Before jumping to discussion of the differences between security mechanisms of both operating systems, we would like to mention basic security principles, like “read only mode” and process delimitation at the kernel level.
Android and iOS system partitions are unavailable for records, which prevents accidental or purposed file changing. Moreover, both operating systems apply “sandbox” principle. According to it every application operates in separately and cannot access system files or other applications data.
In iOS system almost all applications run under unprivileged user named “mobile”.
In Android system every application has its own user, which delimits the rights of running applications at the kernel of operating system.
The main differences of security mechanisms of Android and iOS are about:
- limited access to the kernel
- verification of downloaded OS
- access right control
Before appearing in the App Store iOS applications get checked, tested and verified according to the requirements. Every application installed on the iOS should have unique certificate «iOS Developer Program» received after the verification process. These measures provide protection against malware in the App Store.
It`s curious but Google doesn`t check application before uploading to Google Play, but regularly runs the scan the store to detect malware. The approach might seems not much secure and it`s the truth as in Google Play there are lots of dangerous OSs. Still, according to the Hewlett-Packard research and “HP Security Research Cyber Risk Report 2013” these programs are unable to do much harm and are simply advertising applications.
Needless to say, that Google Play definitely has malware, though having certain user skills you can defend your device and OS.
When downloading applications to an Android device a user can see the full list of access permissions the application needs. If, for example, a flashlight application requests access to the contacts` list or needs internet access, it is definitely a malware.
The situation with access permissions is a bit different in iOS: every access request should be accepted or canceled by user.
What about the vulnerabilities in the OSs themselves? That we`ll discuss in the next post.