Blog

Android and IOS security mechanisms. OS vulnerabilities

Everyone knows that Android is an “open” system, which means a user should expect a great number of vulnerabilities in the system. Nevertheless, it is iOS that is considered to be a more vulnerable operating system. According to the research of 2014 the amount of vulnerabilities in all iOS versions reached the number of 335, while in Android system only 36.
17 July 2014
Cybersecurity testing
Mobile app testing
The article by a1qa
a1qa

Everyone knows that Android is an “open” system, which means a user should expect a great number of vulnerabilities in the system. Nevertheless, it is iOS that is considered to be a more vulnerable operating system. According to the research of 2014 the amount of vulnerabilities in all iOS versions reached the number of 335, while in Android system only 36.

From the perspective of mobile app security testing, it is assumed that the number of vulnerabilities in the iOS system would increase, as after the presentation of iOS8 beta-version there appeared new targets for attack: a side keypad, increased number of API-calls new in the innovative SDK and HomeKit system. Still, Apple users should not much worry about security as Apple engineers quickly response to new issues.

Google, in its turn, amplifies the protection mechanisms of operating system. SELinux module integrated in Android 4.4 performs severe access control on the kernel level, while in Android 4.3 SELinux is turned off. This module runs independently from the basic Linux security model.

So, none of the both operating systems wins the “security mechanisms competition”, though Android and Apple have powerful mechanisms to provide protection from the hackers` attacks and pay special attention to OS security.

Above these all, the BYOD tendency rapidly increases its popularity. Though using mobile device for different purposes is a great thing, it is also a great security risk for corporations. Attacking any vulnerable or lost device – a smartphone or a tablet – hackers can get secret documentation and access internal resources like corporate email. As a result, there is a great demand for Mobile Device Management (MDM) solutions that allow managing security policy of mobile devices that run in corporate networks.

From the corporations` viewpoint Apple OS has more advantages over Android. There are powerful means for centralized device management in iOS: configuration profiles, remote data reset and incorporated support of outside MDM solutions. Android has no such an opportunity. To integrate with MDM system Android needs downloading a specialized OS.

It is worth mentioning that Samsung corporate security mechanisms left behind lots of Android devices producers. I mean the SAFE (Samsung For Enterprise) program and KNOX suite. They separate all work activities in MDM-system from all others. Thus all Samsung devices operating on Android 4.3 and higher versions fully comply with corporate security principles. Comparing with Android running devices, Apple has a smaller range of products and can easily provide support for corporate security systems for all versions of its smartphones, tablets and OSs. In this case the winner is iOS.

The topic of the security mechanisms of both operating systems deserves, I guess, a series of articles, this was just an overview. Those who want to have more profound information about Android and Apple security mechanisms can read detailed manuals on the companies` websites.

I would like to resume pros & cons of the OSs from the security viewpoint:

Android

Pros

  • “Open” for security research
  • Applications are immune to buffer overloads
  • Severe access control on the kernel level

Cons

  • Lots potentially harmful software in Google Play
  • Poor corporate security opportunities
  • Great number of OS versions and device models, which complicates the security methods standardization

iOS

Pros

  • Control of downloaded applications in App Store
  • Quick response to the security issues
  • Opportunities to support corporate security systems

Cons

  • Lots of vulnerabilities in the operating system
  • Increase of potential targets for attacks

To cut the long story short, I want to say that today very few people choose a smartphone because of high security protection. And that`s not a mistake, as Android and iOS are similar in their security approach. Still, if the device security is really essential for you, choose any Apple device or something by Samsung operating on Android 4.3 version and higher ones.

More Posts

19 August 2021,
by a1qa
4 min read
Cybersecurity: Top 5 questions to ask a QA vendor
What information to request from QA providers to get confident in the complete security of your software and protect end-user sensitive data? Read about that in the article.
Cybersecurity testing
5G impact
31 May 2021,
by a1qa
4 min read
5G network impact on mobile app testing
Check out what 5G connectivity will bring to the IT world and how it will modify mobile app testing.
Cybersecurity testing
Mobile app testing
Performance testing
29 April 2021,
by a1qa
4 min read
Addressing 4 security issues for digital transformation programs
Find out the top 4 safety challenges of digital transformation and a QA playbook to address them and contribute to a higher level of cybersecurity.
Cybersecurity testing
31 March 2021,
by a1qa
4 min read
QA scenario to introduce 6 eCommerce trends in 2021
Discover what trends will rule the eCommerce industry in 2021 and how QA can help implement them with confidence and ease.
Cybersecurity testing
Test automation
15 March 2021,
by a1qa
4 min read
Mobile app performance testing: getting high software efficiency
Explore 3 cornerstones of mobile app performance testing and QA steps on how to execute it successfully.
Mobile app testing
Performance testing
25 February 2021,
by a1qa
4 min read
9 QA points for delivering high-quality SaaS-based solutions
In the article, we’ve gathered 9 QA factors relying on the SaaS specifics that may help to perform SaaS testing with ease.
Cloud-based testing
Cybersecurity testing
Functional testing
Performance testing
Test automation
16 February 2021,
by a1qa
5 min read
Winning trust: 5 industries that need blockchain testing
Get to know what industries are prone to rapid transformation within blockchain solutions, and how their catch-all testing can help keep leading positions.
Blockchain app testing
Cybersecurity testing
Functional testing
Performance testing
29 January 2021,
by a1qa
4 min read
3 do’s and 3 don’ts in BFSI software testing
Considering BFSI to be a fast-paced industry, how to keep up with such velocity? We’ve prepared 3 do’s and 3 don’ts that help sustain the rush and high software quality.
Functional testing
Mobile app testing
Test automation
13 January 2021,
by a1qa
4 min read
Reaching HIPAA compliance for eHealth solutions through QA
We reveal the HIPAA’s data safety benchmarks and shed light on how software testing may help in its conformity.
Cybersecurity testing
Software lifecycle QA

Get in touch

Please fill in the required field.
Email address seems invalid.
Please fill in the required field.
We use cookies on our website to improve its functionality and to enhance your user experience. We also use cookies for analytics. If you continue to browse this website, we will assume you agree that we can place cookies on your device. For more details, please read our Privacy and Cookies Policy.