Smartphones are being used as the preferred device for as many things as possible in today's world. This is why having secure phones that are resilient against attacks targeting their users’ data, becomes more and more important. This paper tries to assess what measures device vendors have taken to ensure those attacks will not be successful.
Because the market is mostly divided between Google’s Android and Apple's iOS, we put our focus on those two operating systems and compare their respective security models. Additionally this comparison will be evaluating how those models have changed over time since the beginning of the smartphone era around 2010.
The last part of this analysis will take a look at a different view on smartphones, the perspective of so-called "power users": Those are people that do not only use their smartphone for downloading some apps and surfing the Internet but rather want to do some lower-level customization to the operating system, by rooting their Android device or jailbreaking their iPhone.
This process of gaining full privileges on the phone not only creates advantages for the user but can also have rather negative implications on the device's security. How exactly does this affect the protections implemented by the vendor?
Inhaltsverzeichnis (Table of Contents)
- I. INTRODUCTION
- II. FIRST VERSIONS: BEFORE 2010
- A. iPhone OS (before 4.x)
- B. Android (before 3.x)
- C. Comparison
- III. CURRENT VERSIONS
- A. iOS 11
- 1) System Security
- 2) App Security
- 3) Peripheral Security
- B. Android 8
- 1) System Security
- A. iOS 11
Zielsetzung und Themenschwerpunkte (Objectives and Key Themes)
This paper aims to compare the security models of Android and iOS, examining the key features of both operating systems and how they have changed over time. The paper will focus on the security measures implemented by each platform, from the early versions to their current implementations, and will also consider the perspectives of "power users" who seek greater customization of their devices.
- Evolution of security models in Android and iOS
- Comparison of key security features across platforms
- Impact of "power user" practices (rooting, jailbreaking) on device security
- Trade-offs between security and usability
- Role of hardware and software in implementing security measures
Zusammenfassung der Kapitel (Chapter Summaries)
- I. INTRODUCTION: This section introduces the growing importance of smartphone security due to the increased reliance on these devices for storing sensitive user data. It highlights the dominance of Android and iOS in the market and emphasizes the need for strong security models in these operating systems.
- II. FIRST VERSIONS: BEFORE 2010: This chapter delves into the early security models of both iOS and Android. It examines the cryptographic keys embedded in iPhones, the chain of trust established in iOS, and the app signing process in Android. The chapter also discusses the concept of sandboxing, permissions, and file system encryption.
- A. iPhone OS (before 4.x): This section focuses on the security features implemented in early versions of iPhone OS, including cryptographic keys, the chain of trust, app signing, sandboxing, and file system encryption.
- B. Android (before 3.x): This section examines the security model of early Android versions, highlighting its open nature, app signing, sandboxing, permissions, and the absence of file system encryption in early versions.
- C. Comparison: This section provides a comparative analysis of the early security models of Android and iOS. It discusses the advantages and disadvantages of each platform, emphasizing the trade-offs between security and usability.
- III. CURRENT VERSIONS: This chapter explores the evolution of security models in both Android and iOS, highlighting the significant changes and enhancements that have been implemented in recent versions.
- A. iOS 11: This section examines the security features of iOS 11, including the Secure Enclave, biometric authentication, effaceable storage, filesystem encryption, and other security mechanisms.
- 1) System Security: This subsection delves into the system-level security enhancements in iOS 11, focusing on the Secure Enclave, biometric authentication, and filesystem encryption.
- 2) App Security: This subsection focuses on the changes in app security in iOS 11, including the introduction of extensions, app groups, and additional entitlements for developers.
- 3) Peripheral Security: This subsection examines the MFi program and the introduction of USB restricted mode in iOS 11.4.
- B. Android 8: This section examines the security features of Android 8, focusing on the evolution of its security model, the use of Posix capabilities, and isolated services.
- 1) System Security: This subsection focuses on the evolution of system-level security in Android 8, including the removal of setUID binaries, the use of Posix capabilities, and the introduction of isolated services.
Schlüsselwörter (Keywords)
The key focus of this paper is on the security models of Android and iOS, examining their evolution, comparing key security features, and considering the impact of "power user" practices. Key terms include: smartphone security, Android, iOS, operating system, security model, app signing, sandboxing, permissions, file system encryption, Secure Enclave, biometric authentication, Posix capabilities, isolated services, rooting, jailbreaking, and data protection.
- Quote paper
- Samuel Hopstock (Author), 2018, Differences Between the Security Models of Android and iOS, Munich, GRIN Verlag, https://www.grin.com/document/491309
