iPhone and Android Security

idleheadedceleryMobile - Wireless

Dec 10, 2013 (4 years and 7 months ago)


iPhone and Android Security

James Shore

COP 5611

iPhone and Android Security

Many security features are common to both systems

Screen locking, access

Network security and encryption (WEP, WAP, etc)

There are also fundamental decision affecting the security
of the systems

Open vs. Closed Source

Freely distributable applications

Neither system is without its weaknesses

Both systems suffered from SMS based vulnerabilities

Both systems suffered from web browser based vulnerabilities

Fundamental Differences

Open Source (Android) vs. Closed Source (iPhone)

The open source nature of Android makes it easier for would
be attackers to find faulty code

It also makes it easier for the community to contribute fixes

Closed source means fewer eyes on the code, for better or

Available Applications

Android can install applications found outside the app store

Pro: Increased freedom for the user

Con: Increased freedom for the user

Acceptance into the Android app store is less rigorous

Pro: Easier for developers to make applications available

Con: May allow lower quality applications

Fundamental Differences

Available Applications

Acceptance into the iPhone app store is a long and scrutinizing

Pro: Ideally only high
quality, safe applications would be allowed

Con: Many legitimate apps may be rejected; Increased difficulty for
developers to make their apps available; limits the choice of what
users can run on their own devices

Fundamental Differences

Application Signing

The iPhone uses signing as a way of controlling which
applications can run on the device

Android uses signing mainly for developer identification and
relationships between applications

Application Signing

Android signing requires no certifying authority; many
applications are “self

Pro: Gives developers freedom and control over their own

Con: No outside authority to verify the validity of an application

iPhone developers must request certification; iPhone signing is
used to verify


Flaws in the Core multimedia application framework of
Android allowed remote control of the browser, allowing
access to saved credentials and history, February 2009


the Phone in your Phone,” July 2009

Paper described methods to crash the window management
application on the iPhone as well as kick both iPhone and Android
devices from their networks

Android phones were kicked permanently from the network if the SIM
card had a PIN set

iPhone could be taken over by malicious SMS messages

iPhone could be taken over by visiting malicious website
which crashed the browser, August 2007


Both systems have their strengths and weaknesses

The iPhone has a much larger user base

more likely to
be exploited