Cell Phones Operating System Security Comparison
Download 72.89 Kb.
|
|
Cell Phones Operating System Security Comparison (Android & IOS) Constance Ikech Samuel Fiavor Mohannad Alfi IT 335 June 19, 2013 Professor. Dala Al-Arayed TABLE OF CONTENTS Android Operating System PAGE Introduction i Origin of Android ii Versions of Android iii The Android cupcake iv Android Mobile Platform v Android Security Issues vi Android Platform Security vii Data leak vulnerability i Android Updates ii IOS Operating System PAGE Introduction i Features ii Latest version iii Security aspect iv Support system v Vulnerabilities vi IOS Operating System Introduction: Apple Inc’s operating system in the domain of mobile phones is formally known as the IOS. Apple Inc enjoys a credible name in the field of digital equipments in form of the cell phones, tablets and complete computers. Recent developments have been focused on the consideration of the customers’ demands and the security factors. The Mobile phone oriented operating system was formally introduced to the market in around 2007 and since then it has never looked back that the IOS system works with IPhone stands amongst the top market players in the field of mobile phones (Tracy 2012). Keywords: Vulnerability, Security factors, malware, File System What is it exactly? Operating systems are the backbone to all the digital devices. They define and decide the quality of services being provided. Operating systems are a set of large number of functions and programs that allow the users with the interface and functions performing on the outer screen (Brateris 2011). Apple’s IOS has certain distinguishing features to it that make them more sought after and reliable, one of the most sparkling features of it is the protected services against the malware and bugs. Other operating systems are considerably highly prone to the menace of viruses. App Store is one of the largest online resort that contains large number of applications and programs that are being downloaded by the users on daily basis. Features: IOS operating systems in the domain of mobile phones have made a long way ever since its revamped form was introduced in form of the Apple 3 mobile phones. Since then it has been proceeded by I Phone 4, and now present standing is at I phone 5. Some of the salient features of it include the voice recognition function, advanced sensors, an application of Siri, and numerous other applications easily downloadable from the app store. Latest version: IOS’s version 6 was being followed with the 7th version in the series with focus on further improved services and minimum of vulnerabilities in the overall system (Inc 2012). Backward compatibility of version 7 is also applauded all over along with the security aspect. The company’s claim is based on the total revamping and providing a new direction to the mobile operating systems via this version. Being claimed and dubbed as one of the specialized operating system in the entire arena of digital devices, it provides numerous facilities and functions such as the support for cloud services, messenger for instant messages and Security aspect: Security has been a serious threat and headache for almost all operating systems and major players. Keeping this concern and cry in view, Apple Inc in its latest version has come up with special security considerations that would further allow for safe usage and reduced abuse of the device in case of theft and loss. Features like “Activation lock” are few of the factors that have been added to build on the wall of security of the incumbent operating system.(Inc 2012) 
Reference: (Inc 2012) A multi layer security infrastructure is implanted making the operating system more reliable and effective. The security mechanism is being devised with due regard of the network settings, architectural compatibility (Asthana & Asthana 2011), techniques for encryption, decryption and various other functions and components that complement the security dimension of operating system. Support system: The support system with regard to the security includes Secure Socket Layer and Transport Layer Security support. Access to devices is also controlled and no unauthorized access can be made. Vulnerabilities: Having identified the improvements made in recent times, the history does contain certain events and incidents that were affected by various bugs. One similar bug was faced in the 6.1 version that had the loophole of unauthorized access. Pass code security is another area that is termed vulnerable. The most recent vulnerability has been that of file listing, which leaves the margin of safe passage into the network over online medium. Despite having relatively well shielded and programmed kernel, it is still at a direct threat from the malicious content in one way or the other. The certificate publication and issuing is another area where the operating system has been targeted and fake certifications have been generated. Having experienced various forms of challenges and attacks, the developers are working to make it further bug prove and make it more user friendly with regard to the safe usage and reliability.The updates over period of time have been implemented for the same reason to bring about more reliability in the incumbent operating system. ANDRIOD SECURITY Introduction Android is an open-source platform for mobile devices based on Linux operating system. The Linux kernel is the abstraction layer between the hardware and the Android platform, this layers manages and provides an abstract interface between the hardware drivers and the Android platform, such as 3G interfaces, Wi-Fi or power management. Android was designed with multi-layered security that provides the flexibility required for an open platform, while providing protection for all users of the platform. The operating system, in which each application runs, is distinct with system identity that helps in identifying and isolating application resources. Origin of Android Andy Rubin found Google Android in year 2003 and they dealt with developing software for mobile devices. There are more than 4,00,000 apps in android market. VERSIONS OF ANDROID The first android was the 1.0, which was released in September 2008. The Android cupcake: Android 1.5 the first major Android OS was released in April 2009 and brought along plenty of UI changes, the biggest probably being support for widget and folders on the home screens. Cupcake brought features like improved Bluetooth support, camcorder functions, and new upload services like YouTube and Picasa Donut: Android 1.6 the release of the donut 6.1 came about in September 2009, with new features such as touchscreens, improved camera and gallery support which enable all other user in the Sprint and Verizon phones to communicated properly.
