Transcript Lowkya Pothineni`s presentation

IOS VS ANDROID
Presented by,
Lowkya Pothineni
CONTENTS
 INTRODUCTION
 SECURITY REQUIREMENTS FOR MOS
 APPLICATION SANDBOXING
 MEMORY RANDOMIZATION
 ENCRYPTION
 DISK STORAGE FORMAT
 BUILT-IN ANTIVIRUS
 COMPARISION OF SECURITY IN MOS
 CONCLUSION
 REFERENCES
INTRODUCTION
ANDROID OS: A Mobile Operating System(MOS) developed by
Google.
Open source
Based on linux kernal
Programming used- JAVA, XML,PYTHON
iPhone OS(iOS): A Mobile Operating System developed by
Apple.Inc
Derived from Mac OS X
Unix-like OS and has Hybrid Kernal architecture
Programming used-C,C++,Objective-C
• Layers of Ios:
Layers of iOS:
• Core OS-Provides low level network access to external
accessories .Manages memory, file system, threads.
• Core Services-Contains fundamental system services used by
all the applications.
• Media Services-Contains graphics, audio, video technologies
providing best multimedia experience.
• Cocoa Touch-Contains key framework for building
applications. Supports multi-tasking, push notifications,
touch-based input and high level system services.
SECURITY REQUIREMENT FOR MOS
Todays Mobile OS provides certain security mechanisms.
Permissions and entitlements are assigned at the time of
creation of applications.
Cannot be changed dynamically.
• APPLICATION SANDBOXING: A container which isolates the
applications and code execution from other apps(malicious
code and virus).
• Improves the security by assigning unique id to applications.
In ANDROID:
Complex and Robust structure.
Each app has its own sandbox directory.
Each app has specific accessing permissions.
In iOS:
Robust structure
Fine-grained control limiting access to network, file system
and hardware.
One sandbox model shared by all the applications.
• iOS provides more security than Android in terms of
Application Sandboxing.
• It allows access to root system file and phone settings.
• In Android user sets the security at installation time.
MEMORY RANDOMIZATION(MR)
Also called Address Space Layout Randomization(ASLR).
Random allocations of memory
Hence, difficult to find the exact memory locations of task
that s to be attacked.
In ANDROID
Jelly Bean version of Android follows MR.
In iOS:
MR is applied since iOS 4.3.
Follows Code-signing technology-process to validate the third
party applications
Apple issued certificate
Prevents loading of unsigned code resources.
Hence, IOS is more secured than Android.
•
•
•
•
• ENCRYPTION: Process of converting the plain text to cipher
text(unreadable format) using a secret key or password.
• Decrypted to plain text using that key.
In ANDROID:
Encryption is introduced from “Ice cream Sandwhich 4.0”.
Based on dm-encrypt(Disk encryption).
In iOS:
Hardware encryption-iPhone 3GS.
More robust than Android.
Passcode is required to read the encrypted file.
• Although the encrypted data can be stored in the form of plain
text it can be accessible only by knowing the encryption keys
even by the developers.
• DATA STORAGE FORMAT: Data is stored in either inbuilt or
external storage.
In ANDROID:
Can use both external and internal storage.
Applications have read access to all the files.
Encryption keys can be found by the unwanted code with root
access.
Spreading of malware directly to the storage.
In iOS:
Only internal storage.
Requires permissions to access the data.
Additional layer of data protection(data protection API’s +
passphrase).
Hence, iOS is more secure than Android making difficult
access to data storage.
• BUILT-IN ANTIVIRUS: Prevents malware such as
Virus: True piece of malicious software which destroys the system
resources.
Spyware: Gathers user information without their knowledge.
Trojan: Non-self replicating virus, serves a desired function and leads
to data loss.
In ANDROID:
 No pre-installed antivirus features.
 Should be downloaded from google play(outside web source).
 Much prone to malware effects.
In iOS:
 Doesn’t need any antivirus program, since apple doesn’t allow
installation from outside source.
 Gets Apps from App store which is checked rigorously.
iOS is less likely to virus attacks than the open source, social network
Android OS.
COMPARISION OF SECURITY IN MOS
FEATURES
ANDROID
iOS
Application Sandboxing
Each app has its own
sandbox directory.
All the apps share the
same sandbox.
Memory Randomization
Applied from jelly bean
version.
Applied since iOS 4.3
with code-signing
technology.
Introduced disk
encryption from Ice
cream Sandwhich 4.0
Hardware encryption.
External storage and
accessible by unwanted
code.
No external storage and
an additional layer of
protection
Encryption
Data storage format
Built-in antivirus
Downloaded from
No antivirus required
outside source and much since downloading is
prone to malware.
only from App store.
CONCLUSION
• Security is provided in order to reduce the potential risk for
customers
• iOS is more advantageous than ANDROID interms of security.
To keep our data safe:
 Regular updating of smartphone.
 Make use of passcodes to lock the device.
 Do not root OS files
 Installation of Anti-virus.
 Regular Back-up.
 Mobile-tracking applications.
 Do not install untrusted applications.
REFERENCES
[1]
[2]
[3]
[4]
[5]
[6]
Rosilah Hassan, Muhammad Syahrin Ab. Rahman, Mohd
Rosmadi Mokhtar, Aini Aman, Mobile Accounting
Version 1 Design of Mobile Costing Application for
MSMEs Using Android, IEEE ICACT 2013, PyongChang
Korea Jan 27-30, 2013, pp.697-701.
http://www.rdacorp.com/2012/08/mobileapplicationdevelopment-security
https://community.rapid7.com/community/mobilisafe/
blog/2012/12/21/ inside-the-sandbox
http://source.android.com/tech/security/
http://www.howtogeek.com/129896/htg-explains-doesyour-androidphone-need-an-antivirus/
https://developer.android.com/training/articles/securitytips.html
Thank you