This is a paper that I wrote in the Spring of 2020 for my Networking class.
Introduction
Windows Mobile Phone OS, Google Android, and Apple iOS are operating systems (OS) for mobile devices. Each OS has advantages and disadvantages with regards to their security models. Each OS has adopted an approach to improve its security and lower risks for users. All three OS security models are based upon the two main concepts of controlling access to applications or downloads and compartmentalizing applications and their resources once they have been downloaded. All mobile devices and smartphones have three basic security layers. These security layers should be enabled in mobile devices. Device Protection permits remotely wiping data if a device is ever lost or stolen. Data Protection prevents company data from being transferred to personal apps that run on the same device or personal network. App-Management Security protects in-app information from becoming compromised. Mobile device and smartphone security is dependent upon the phone, but it also is dependent upon MDM (Mobile Device Management) technology that is installed on company servers. MDM technology controls and manages mobile device security. All these features must work together to create hardened security (Kaspersky, n.d.).
Windows Mobile Phone OS Security Advantages
The Windows Mobile OS security model is based on the principle of least privilege. The OS uses isolation to achieve this goal. Every app, including parts of the OS, run inside their own isolated sandbox, which is called an AppContainer. The AppCointainer is a secured isolation boundary. Inside this boundary, an app and its processes will run. Each AppContainer is defined and implemented through a security policy. The security policy of an AppContainer defines the OS’s capabilities that apps can access from inside the AppContainer. Some of the items that can be accessed from inside the AppContainer are geographical location, camera, microphone, networking, and / or sensors. There is a set of default permissions that are given to all AppContainers. These permissions include access to a unique and isolated storage location. Access to other capabilities can be provided inside the app code. Access to additional capabilities and privileges are unable to be requested during run time (Microsoft, 2017).
AppContainers provide many advantages. The attack surface is decreased. Apps can access only those capabilities that are provided in the application code and are required to perform their functions. User consent and control are provided. Capabilities that apps use are automatically published to the app details page in the Microsoft Store. Any app access to capabilities that could expose sensitive information will automatically prompt the user to acknowledge and provide their consent. App isolation is provided. Communication between Windows apps is strictly controlled. Apps are isolated from one another. They are only allowed to communicate by using predefined communication channels and data types. Apps will be provided the minimal privileges they need to perform their legitimate tasks. Even if an app is exploited, the possible damage will be limited because the app is unable to elevate its privileges. It is contained inside its AppContainer. The Microsoft Store displays the app’s permissions that will be needed, the app’s age rating, and the app’s publisher (Microsoft, 2017).
Windows Mobile OS provides mobile devices with identity access and control, data protection, malware resistance, and app platform security. Windows Mobile OS uses the same security technologies that are used with the Windows 10 OS, which includes Windows Hello, Windows Information Protection, and Malware Resistance. These security technologies protect mobile devices against current and new security threats. Windows Hello utilizes enhanced identity and access control features. These features make sure that only authorized users can access company data and resources. Windows Hello makes MFA (Multifactor Authentication) easier to deploy and use. It also provides PIN, companion device, and biometric authentication methods. Windows Information Protection offers automatic data separation. It keeps company information from being shared with personal data and apps. Malware resistance provides multiple layers of protections that are built into the device’s hardware, startup processes, and app platform. This assists with decreasing malware threats that can compromise employee-owned devices. Windows Mobile OS security features can be used to improve protection against unauthorized access, data leakage, and malware (Microsoft, 2017).
Windows Mobile devices must have a TPM (Trusted Platform Module). A TPM is a microchip that provides advanced security features. It offers encryption keys that are bound with the TPM’s storage root key. The storage root key is stored inside the TPM, which will prevent credentials from being compromised. The encryption keys that are created by the TPM can only be decrypted by the same TPM. This will protect the key material from hackers who want to capture and reuse it. A hacker must access the physical device in order to compromise the mobile device’s credentials. Then, the hacker would need to find a way to spoof the user’s biometric identity or guess their PIN. The hacker would need to complete all these steps before TPM brute-force resistance locks the device, the theft-protection system turns on, and / or the user remotely wipes the device. TMP decreases the hacker’s opportunity for compromising user’s credentials (Microsoft, 2017).
