Security of Mobile Platforms: Comparing Android and iOS 7

1
shares
What's This?

Security of Mobile Platforms - Comparing Android and iOS 7Google’s Android and Apple’s iOS 7 are sophisticated operating systems powering countless devices. The two platforms have a few key differences when it comes to security and the infamous weakest link in the chain — the user.

Android Security

Based on Linux, the open-source Android platform is highly secure at the operating system level. The Linux kernel provides security mechanisms such as process isolation, user-based permissions, inter-process communication, resource isolation and monitoring, and verified boot.

As a fundamentally open system, Android trusts the user and the developer community to a high degree. Users can choose to install apps at will, regardless of origin. Before installing an app, the user is prompted with a list of all actions the program may try to perform; consent is required to proceed.

In late 2013, Google released Android Device Manager, allowing users to remotely lock down or wipe their device — usually because it is lost or stolen. This is similar to Apple’s Find My iPhone functionality, available since 2010.

iOS 7 Security

Apple’s iOS is recognized as one of the most secure consumer operating systems. iOS 7 has some powerful security features:

    * Find My iPhone lets a user locate a missing device, then remotely lock or erase it; this feature has been available since iOS 5. Activation Lock, enabled by default, requires the user’s Apple ID and password to turn off Find My iPhone or erase the device. Thus, a thief will have a harder time profiting from a stolen device.
    * iOS 7 generates random alphanumeric passwords, which makes brute-force cracking impractical.
    * The iPhone 5s has a new fingerprint identity sensor, Touch ID, which eliminates the need to enter the passcode every time the user unlocks the phone.
    * iOS 7 allows the user to control which apps can access the microphone, camera and cellular data.

However, multiple lock screen vulnerabilities have been discovered in iOS 7; this makes it possible for an attacker to access information on a phone even if it is locked.

Comparison: Android and iOS 7

The Android and iOS platforms have a philosophical difference: Android is open, with freedom for both users and developers, whereas Apple seeks quality and exclusivity, thus the iOS platform is more restrictive.

Both platforms have traditional security features such as passcodes, idle-time locking, process and resource isolation, permissions, and protection from Web attacks. iOS also includes an auto erase feature. This causes the phone to destroy its own data if the passcode is incorrectly entered 10 times.

Both platforms are susceptible to unauthorized access of sensitive data.

A key difference between Android and iOS 7 is how each handles app permissions. An Android user deals with permissions once per app, at the moment of install. This fixed, all-or-none permissions model is a shortcoming of Android — the user is forced to decide whether to run an application based on reputation. An iOS user first installs an app and is then prompted each time it requires special access.

Apple’s App Store is the sole source for iOS apps, which are analyzed before being published. However, Apple has been known to remove certain apps for bad behavior. In the Android universe, there are numerous third-party distribution channels in addition to Google Play. This is a factor in the incidence of malware on the Android platform, which is targeted by most malware authors. The Android platform also suffers from fragmentation, with many different versions of the operating system running on a multitude of devices. There is no single, uniform mechanism for updating Android devices to the latest firmware, which delivers security and bug fixes.

There are popular security apps, paid and free, for each platform. Because users are so concerned with security, this area of mobile app development is highly active.

Both Android and iOS 7 are technically secure platforms. However, technology is perfectly secure only when no humans are using it.

Robert Cordray

Robert Cordray

I'm a business owner and entrepreneur turned freelance writer who enjoys writing about business, and Technology. I have experience in writing software, mobile app development, and information systems.

Comments are closed.