Blog

Android and iOS security mechanisms. Application stores

Before jumping to discussion of the differences between security mechanisms of both operating systems, we would like to mention basic security principles, like “read only mode” and process delimitation at the kernel level.
8 July 2014
Cybersecurity testing
Mobile app testing
The article by a1qa
a1qa

Before jumping to discussion of the differences between security mechanisms of both operating systems, we would like to mention basic security principles, like “read only mode” and process delimitation at the kernel level.

Android and iOS system partitions are unavailable for records, which prevents accidental or purposed file changing. Moreover, both operating systems apply “sandbox” principle. According to it every application operates in separately and cannot access system files or other applications data.

In iOS system almost all applications run under unprivileged user named “mobile”.

In Android system every application has its own user, which delimits the rights of running applications at the kernel of operating system.

The main differences of security mechanisms of Android and iOS are about:

  • limited access to the kernel
  • verification of downloaded OS
  • access right control

Before appearing in the App Store, iOS applications go through mobile app security testing to get checked and verified according to the requirements. Every application installed on the iOS should have unique certificate «iOS Developer Program» received after the verification process. These measures provide protection against malware in the App Store.

It`s curious but Google doesn`t check application before uploading to Google Play, but regularly runs the scan the store to detect malware. The approach might seems not much secure and it`s the truth as in Google Play there are lots of dangerous OSs. Still, according to the Hewlett-Packard research and “HP Security Research Cyber Risk Report 2013” these programs are unable to do much harm and are simply advertising applications.
Needless to say, that Google Play definitely has malware, though having certain user skills you can defend your device and OS.

When downloading applications to an Android device a user can see the full list of access permissions the application needs. If, for example, a flashlight application requests access to the contacts` list or needs internet access, it is definitely a malware.

The situation with access permissions is a bit different in iOS: every access request should be accepted or canceled by user.

What about the vulnerabilities in the OSs themselves? That we`ll discuss in the next post.

More Posts

gaming-qa
24 August 2023,
by a1qa
4 min read
Ready, steady, test: How QA drives seamless gaming experiences
Why is QA pivotal for delivering unmatched player experiences? How to level up video game quality? Find the answers in the article.
Cybersecurity testing
Functional testing
Localization testing
Performance testing
Quality assurance
Test automation
Usability testing
12jun202311
22 June 2023,
by a1qa
4 min read
The ins and outs of ensuring OSS/BSS software quality: a hands-on guide
The need for OSS/BSS’ flawless operation is undisputable, but how can we reach that goal? Inter alia, a1qa suggests focusing on delivering high software quality to the end users.
Cybersecurity testing
Functional testing
General
Performance testing
6-march-2023-1
21 March 2023,
by a1qa
4 min read
The ultimate QA guide for smoothly migrating to Web 3.0
Find out how businesses can seamlessly migrate to Web 3.0 by relying on quality assurance.
Cybersecurity testing
General
Performance testing
Usability testing
27 February 2023,
by a1qa
5 min read
Reaching HIPAA compliance for eHealth solutions through QA
We reveal HIPAA’s data safety benchmarks and shed light on how software testing may help in its conformity.
Cybersecurity testing
Software lifecycle QA
Mobile app testing
15 February 2023,
by a1qa
4 min read
Mobile app testing guide: win the race with five-star software
Which aspects of mobile apps to test first to produce a really high-quality product? Find the answer to this and other questions related to mobile app testing in the article.
Cybersecurity testing
Functional testing
Mobile app testing
Performance testing
Test automation
Usability testing
qa-trends-in-telecom
30 September 2022,
by a1qa
5 min read
4 telecom trends for 2023 and how to painlessly implement them with QA
It’s time to explore the telecom trends for the upcoming year. Let’s look at them together and also see the value that QA brings for their smooth deployment.
Cybersecurity testing
Migration testing
QA trends
Quality assurance
Test automation
black-friday
29 July 2022,
by a1qa
4 min read
Get ready for Black-Friday-to-Cyber-Monday shopping: 5 testing types to include in your QA strategy
What’s your nightmare during Black Friday and Cyber Monday shopping? If it’s a loss of sales, read about the ways to prevent this in the article.
Cybersecurity testing
Functional testing
Localization testing
Performance testing
Usability testing
eLearning and mLearning QA_mini
22 July 2022,
by a1qa
4 min read
6 must-have testing types for eLearning and mLearning software
Discover how to ensure top-notch educational solutions through QA, provide end users with boosted studying experience, and make the grade in the IT market.
General
Localization testing
Mobile app testing
Performance testing
30 June 2022,
by a1qa
4 min read
App software testing for telecom: What are the common issues telco providers face?
Facing problems with the quality of your telecom software products? Read more in the article and find out the ways to address them.
Cybersecurity testing
Performance testing
Test automation

Get in touch

Please fill in the required field.
Email address seems invalid.
Please fill in the required field.
We use cookies on our website to improve its functionality and to enhance your user experience. We also use cookies for analytics. If you continue to browse this website, we will assume you agree that we can place cookies on your device. For more details, please read our Privacy and Cookies Policy.