Windows Mobile OS places apps into two categories, which are enlightened and unenlightened. Enlighted apps can distinguish between company and personal data. They decide which one to protect based on internal policies. Company data is encrypted on the managed device. Any attempts made to copy and paste or share this information with non-corporate apps or users will not work. Unenlightened apps that are marked as corporate-managed, will consider all data corporate and encrypt everything by default. Windows Information Protection uses MDM. When a device that is running on Windows Mobile OS enrolls in MDM, unauthorized apps will not have access to enterprise data (Microsoft, 2017).
Windows Mobile OS uses device encryption that is based on BitLocker technology. This technology will encrypt all internal storage, including the OS and data storage partitions. The user or the organization can activate device encryption through MDM tools. When device encryption is turned on, all data stored on the phone is encrypted automatically. This will assist with protecting the confidentiality of the stored data even if the device is lost or stolen. Windows Hello lock and data encryption features makes it very hard for an unauthorized user to obtain sensitive information from the device. Protection-under-lock is also provided. Encryption keys are removed from memory whenever a device is locked. Apps are unable to access sensitive data while the device is locked, so hackers and malware are unable to access this data. TMP locks down the device until the user unlocks the device with Windows Hello (Microsoft, 2017).
Windows Mobile OS provides strong malware resistance by using secured hardware, startup process defenses, core OS architecture, and application-level protections. To protect devices, it also uses UEFI (Unified Extensible Firmware Interface) with Secure Boot, Trust Boot, Measured Boot, DHA (Device Health Attestation), Device Guard, Address Space Layout Randomization, Device Execution Prevention, Windows Heap, Memory Reservations, and Control Flow Guard. Protected Processes prevents untrusted processes from interfering with those that have been specially signed. Protected Processes defines levels of trust for processes. It will prevent less trusted processes from interacting with and attacking more trusted processes (Microsoft, 2017).
Windows Mobile Phone OS Security Disadvantages
Possible vulnerabilities in apps, AppContainers, and Windows Mobile Phone OS may give hackers opportunities to compromise mobile devices. This OS requires redundant vulnerability mitigations to thwart off hackers’ attempts to compromise mobile devices (Microsoft, 2017). Many of this OS’s weaknesses are due to lack of features. Also, this is a less popular OS for mobile devices. If more users had adopted this OS, then more vulnerabilities might have been found verses the ones that were reported (Little, 2017). This OS also has a history of uncertain security performance and security weaknesses (Kaspersky, n.d.). On December 10th, 2019, Microsoft stopped supporting their Mobile Phone OS. The last version of this OS is Windows 10 Mobile. This is the end of life date for version 1709 of the OS. November 2019’s Build 15254.597 (KB4522811) was its last software update and set of security patches. Users are now on their own. There have been no new Windows 10 Mobile devices released after early 2016. Windows Phone 8.1 will no longer have app store support, which will be effective on December 16th, 2019. There will be no feature updates, security fixes, or new software for this OS (Dunn, 2019).
Microsoft is recommending that users switch to Android or iOS devices. This end of support applies to all Windows 10 Mobile products, including Windows 10 Mobile and Windows 10 Mobile Enterprise. Windows 10 Mobile users will no longer be eligible to receive new security updates, non-security hotfixes, free assisted support options, or online technical content updates from Microsoft for free. Windows 10 Mobile users no longer receive new features and non-security related updates. Without security updates, Windows 10 Mobile users who still are using Windows mobile devices will be at a higher risk for security threats. They will be much more vulnerable to hackers and malware, which can leave their sensitive and personal information exposed (Villas-Boas, 2019).
