Death Walkers

Android and Apple OS Exploits

By shellatreille | returnsyourgazeart | 30 Nov 2020


Android OS and Apple iOS are two very popular operating systems for mobile devices.  Both operating systems are vulnerable to exploits.  However, Android OS is more prone to exploits than iOS is.  The Android security architecture is an open system.  Users can manipulate the operating system’s code.  The Apple iOS architecture is a closed system.  Users are unable to manipulate the operating system’s code.  However, Apple iOS devices can still be jailbroken. 

The Android model is prone to exploits.  Android OS is an open operating system.  It has open source code that can be manipulated, either maliciously or for good intentions.  A user of an Android device can change their device’s source code.  When a user makes too many changes to their Android device, vulnerabilities within their device’s security may develop.  Manufacturers of Android devices can also change the operating system’s source code.  If this change to the operating system’s code creates a vulnerability, hackers will be able to detect it and attempt to exploit it.  Android OS is targeted by hackers more than Apple iOS.  Android’s operating system powers a plethora of mobile devices.  It’s popular all over the World, which makes it a much more desirable target for hackers since they will have access to more victims.  This causes Android devices to have a higher risk of hacking attacks, such as malware, viruses, and other security threats (Rafter, n.d.). 

The users of Android OS devices must be aware of possible malware, viruses, and other security threats.  Users of these devices should use caution when they download apps from third-party app stores.  Apps should only be downloaded from trusted sources, such as the Google Play Store.  The Google Play Store is a trusted source and it ensures that all the apps they place in their store are safe from viruses, malware, and other security threats.  Third-party sources typically do not have these safety features in place to ensure that all their apps are safe from infection by security threats.  Developers continuously build new apps for this OS.  This can cause problems.  Hackers can build apps for this OS that will infect devices.  Even though the Google Play Store has an app review process, that process is much less strict than what developers must go through when they add apps to the Apple App Store.  This makes it easier for a hacker to add a malicious app to the Google Play Store.  This makes it much easier for a user to download and install that malicious app on their device.  Another feature that makes Android OS less secure is that users can go into their Android device’s settings and enable the installation of software from Unknown Sources.  This is what allows users to install software from third-party sources.  It also bypasses the Google Play Store’s app review process (Rafter, n.d.). 

Android releases regular software and security updates to keep devices safe.  They also have the option for the user to turn on an automatic update feature.  Properly securing an Android device is dependent upon its hardware.  There are some Android device manufacturers that are better than others at ensuring their devices have Android’s built-in security features and that those features are working correctly.  Other Android device manufacturers may overlook these features.  Android OS and its devices are manufactured by many different companies.  Some of these companies will provide hardware that is more secure, while others will provide hardware that is less secure.  The device’s manufacturer may also use a custom ROM or base operating system that has software installed on it that isn’t able to be removed easily.  It may also be difficult to analyze it for malicious code or other security threats (Rafter, n.d.). 

The Android security architecture is an open platform.  Securing Android’s open platform requires a strong security architecture and rigorous security programs.  Android has many layers of security that are adaptable enough to support an open platform while still protecting all users.  This platform provides an app environment that protects the confidentiality, integrity, and availability of users, data, apps, the device, and the network. The core Android OS is built on the Linux kernel.  All Android device resources, such as camera functions, GPS data, Bluetooth functions, telephone functions, and network connections are accessed through the OS.  Android repurposes traditional operating system security controls to protect app and user data, protect system resources, and protect the network, along with providing app isolation from the system, other apps, and the user.  To accomplish these goals, security features are provided, which include vigorous security at the OS level through the Linux kernel, mandatory app sandbox for all apps, secure inter-process communication, app signing, and app-defined and user-granted permissions (Android Open Source Project, 2020). 

The Apple iOS security architecture is a closed platform.  Apple iOS devices use a file encryption method called Data Protection.  Data Protection roots key management hierarchies in the dedicated silicon of the Secure Enclave, while leveraging a dedicated AES engine to support line-speed encryption.  It also makes sure that encryption keys won’t need to be provided to the kernel OS.  System security is built on Apple hardware.  System security maximizes the security of the operating systems on Apple devices without compromising usability.  System security encompasses the boot-up process, software updates, and the continuing operation of the OS.  Apple devices have boot and runtime protections so that they maintain integrity during continuing operations (Apple, 2019). 

