galbraith, Maj. Shane, "EMS=COG 2.0," ACSC EL CAOSS 2025.
    • Illustrates the tactical threat of adversaries exploiting mobile devices and cellular networks to intercept sensitive communications in the vicinity of military and diplomatic facilities. Galbraith highlights a critical 2025 counterintelligence incident in Manila where Chinese operatives utilized "IMSI catchers" (devices that mimic cell towers to snatch data and text messages from the air) as they drove past the U.S. embassy and local military bases. Additionally, the paper highlights a technical vulnerability where smartphones can be manipulated in "air gap jumping" attacks to transfer data across secure networks using ultrasonic tones imperceptible to the human ear. To counter these threats, Galbraith recommends that tactical security elements employ comprehensive electromagnetic spectrum (EMS) control, utilize Mobile Ad Hoc Networks (MANETs) to minimize electronic signatures, and execute electronic protection jammers to block adversary signals during sensitive operations.
  • Gates, LaRonda C., "Working Smarter, Not Harder: Mitigating the AF Information Technology Supply Chain Threat", AFGC thesis, 2022.
    • This study addresses the security risks of relying on commercial-off-the-shelf (COTS) mobile devices, which are frequently purchased for speed and convenience but contain massive supply chain vulnerabilities. It warns that failing to audit device origin and hardware components can introduce backdoors, malware, and surveillance risks directly into military networks. The paper advocates for a strict application of the DoD Risk Management Framework (RMF) and supply chain risk management (SCRM) processes. It recommends that the military mandate audits using the NIST National Vulnerability Database before allowing any commercial device or application to access government information networks
  • Green, Lt. Col. Nathan, "Taking the SOF Network Global," AF Fellows (Institute for Defense Analyses), 2014. 
    • The paper focuses on the severe collaboration and information-sharing limitations within Special Operations Forces (SOF) caused by highly stovepiped and incompatible communication networks. It argues that utilizing unvetted commercial channels is a direct symptom of the military's inability to share data dynamically, which slows down the targeting of global threats. To resolve this, the author proposes a long-term solution leveraging SOCOM's unique acquisition authority to build a secure network based on information tagging and credential-based access rather than system-wide vetting. This approach would allow authorized SOF operators and multinational partners to collaborate and share sensitive data dynamically from any connected device.
  • Green, Maj. Shawn, "To Infinity and Beyond: Adopting an Infinite Game Mindset toward Space Force Fitness," SAASS thesis, 2021.
    • The study details how the GPS and Bluetooth capabilities of consumer-grade mobile devices and wearable fitness trackers present major OPSEC risks. It highlights the infamous 2018 incident where the Strava fitness application published public "heat maps" of running routes, inadvertently exposing the precise layouts and locations of secret U.S. military bases and deployed troops in Syria and Afghanistan. Because Bluetooth-enabled and GPS-tracking devices continuously broadcast locational data, they are highly susceptible to spoofing and unauthorized interception. The author recommends implementing "command by negation" restricted device lists and educating personnel on disabling active location transmitters in classified or sensitive workspaces. 
  • Hignite, Lt. Col. Greg, "Sustaining Relevance--Public Affairs and Information Operations in an Era of Great Power Competition," AWC SSP, 2020.
    • This paper critiques the military's lack of accessible, mobile-friendly collaborative platforms, noting that legacy secure systems like Microsoft SharePoint are neither mobile-friendly nor easily accessible from non-DOD devices, driving personnel to utilize insecure commercial apps. To bridge this gap, the author recommends that the Department of Defense partner with commercial providers to implement cloud-based Customer Relationship Management (CRM) platforms (such as Salesforce or Huddle). These established platforms meet Federal Risk and Authorization Management Program (FedRAMP) security requirements, support robust encryption equivalent to commercial banking, and are fully accessible on personally owned devices, allowing secure and seamless remote collaboration.
  • Kemp, Robin J., "Intelligence for the People, by the People: Public Intelligence Agencies and their Influence on National Security Strategies," SAASS thesis, 2022.
    • The author explains how the exponential growth of third-party trackable personal data on social media and commercial databases has eroded military secrecy. Modern cell phones, mobile SIM cards, hotel bookings, and travel logs generate an overwhelming digital footprint that individuals routinely prioritize over personal security. This permissive environment enables Public Intelligence Agencies (PIAs) and adversary organizations to systematically aggregate, analyze, and assess the location, history, and motivations of military personnel. Consequently, the use of unencrypted commercial databases by personnel on personally owned devices undermines the stealth required for covert operations and strategic force protection.