Honeycomb: Android 3.0, 3.1, and 3.2 the honeycomb was introduces in February with the Motorola XOOM. This system came with new bottom at the screen to replace the old one and also new applications, video chat. Gmail app and talk app. Ice Cream Sandwich: Android 4.0 Jelly Bean: Android 4.1, 4.2 jelly bean arrived in 2012 with it release of Asus Nexus 7, followed by a quick update to help unlock the nexus 4.the jelly bean provided better services and design that most people have being waiting for. And finally the last versions, which is the Key Lime Pie still in progress. ANDROID MOBILE PLATFORM Android is a software stack for mobile devices that includes an operating system, middleware and key applications. The Android Software Development Kit provides the tools and APIs necessary to develop applications on the Android platform using the Java programming language. The Android platforms are device hardware, operating system and application runtime. The Android application sandbox isolates data and code execution on a per-application basis. Android application frameworks use robust implementations of common security functionality such as cryptography, permissions and secure IPC. Android applications can be installed from various sources, including: Android Market • Alternative online shops • Own developed applications • Third-party developers Unauthorized sites etc. Android Security Issues Mobile devices are vulnerable to attacks as any other computers even the number of attacks is still reduced compared with personal computers. Attackers to send and/or receive confidential data, malicious applications and to make unauthorized actions can use the following technologies that exist on many mobile devices: • Bluetooth – applications use it to connect to other devices; • Telephony – unauthorized phone calls are made, resulting in high costs recordings. • Messaging are used to send confidential content to attacker or to access paid numbers. • Wireless networks – used to connect to Internet to transfer data. Android Platform Security Android seeks to be the most secure and usable operating system for mobile platforms by re-purposing traditional operating system security controls to:
To achieve these objectives, Android provides these key security features:
Application-defined and user-granted permissions Data leak vulnerability Android is more exposed to vulnerabilities and malware attacks because of the openness of the platform, multiple OEMs implementing the OS and the apps in separate ways and lots of application available in several sources. According, to Michael Grace, Yajin Zhou, Zhi Wang and Xuxian Jiang found that by simply clicking on a link, Android users might give attackers access to personal information. The vulnerability would allow a malicious web site to read and upload contents of any file stored on the phone’s memory card. Information on the memory card could include saved voicemails, photos or online banking data, etc. Client Login protocol, applications request an authToken from the Google service by sending an account name and password via a HTTPS connection. Android Updates Android provides system updates for both security and feature related purposes. There are two ways to update the code on most Android devices: over-the-air (OTA updates) or side-loaded updates. OTA updates can be rolled out over a defined time period or be pushed to all devices at once, depending on how the OEM and/or carrier would like to push the updates. Side-loaded updates can be provided from a central location for users to download as a zip file to their local desktop machine or directly to their handset. Once the update is copied or downloaded to the SD card on the device, Android will recognize the update, verify its integrity and authenticity, and automatically update the device. The user community for both the iOS and Android differ from each other. It is believed that Android users are assumed to be tech savvy and iOS users are said to be very loyal to the Apple brand according to Zinaida Benenson et al in their journal entitled Android and iOS Users’ Differences Concerning Security and Privacy. Some of which include Apple, which uses the iOS operating system to run their mobile device. Google’s Android operating system is another good mobile device manufacturer. With the nature of Smartphone’s nowadays, they have become vulnerable to attackers and we will be addressing the features of both the iOS and Android operating systems and how they differ in preventing attackers from their millions of users. After our comparisons, we will be able to determine which one has a better security feature. According to Charlie Miller in his journal Mobile Attacks and Defense, he compared both the iOS and Android operating systems. He stated that both operating systems they differ in the market place. The application stores for Apple and the Market have different approaches to limit malware on their devices. Charlie Miller stated in his journal that with the iOS in typical Apple fashion, the App store is tightly controlled from the top down. Apple must approve an application before it can be in the App store Miller stated. He went further to say that Apple enforces this on their device through code signing. Iphone’s wont run an application or load a library unless it’s signed by Apples private encryption key Miller stated. With the millions of applications that run on the iOS, no