With the dominance of iOS and the rising popularity of Android devices in the mobile marketplace, the security of these devices is a growing concern and focus for smartphone users. This infographic examines the security features of Android and iOS, and also takes a look at their strengths and weaknesses.
Both Android and iOS have:
- Traditional access control: such as passwords and idle-time screen locking to protect the device itself
- Isolation: Limiting a process’s ability to access sensitive data or system resources from another process
- Permissions-based access control: Granting each application a set of permissions that limits its access to specified device data systems
- Limited hardware access: Apps cannot directly access the underlying hardware. The hardware interactions are all controlled exclusively by a number of different layers of software which act as intermediaries between the application and the device itself.
- Resistance to web-based attacks: both systems have some built in capabilities to resist web-based attacks.
Methods of application distribution
- Android has more distribution channels. With Android there are more opportunities and methods to load applications. For example: Android devices support more than one app store as well as large-scale over-the-air app distribution
- iOS apps can only be distributed through the Apple app store.
- Data encryption available on both devices There are different levels of encryption, and some of them are device-specific. The OSes provide mechanisms for apps to store secrets in ciphertext on disk; but apps don’t always take advantage of these features. For example, data encrypted on your mobile device may be stores in plain text if you sync to a PC.
- Application Security Testing The level of verification on app security isn’t the same between the various Android marketplaces and Apple’s App Store. Security and privacy are not thoroughly tested and unauthorized access to sensitive data has already occurred in both the App Store and the Android Marketplace.
- Apple sometimes approves apps then disapproves them Apple has an approval process to place an application into the iTunes store. However, it’s not hard to find examples of apps being removed from the store “after” they’ve been found to behave badly.
Android vs iOS Security Features and Weaknesses
|Android Security Features||IOS Security Features|
|Android Weakness Example||iOS Weakness Example|
So You Got a Smartphone for Christmas?
Here are 10 ways to protect it from hackers.
- Change the phone password and your voicemail password.
- Use a password/pin that is difficult for others to guess.
- Set the phone so that it is password protected after 5 minutes of inactivity.
- Only enable the wireless networks/connections you use, e.g. if you don’t use a Bluetooth device then don’t turn Bluetooth on!
- Only install applications from vendors you trust. Check out app reviews and app-sources before installing.
- Use mobile security software – e.g. Lookout.
- Use mobile device management software.
- Back up your data.
- Don’t view sensitive data information on public Wi-Fi.
- Install OS updates as soon as they are available to ensure your Smartphone firmware is up to date.
Symantec (an Internet and device security company) concludes that – even though iOS and Android both have their weaknesses, the mobile platforms are still much more secure than their PC counterparts.
Veracode Security Guides
Data Security Resources
Veracode Security Solutions
Mobile Phone Security
Internet Security Scan
Web Vulnerability Scanner
Facebook Security Tips
Android Mobile Security
Security Vulnerability Assessment
What is SDLC?