  • Kromray, Bryan, "Supporting the Warfighter through Secure Logistics in the Contested Cyber Domain," AFGC thesis, 2025.
    • Outlines the precise technical countermeasures, architectures, and data protection strategies required to secure information exchanges over mobile and commercially integrated networks. To defend sensitive logistical and operational data from state-sponsored cyber espionage, ransomware, and unauthorized interception, Kromray advocates for a robust, multi-layered security model. The foundational pillar of this defense is the implementation of a Zero Trust Architecture (ZTA), which assumes a state of compromise and uses micro-segmentation to restrict lateral movement within networks. To ensure complete data integrity, Kromray recommends enforcing Advanced Encryption Standard (AES-256) for data at rest, Transport Layer Security (TLS/SSL) for data in transit, end-to-end encryption (E2EE) for secure exchanges, Multi-Factor Authentication (MFA), and Attribute-Based Access Control (ABAC) to dynamically adjust access privileges based on real-time risk assessments.
  • Lisenbee, Lt. Col. Caleb S. Lisenbee II, "LinkedIn Espionage: Foreign Adversaries Recruiting Current & Former DOD Members under the Guise of Consulting on LinkedIn," AWC SSP, 2024.
    • Examines the threat of virtual espionage targeting defense personnel, demonstrating how mobile phones and professional networking platforms like LinkedIn are systematically exploited by foreign adversaries. Lisenbee details how Chinese and other hostile intelligence officers utilize fabricated personas and unsolicited consulting offers as "hooks" to recruit or elicit secrets from high-clearance military leaders, defense contractors, and junior service members alike. This social engineering threat is significantly amplified by commercial data aggregators that compile gigabytes of personal data, enabling adversaries to develop highly detailed psychographic profiles to select and target vulnerable personnel. To counter this threat, Lisenbee recommends establishing a proactive government counter-espionage campaign that exploits adversary approaches, implementing strict peer-verification standards before accepting digital connection requests, and upgrading annual DoD Cyber Awareness training with dedicated virtual espionage vignettes.
  • Lubove, Capt. Jesse, "Chinese Investment in the Data Economy," SOS AUAR, 2022.
    • This paper analyzes how Chinese state-linked mobile applications, such as WeChat and TikTok, serve as highly effective intelligence-gathering and surveillance tools. These platforms capture vast amounts of first-party and third-party metadata—including biometric, device, demographic, and real-time location data—which is directly processed by algorithms and made available to Chinese security services. The study highlights that this data-mining capability has transitioned from a commercial convenience to an active force-protection threat, citing reports where China used stolen internet and location data to successfully identify and map undercover CIA officers operating in Africa and Europe.
  • Navqi, "Legality of Autonomous Cyber," SOS AUAR, 2025.
    • This paper provides policy and legal frameworks regarding how the military interacts with commercial communication networks. Under current Department of Defense (DoD) guidance, dual-use communication networks (such as civilian telecommunications and social media platforms like Facebook) are recognized as valid military objectives that can be legally targeted or disrupted during conflicts, provided the effects are temporary and reversible. This highlights the legal and strategic complexity of military reliance on civilian communication applications, as these same commercial channels may be targeted or compromised by adversaries during hostilities.
  • Place, Maj. Lee D., "There's an App for that: Harnessing the Full Potential of the Electronic Flight Bag," AFGC thesis, 2020.
    • This paper analyzes how the military can securely field applications and manage sensitive data on mobile devices at the tactical edge. To prevent the unauthorized viewing or leakage of Personnel Identifiable Information (PII) on commercial devices, it highlights the integration of Mobile Device Management (MDM) systems and the Defense Information Systems Agency's (DISA) Purebred agent. Purebred is a government-managed program that secures mobile credentialing, allowing military personnel to leverage their Common Access Card (CAC) credentials directly on mobile platforms to safely access, encrypt, and sync data without relying on insecure commercial servers. 
  • Snadecki Capt. Bradley A., "How Mobility Air Force Maintains Training/Readiness in the COVID Era and Beyond," SOS AUAR, 2021.
    • Addresses the critical operational security (OPSEC) vulnerabilities introduced when personnel rely on unsecure commercial communication tools. When teleworking first began, military personnel heavily utilized commercial systems like GroupMe and Zoom because of a dangerous, existing cultural mindset that places more trust in commercial software than slow-to-approve military products. When faced with government technology roadblocks, personnel frequently turn to personal devices to check military email or file flight plans using unsecure, public hotel Wi-Fi networks in high-threat foreign areas like Israel. To resolve these vulnerabilities, the Air Force successfully deployed secure collaboration environments like Mattermost and Microsoft's Commercial Virtual Remote (CVR) environment to safely handle data up to Impact Level (IL) 4.