one besides Apple knows exactly how closely it reviews iOS applications. Miller went further to state that if a piece of malware did slip through the review and make it to the App store, and people found out about it, Apple could remove it from the App store and remotely remove it from devices on which it is installed. This is a very good action to protect Iphone users form any malicious attacks. One can argue about the App stoer being bad for developers, but it’s an effective barrier to malware, perhaps only accidentally Miller concluded with his information on the iOS operating system and its fight against malware. Charlie Miller went further to state in his journal that, once the application is on the device, apps run in a sandbox that limits their actions. He have an example that, one app can’t read another’s data. No app can read the stored SMS (short Message Service) messages, and so on. To conclude his information on iOS security, he stated that because all apps share the same sandbox rules, they are allowed any action any app could ever need. An example being the ability for all apps to freely accesses the Internet and address book. On the other hand, Charlie stated that with the Android operating system for Google, developers can directly place their applications on the Android market, and there’s no review of the applications before they arrive there. Android phones require applications to be signed, but they can be self-signed Miller went further to state. Google then uses these signatures for bookkeeping, not to control what code can run. Because of this, Android users can develop applications from anywhere, not just the Android market. Miller stated that instead of Android using a top-down approach to malware prevention, Android uses crowd sourcing. User’s rate and comment on apps. Google can see how many other users have downloaded the app and can report malicious apps to them. If enough users complain about an app, Google will remove it from the Market and can remotely remove it from devices. A good advice given by Miller is for Android users to never download an app without thousands of downloads and mostly positive comments. According to Kelley et al, jailbreaking iOS or Rooting Android gives the users privileged (root) access to their device. This way the users get much more control of their devices. iOS users can download applications from other sources other than the app store. This makes the devices loose protection given by their operating systems and become an easy target for malware. According to Karrer et al, the Android operating system have permissions that are automatically generated from the app code if the app accesses or manipulates certain data, such as contacts, messages and system settings. The warnings are presented to the users during the installation process, and they have to agree with all permission requests in order to install the app. In this case they have an “all-or-nothing” choice. On the other hand the iOS prior to the iOS 6 requierd from the users runtime consent if an app wanted to use location data for the first time. Many other types of user data could be read and manipulated without the user’s explicit consent. They went further to state that with the recent release of the iOS 6 last year in September 19 2012, it was radically changed with the handling of personal data. Now users have to give runtime consent for many more data types, such as contacts, calendar, photos, Twitter or Facebook accounts. Users can also customize their data disclosure policies using a wide set of privacy settings. REFERENCE Apple Inc, A. (2012). iOS Security. Apple. Arthur, C., and Dredge, S. iOS v Android: why Schmidt was wrong and developers still start on Apple. www.guardian.co.uk Jun. 10, 2012. Asthana, A., & Asthana, R. (2011). IOS 5, Android 4.0 and Windows 8 – A Review. I.E.E.E, 34-43. Brateris, D. (2011). iOS hardware as a sensor platform: DMM case study. I.E.E.E, 308 - 311. Cisco. (2002). Implementing Secure Socket Layer. Cisco. Google Inc., Android security overview http://source.android.com/tech/security/index.html http://search.proquest.com.proxymu.wrlc.org/docview/912868908?accountid=27975 Inc, A. (2012). iOS Technology Overview. Developer. Karrer, K., Glaser, C., Clemens, C., and Bruder, C. Technikaffinit ̈at erfassen – der Fragebogen TA-EG. In 8. Berliner Werkstatt Mensch-Maschine-Systeme. (2009). Kelley, P. G., Consolvo, S., Cranor, L. F., Jung, J., Sadeh, N., and Wetherall, D. A conundrum of permissions: Installing applications on an android smartphone. In USEC Workshop (2012). Spaulding, ,. J. (2012). Exploring an open WiFi detection vulnerability as a malware attack vector on iOS devices. I.E.E.E, 87 - 93. Tracy, K. .. (2012). Mobile Application Development Experiences on Apple’s iOS and Android OS. I.E.E.E, 30-34.. McWherter, J., & Gowell, S. (2012). Professional Mobile Application Development. John Wiley & Sons. Directory: All%20Toolkits All%20Toolkits -> E-government Transition Framework Enterprise Strategy and Policy Division All%20Toolkits -> Sen958 Android Phone Application Development All%20Toolkits -> Apache and Apache Tomcat Tony Collings, February 2007 All%20Toolkits -> 10 Innovative Speech Applications All%20Toolkits -> Career profile All%20Toolkits -> The Effect of Information Technology on Decision Making All%20Toolkits -> Module 1: Introduction to plc hardware Download 72.89 Kb. Share with your friends:
|