Google Android Security Advantages
The Android security architecture is an open platform. Securing Android’s open platform requires a strong security architecture and rigorous security programs. Android has many layers of security that are adaptable enough to support an open platform while still protecting all users. This platform provides an app environment that protects the confidentiality, integrity, and availability of users, data, apps, the device, and the network. The core Android OS is built on the Linux kernel. All Android device resources, such as camera functions, GPS data, Bluetooth functions, telephone functions, and network connections are accessed through the OS. Android repurposes traditional OS security controls to protect app and user data, protect system resources, and protect the network, along with providing app isolation from the system, other apps, and the user. To accomplish these goals, security features are provided, which include vigorous security at the OS level through the Linux kernel, mandatory app sandbox for all apps, secure inter-process communication, app signing, and app-defined and user-granted permissions (Android Open Source Project, 2020).
Android releases regular software and security updates to keep devices safe. They also have the option for the user to turn on an automatic update feature. Properly securing an Android device is dependent upon its hardware. There are some Android device manufacturers that are better than others at ensuring their devices have Android’s built-in security features and that those features are working correctly. Other Android device manufacturers may overlook these features. Android OS and its devices are manufactured by many different companies. Some of these companies will provide hardware that is more secure, while others will provide hardware that is less secure. The device’s manufacturer may also use a custom ROM or base operating system that has software installed on it that isn’t able to be removed easily. It may also be difficult to analyze it for malicious code or other security threats (Rafter, n.d.).
Google Android Security Disadvantages
The users of Android OS devices must be aware of possible malware, viruses, and other security threats. Users of these devices should use caution when they download apps from third-party app stores. Apps should only be downloaded from trusted sources, such as the Google Play Store. The Google Play Store is a trusted source and it ensures that all the apps they place in their store are safe from viruses, malware, and other security threats. Third-party sources typically do not have these safety features in place to ensure that all their apps are safe from infection by security threats. Developers continuously build new apps for this OS. This can cause problems. Hackers can build apps for this OS that will infect devices. Even though the Google Play Store has an app review process, that process is much less strict than what developers must go through when they add apps to the Apple App Store. This makes it easier for a hacker to add a malicious app to the Google Play Store. This makes it much easier for a user to download and install that malicious app on their device. Another feature that makes Android OS less secure is that users can go into their Android device’s settings and enable the installation of software from Unknown Sources. This is what allows users to install software from third-party sources. It also bypasses the Google Play Store’s app review process (Rafter, n.d.).
Apple iOS Security Advantages
The Apple iOS security architecture is a closed platform. Apple iOS devices use a file encryption method called Data Protection. Data Protection roots key management hierarchies in the dedicated silicon of the Secure Enclave, while leveraging a dedicated AES engine to support line-speed encryption. It also makes sure that encryption keys won’t need to be provided to the kernel OS. System security is built on Apple hardware. System security maximizes the security of the operating systems on Apple devices without compromising usability. System security encompasses the boot-up process, software updates, and the continuing operation of the OS. Apple devices have boot and runtime protections so that they maintain integrity during continuing operations (Apple, 2019).
Security capabilities were built into silicon, which include custom CPU capabilities that power system security features and silicon dedicated to security functions. One of these components is called the Secure Enclave coprocessor. The Secure Enclave provides the basis for encrypting data at rest, secure boot, and biometrics. All devices that have a T2 chip include a dedicated AES hardware engine to power line-speed encryption as files are written or read. Secure boot of Apple devices helps make sure that the lowest levels of software aren’t manipulated and that only trusted OS software from Apple will load at startup. Security begins in immutable code called the Boot ROM, which occurs during chip fabrication. It is referred to as the hardware root of trust. The Secure Enclave enables Touch ID and Face ID in devices. It provides secure authentication while keeping user biometric data private and secure. Apple provides layers of protection to ensure that apps are malware free and haven’t been manipulated. Sandboxing protects user data from unauthorized access by apps (Apple, 2019).