  • Stevens, Maj. Brent C., "The Rise of Commercial Drones: Investigating Tomorrow's Asymmetric and Hybrid Threats," AFGC thesis, 2021.
    • Details how cell phone and mobile device electromagnetic signatures can be exploited by adversaries for tracking and targeting, posing severe force protection risks. Adversaries can deploy commercial-off-the-shelf (COTS) unmanned platforms equipped with Software Defined Radios (SDRs) or cellular surveillance IMSI-catchers (such as StingRay or KingFish devices) to capture non-content dialing, routing, addressing, or signaling (DRAS) information, including media access control (MAC) addresses, International Mobile Subscriber Identities (IMSIs), and International Mobile Equipment Identities (IMEIs). A passive payload can compile this data to conduct a composite pattern-of-life analysis that reveals a target's home, workplace, and routines, while malicious Wi-Fi access points can execute Evil Twin Attacks to steal data from personal devices. Furthermore, the paper highlights a critical policy bottleneck: the Pen/Trap Statute (18 U.S.C. §§ 3121-3127) criminalizes the capture of DRAS data, which legally restricts friendly forces from proactively deploying electronic jammer countermeasures to disable these tracking drones near sensitive facilities.
  • Taylor, LTC Patrick, "Leadership, Trust and the Changing Character of War," AWC RTF 2025.
    • Focuses on the psychological and force protection challenges of the modern transparent battlespace, where adversaries leverage social media platforms to execute targeted disinformation and psychological operations against military personnel. Taylor explains that service members heavily consume news and information through commercial platforms—including TikTok, Instagram, Discord, and Snapchat—making them vulnerable to hostile campaigns designed to erode trust in command structures and degrade workflow cohesion. He argues that the military is currently failing to educate its most vulnerable population, junior service members, leaving them to navigate these complex social networks without guidance. To offset these efforts, Taylor recommends implementing proactive counter-disinformation education campaigns to alert personnel that they are active targets, which builds organizational resilience and protects command trust before hostile cyber brigades strike.
  • Thomas, Maj. Jacob M., "The Military Internet of Things: Adapting Commercial Capabilities," AF Fellows (DARPA), 2021. 
    • Explores how commercial mobile and network security standards can be adapted to secure military C4ISR networks. Connecting devices always introduces cyber-physical vulnerabilities, such as advanced persistent threats (APTs) compromising data confidentiality, destructive attacks degrading network availability, or access-less attacks hijacking traffic to compromise data integrity. To mitigate these risks, the military must adopt commercial cybersecurity testing standards (such as IBM's X-Force Red vulnerability testing models) to identify and patch coding errors, while establishing robust cyber primary, alternate, contingency, and emergency (PACE) plans to guarantee information assurance.
  • Torbert, Maj. Ashton R., "When the Outside threat Becomes the Threat from Within: Defense of the Homeland in a Domestic Conflict," AFGC thesis, 2025.
    • The author addresses the systemic threat of cybersecurity vulnerabilities and inadequate training in digital processing within military structures. It warns that limited resources to monitor insider threats and a lack of consistent cyber enforcement across active and National Guard units create critical security gaps. To defend sensitive digital infrastructure from unauthorized access, the paper recommends establishing Regional Domestic Threat Task Forces and mandating rigorous cyber hygiene and protocol training for all rank-and-file personnel.
  • Vidal, Lt. Col. Brus E., "Social Media as an Internal Communication Tool for Military Senior Leaders," AWC SSP, 2018.
    • Outlines how military leaders can utilize commercial messaging applications like WhatsApp to tailor discussion formats and enhance team collaboration. Commercial applications function as powerful force multipliers during crises because they are immediate, agile, and allow leaders to shape the narrative and counter adversary disinformation in real-time. While these commercial networks carry operational security (OPSEC) risks, these liabilities can be successfully managed if leaders safeguard sensitive data, maintain professional profiles separate from their private presence, and communicate professionally at all times.
  • White, Stephen M., "Air Force Supply Chain Management: How Has Telework Affected Organizational Efficiency," AFGC thesis, 2021.
    • Provides a highly effective technical countermeasure to enable secure collaboration on personally owned devices through the Desktop Anywhere service. This service allows personnel to download dedicated software, configure security certificates, and utilize a physical Common Access Card (CAC) reader to create a fully compartmentalized, secure operating environment on a personal computer. This secure virtualization serves as a direct, encrypted remote interface to the employee's on-station office workstation, allowing geographically separated teams to collaborate and conduct daily operations without exposing military networks to external exploitation.