Security capabilities were built into silicon, which include custom CPU capabilities that power system security features and silicon dedicated to security functions.  One of these components is called the Secure Enclave coprocessor.  The Secure Enclave provides the basis for encrypting data at rest, secure boot, and biometrics.  All devices that have a T2 chip include a dedicated AES hardware engine to power line-speed encryption as files are written or read.  Secure boot of Apple devices helps make sure that the lowest levels of software aren’t manipulated and that only trusted OS software from Apple will load at startup.  Security begins in immutable code called the Boot ROM, which occurs during chip fabrication.  It is referred to as the hardware root of trust.  The Secure Enclave enables Touch ID and Face ID in devices. It provides secure authentication while keeping user biometric data private and secure.  Apple provides layers of protection to ensure that apps are malware free and haven’t been manipulated.  Sandboxing protects user data from unauthorized access by apps (Apple, 2019). 

Apple iOS is usually considered to be more secure than Android OS due to its closed operating system.  Apple does not provide its source code to app developers.  A user of an Apple device is unable to change the code on their device themselves.  This type of closed system makes it hard for hackers to detect vulnerabilities on iOS devices.  However, Apple iOS is still vulnerable to hacking attacks.  The users of Apple iOS devices must be aware of possible malware, viruses, and other security threats.  Users should use caution when they download apps from third-party app stores.  Apps should only be downloaded from trusted sources, such as the Apple App Store.  Apple ensures that the apps they place in their store are safe from viruses, malware, and other security threats.  Apple releases regular software and security updates to keep devices safe.  They also have the option for the user to turn on an automatic update feature (Rafter, n.d.). 

Apple iOS and its devices are manufactured by Apple.  Apple provides more strict security controls.  Apple makes it more difficult for developers to place apps in the Apple App Store.  There is a much stricter review process that apps must go through before being placed in the store.  This stricter review process of apps means that it is less likely for a malicious app to make its way into Apple’s App Store.  Apple won’t permit users to change its operating system.  It also won’t permit custom ROMs to be loaded onto devices.  That makes the system more secure because Apple is in control of everything.  However, users of Apple devices can still jailbreak them and change their source code.  Jailbreaking provides users with new device capabilities.  For example, this would permit a user to modify Siri’s voice.  Apple doesn’t provide support to devices that have been jailbroken.  Apple iOS is less popular than Android OS and powers less devices than Android OS.  This means that hackers are less attracted to iOS (Rafter, n.d.). 

Both Android OS and Apple iOS are excellent platforms for mobile devices.  Each one has its strengths and weaknesses.  Both are vulnerable to exploits.  Users should select the operating system that best suits their needs, along with device capability.  Users should only download apps from trusted sources.  Users should protect their mobile devices from security threats.  This will allow device users to select either platform and have a positive experience. 

 

References

Android Open Source Project (AOSP). (2020, January 06). Secure an Android Device. Retrieved from

Android: https://source.android.com/security

Apple. (2019). Apple Platform Security. Retrieved from Apple:

https://support.apple.com/guide/security/welcome/web

Rafter, D. (n.d.). Android vs. iOS: Which is more secure? Retrieved from Norton:

https://us.norton.com/internetsecurity-mobile-android-vs-ios-which-is-more-secure.html

How do you rate this article?

1


shellatreille
shellatreille

Artist, Photographer, Writer, Creative Innovator, Website / Graphic Designer, & Human Resources Manager in Orem, Utah. I enjoy learning new things, traveling to historic, paranormal, & abandoned places, rock hounding, museums, technology, & the abstract.


returnsyourgazeart
returnsyourgazeart

This blog will showcase my photography, art, short stories, poetry, and recipes. It will be abstract and colorful. My website: www.ReturnsYourGazeArt.com and www.shellatreille.com

Publish0x

Send a $0.01 microtip in crypto to the author, and earn yourself as you read!

20% to author / 80% to me.
We pay the tips from our rewards pool.