Blog

Android and iOS security mechanisms

Though security by itself is priceless, there still is one thing about it – people tend to remember about security when the system is hacked. The situation with mobile devices is even worse. Today users know a lot about the consequences of desktop and web applications hacking, though they never think smartphones and tablets security.
26 June 2014
Cybersecurity testing
Mobile app testing
The article by a1qa
a1qa

Though security by itself is priceless, there still is one thing about it – people tend to remember about security when the system is hacked. The situation with mobile devices is even worse. Today users know a lot about the consequences of desktop and web applications hacking, though they never think smartphones and tablets security.

In fact, there are three categories of people caring about mobile device security:

  • Users
  • Product developers and owners
  • Corporations

Every group has its own risks and security requirements. We`ll try to cover the Android and iOS security mechanism that is essential for mobile app security testing of each group.

From the developers viewpoint the main risk is client loss as a consequence of hacker`s attack. Actually, Android and iOS are similar in resisting local and web attacks. Though, if developers follow the security criteria in the process of development, they are able to develop a well-protected application for Android and iOS.

Generally Android applications are written on Java language are immune to buffer overflow attacks unlike iOS applications written on Objective-C. Still, Android applications are easy to decompile and interchange the primary code to the harmful one, thus developers are to apply code obfuscation techniques.

Though the iOS applications are vulnerable to the buffer overflow, iOS developers use mechanisms that can prevent exploitation of these vulnerabilities. Among those mechanisms are used compilation parameters like PIE (Position Independent Executable), SSP (Stack Smashing Protection) and ARC (Automatic Reference Counting). These parameters effectively manage memory and prevent the mistakes that can lead to the buffer overflow. Moreover, on the presentation of iOS8 Apple introduced the new programming language – Swift – that would be used instead of Objective-C. It is claimed that the new language is more secure. If it is true or not we can say only in the end of 2014.

So, both Android and iOS applications are quite secure, when the followers follow the security requirements.

Users` device security depends upon the security of the mobile OS. Having found breaches in the OS hackers can easily attack the device, even if users apply only high secure applications. Though being almost equal in security protection, the attack tactics is different.

In the next post we`ll discuss the operation systems’ security mechanisms.

More Posts

5G impact
31 May 2021,
by a1qa
4 min read
5G network impact on mobile app testing
Check out what 5G connectivity will bring to the IT world and how it will modify mobile app testing.
Cybersecurity testing
Mobile app testing
Performance testing
29 April 2021,
by a1qa
4 min read
Addressing 4 security issues for digital transformation programs
Find out the top 4 safety challenges of digital transformation and a QA playbook to address them and contribute to a higher level of cybersecurity.
Cybersecurity testing
31 March 2021,
by a1qa
4 min read
QA scenario to introduce 6 eCommerce trends in 2021
Discover what trends will rule the eCommerce industry in 2021 and how QA can help implement them with confidence and ease.
Cybersecurity testing
Test automation
15 March 2021,
by a1qa
4 min read
Mobile app performance testing: getting high software efficiency
Explore 3 cornerstones of mobile app performance testing and QA steps on how to execute it successfully.
Mobile app testing
Performance testing
25 February 2021,
by a1qa
4 min read
9 QA points for delivering high-quality SaaS-based solutions
In the article, we’ve gathered 9 QA factors relying on the SaaS specifics that may help to perform SaaS testing with ease.
Cloud-based testing
Cybersecurity testing
Functional testing
Performance testing
Test automation
16 February 2021,
by a1qa
5 min read
Winning trust: 5 industries that need blockchain testing
Get to know what industries are prone to rapid transformation within blockchain solutions, and how their catch-all testing can help keep leading positions.
Blockchain app testing
Cybersecurity testing
Functional testing
Performance testing
29 January 2021,
by a1qa
4 min read
3 do’s and 3 don’ts in BFSI software testing
Considering BFSI to be a fast-paced industry, how to keep up with such velocity? We’ve prepared 3 do’s and 3 don’ts that help sustain the rush and high software quality.
Functional testing
Mobile app testing
Test automation
13 January 2021,
by a1qa
4 min read
Reaching HIPAA compliance for eHealth solutions through QA
We reveal the HIPAA’s data safety benchmarks and shed light on how software testing may help in its conformity.
Cybersecurity testing
Software lifecycle QA
30 November 2020,
by a1qa
5 min read
Acumatica: ensuring sound business operations with well-tested ERP system
Internal business activities are advancing, while ERP systems’ usage is growing rapidly. Explore how to ascertain their accurate work through timely applying QA.
Big data testing
Cybersecurity testing
ERP testing
Functional testing
Performance testing
Test automation

Get in touch

Please fill in the required field.
Email address seems invalid.
Please fill in the required field.
We use cookies on our website to improve its functionality and to enhance your user experience. We also use cookies for analytics. If you continue to browse this website, we will assume you agree that we can place cookies on your device. For more details, please read our Privacy and Cookies Policy.