Friends! We looked at the Security Architecture of Android painstakingly in the previous post. Now, we will focus a bit on the security features of iOS and then do a bit of comparison with the security of Android.
Some of the general security features of iOS includes the following:
- Geo location: If you lose your iPhone this feature is very handy. This feature in combination with MobileMe (provided by Apple) helps you locate your cell phone. MobileMe can directly pin point the location of your iPhone if it’s working properly. The only important part is to keep it enabled to track phone’s location as it moves.
- Auto erase: This is another very interesting feature considering you store very sensitive data on your smartphone. In case you lose your phone and wish that its contents are not read, then you can remotely ask Apple to erase the data on your device. Guess what? The user can even recover his erased data from the backup information located on the desktop. To add to this remote wipe if you have a lock code setup, than, on 10 failed passcode attempts the data automatically gets erased!
- Data encryption: iOS can encrypt your confidential corporate data. It is made available only for the users that have password-protected access to the device.
- 4 layers of OS: And, one more important feature is that iOS apps cannot directly access the underlying hardware. The hardware interactions are all controlled exclusively by number of different layers of software which act as intermediaries between the application and the device hardware. This also works to ensure a securer device.
Now that we have looked at the general features of both, let’s now take a look at the online App Stores/Marketplaces for both OS’. Clearly, Apple seems to be very possessive in ensuring a certain brand image, and as such, disallows certain kind of Apps. They claim to leave no room for malicious apps, but this hasn’t always proven to be the case. Apple has a proper ‘Apple’s App Store’ wherein a developer has to get registered for the submission of any app he or she has developed. Developers are also mandated to pay an annual fee. Apple has certain, yet ambiguous standards on what they deem appropriate. Most recently, they have received heavy criticism for approving a “Gay Cure” App, so it’s difficult to truly know what they find objectionable. They claim that any kind of spammy, malicious or inappropriate content containing app which may steal personal data of a user will be turned down by them. They ensure that their image, and the users security does not get compromised by evaluating and approving each version of an application. And, reportedly, Apple turns down 10 per cent of applications submitted annually due to the above reasons.
Google however, is a bit more lenient on this. Although, there’s an Android Marketplace where there are many free and paid applications, it’s not quite as cut and dry as Apple’s offerings. Google does not prohibit Apps from being released based on what sort of function or content they provide. As we have seen in the past, Google has been extremely quick to respond to malicious apps, and even built a remote App removal feature into the Android OS for such an occasion. Because any application can be uploaded up at Android marketplace and no monitoring takes place here, creativity is not stifled, and users have access to truly innovative apps.
Android prevents malicious applications as we read in the last post on basis of capabilities an app requires. The application’s claim are verified when we install it and the user is prompted for providing various permissions. Back in December last year a Web banking app posted on the Android Marketplace appeared fine. But, it was a phishing scam although it might have been entrusted by many users. Google soon removed the rogue app.
Google is being really bold since it has set free the developers without any monitoring of their apps. This leads to innovation. and fosters a highly competitive development community.
Although a kind of mini security feature, iOS has an option of delaying the lock code. What this flexibility does is you need not enter the lock code if your phone has been asleep for a mere minute or maybe more time as per your wish. With Android, you have to enter the code every time you want to access the device(which even might be after a one minute call!). This is a bit irritating. And, even may lead to the user disabling the feature.
Android’s permission based system wants the user to carefully think about their own security concerns. At the end of the day, we are all end-users, and sometimes it’s difficult to really know where our data is going.
Even legitimate apps asks for the same privileges for communication on information with a remote server. So, how do we distinguish unless a kind of pass is provided by a trusted source> These are all questions that make us realize the kind of loopholes that Android has.
So, as we wrap this post up, we think that is is very important for these features to be incorporated sooner rather than later in the future versions of the Android OS. Features like multilayer protection, remote wipe, a bit of monitoring on the Android Marketplace (like Amazon has recently begun to offer), easy user interface with app installer packages and a user-settable delay for the lock code. We would like to see all of these elements incorporated in such a way that does not stifle innovation and allows Android to continue to flourish and grow.
Do you think we left out any security feature which deserves a mention here? Are there any security enhancements you would like to see in the future versions of Android? What are your thoughts on these two smartphone OS architectures, and which one do you you feel is better? Hit the response button and tell us.
Big thanks goes out to masterful 3D artist Norebbo for the header image!