IOS VS ANDROID Presented by, Lowkya Pothineni
CONTENTS INTRODUCTION SECURITY REQUIREMENTS FOR MOS APPLICATION SANDBOXING MEMORY RANDOMIZATION ENCRYPTION DISK STORAGE FORMAT BUILT-IN ANTIVIRUS COMPARISION OF SECURITY IN MOS CONCLUSION REFERENCES
INTRODUCTION ANDROID OS: A Mobile Operating System(MOS) developed by Google. Open source Based on linux kernal Programming used- JAVA, XML,PYTHON iPhone OS(iOS): A Mobile Operating System developed by Apple.Inc Derived from Mac OS X Unix-like OS and has Hybrid Kernal architecture Programming used-C,C++,Objective-C
Layers of Ios:
Layers of iOS: Core OS-Provides low level network access to external accessories .Manages memory, file system, threads. Core Services-Contains fundamental system services used by all the applications. Media Services-Contains graphics, audio, video technologies providing best multimedia experience. Cocoa Touch-Contains key framework for building applications. Supports multi-tasking, push notifications, touch-based input and high level system services.
SECURITY REQUIREMENT FOR MOS Todays Mobile OS provides certain security mechanisms. Permissions and entitlements are assigned at the time of creation of applications. Cannot be changed dynamically. APPLICATION SANDBOXING: A container which isolates the applications and code execution from other apps(malicious code and virus). Improves the security by assigning unique id to applications. In ANDROID: Complex and Robust structure. Each app has its own sandbox directory. Each app has specific accessing permissions.
In iOS: Robust structure Fine-grained control limiting access to network, file system and hardware. One sandbox model shared by all the applications. iOS provides more security than Android in terms of Application Sandboxing. It allows access to root system file and phone settings. In Android user sets the security at installation time.
MEMORY RANDOMIZATION(MR) Also called Address Space Layout Randomization(ASLR). Random allocations of memory Hence, difficult to find the exact memory locations of task that s to be attacked. In ANDROID Jelly Bean version of Android follows MR. In iOS: MR is applied since iOS 4.3. Follows Code-signing technology-process to validate the third party applications Apple issued certificate Prevents loading of unsigned code resources. Hence, IOS is more secured than Android.
ENCRYPTION: Process of converting the plain text to cipher text(unreadable format) using a secret key or password. Decrypted to plain text using that key. In ANDROID: Encryption is introduced from “Ice cream Sandwhich 4.0”. Based on dm-encrypt(Disk encryption). In iOS: Hardware encryption-iPhone 3GS. More robust than Android. Passcode is required to read the encrypted file. Although the encrypted data can be stored in the form of plain text it can be accessible only by knowing the encryption keys even by the developers.
DATA STORAGE FORMAT: Data is stored in either inbuilt or external storage. In ANDROID: Can use both external and internal storage. Applications have read access to all the files. Encryption keys can be found by the unwanted code with root access. Spreading of malware directly to the storage. In iOS: Only internal storage. Requires permissions to access the data. Additional layer of data protection(data protection API’s + passphrase). Hence, iOS is more secure than Android making difficult access to data storage.
BUILT-IN ANTIVIRUS: Prevents malware such as Virus: True piece of malicious software which destroys the system resources. Spyware: Gathers user information without their knowledge. Trojan: Non-self replicating virus, serves a desired function and leads to data loss. In ANDROID: No pre-installed antivirus features. Should be downloaded from google play(outside web source). Much prone to malware effects. In iOS: Doesn’t need any antivirus program, since apple doesn’t allow installation from outside source. Gets Apps from App store which is checked rigorously. iOS is less likely to virus attacks than the open source, social network Android OS.
COMPARISION OF SECURITY IN MOS FEATURES ANDROID iOS Application Sandboxing Each app has its own sandbox directory. All the apps share the same sandbox. Memory Randomization Applied from jelly bean version. Applied since iOS 4.3 with code-signing technology. Encryption Introduced disk encryption from Ice cream Sandwhich 4.0 Hardware encryption. Data storage format External storage and accessible by unwanted code. No external storage and an additional layer of protection Built-in antivirus Downloaded from outside source and much prone to malware. No antivirus required since downloading is only from App store.
CONCLUSION Security is provided in order to reduce the potential risk for customers iOS is more advantageous than ANDROID interms of security. To keep our data safe: Regular updating of smartphone. Make use of passcodes to lock the device. Do not root OS files Installation of Anti-virus. Regular Back-up. Mobile-tracking applications. Do not install untrusted applications.
REFERENCES [1] Rosilah Hassan, Muhammad Syahrin Ab. Rahman, Mohd Rosmadi Mokhtar, Aini Aman, Mobile Accounting Version 1 Design of Mobile Costing Application for MSMEs Using Android, IEEE ICACT 2013, PyongChang Korea Jan 27-30, 2013, pp.697-701. [2] http://www.rdacorp.com/2012/08/mobile- applicationdevelopment-security [3] https://community.rapid7.com/community/mobilisafe/ blog/2012/12/21/ inside-the-sandbox [4] http://source.android.com/tech/security/ [5] http://www.howtogeek.com/129896/htg-explains-does- your-androidphone-need-an-antivirus/ [6] https://developer.android.com/training/articles/security- tips.html
Thank you Any queries ?