Apple does not provide its source code to app developers. A user of an Apple device is unable to change the code on their device themselves. This type of closed system makes it hard for hackers to detect vulnerabilities on iOS devices. Apple ensures that the apps they place in their store are safe from viruses, malware, and other security threats. Apple releases regular software and security updates to keep devices safe. They also have the option for the user to turn on an automatic update feature. Apple iOS and its devices are manufactured by Apple. Apple provides more strict security controls. Apple makes it more difficult for developers to place apps in the Apple App Store. There is a much stricter review process that apps must go through before being placed in the store. This stricter review process of apps means that it is less likely for a malicious app to make its way into Apple’s App Store. Apple won’t permit users to change its operating system. It also won’t permit custom ROMs to be loaded onto devices. That makes the system more secure because Apple is in control of everything. Apple doesn’t provide support to devices that have been jailbroken. Apple iOS is less popular than Android OS and powers less devices than Android OS. This means that hackers are less attracted to iOS (Rafter, n.d.).
Apple iOS Security Disadvantages
Apple iOS is vulnerable to hacking attacks. The users of Apple iOS devices must be aware of possible malware, viruses, and other security threats. Users should use caution when they download apps from third-party app stores. Apps should only be downloaded from trusted sources, such as the Apple App Store. However, users of Apple devices can still jailbreak them and change their source code. Jailbreaking provides users with new device capabilities. For example, this would permit a user to modify Siri’s voice (Rafter, n.d).
Conclusion
Each OS has its advantages and disadvantages. Each OS is also vulnerable to security threats. Apple iOS is usually considered to be more secure than Android OS due to its closed operating system (Rafter, n.d.). In the Windows OS, the combination of Device Guard and AppContainer assist with preventing unauthorized apps from running. If malware gets into an app’s environment, the AppContainer assists with isolating the app and reducing possible damage (Microsoft, 2017). The Android OS seems to be prone to the most exploits due to it being an open operating system. It has open source code that can be manipulated, either maliciously or for good intentions. A user of an Android device can change their device’s source code. When a user makes too many changes to their Android device, vulnerabilities within their device’s security may develop. Manufacturers of Android devices can also change the operating system’s source code. If this change to the operating system’s code creates a vulnerability, hackers will be able to detect it and attempt to exploit it. Android OS is targeted by hackers more than Apple iOS and Windows OS. Android’s operating system powers a plethora of mobile devices. It’s popular all over the World, which makes it a much more desirable target for hackers since they will have access to more victims. This causes Android devices to have a higher risk of hacking attacks, such as malware, viruses, and other security threats (Rafter, n.d.). In the end, the mobile OS chosen, should be the one that best suits your needs.
References
Android Open Source Project (AOSP). (2020, January 06). Secure an Android Device. Retrieved from
Android: https://source.android.com/security
Apple. (2019). Apple Platform Security. Retrieved from Apple:
https://support.apple.com/guide/security/welcome/web
Dunn, J. (2019, December 11). Windows 10 Mobile Receives its Last Security Patches. Retrieved from
Naked Security by Sophos: https://nakedsecurity.sophos.com/2019/12/11/windows-10-mobile-receives-its-last-security-patches/
Kaspersky. (n.d.). Smartphone Security: Android vs. iPhone vs. BlackBerry vs. Windows Phone - Top
Mobile Threats. Retrieved from Kaspersky: https://usa.kaspersky.com/resource-center/threats/android-vs-iphone-mobile-security
Little, H. (2017). Which Mobile OS is Most Secure; iOS, Android, or Windows? Retrieved from NextLogiK:
https://www.nextlogik.com/which-mobile-os-is-most-secure-ios-android-or-windows-slideshare/
Microsoft. (2017, October 13). Windows 10 Mobile Security Guide. Retrieved from Microsoft:
Rafter, D. (n.d.). Android vs. iOS: Which is more secure? Retrieved from Norton:
https://us.norton.com/internetsecurity-mobile-android-vs-ios-which-is-more-secure.html
Villas-Boas, A. (2019, January 18). Microsoft is Finally Killing the Last of Windows Phone, and Wants You
to Switch to Android or iPhone Instead. Retrieved from Business Insider:
