A Comparison of Android and iOS Security Models

Computer and Information Sciences

A Comparison ofAndroid and iOS Security

ModelsTrevor L. Buttrey


vs.

3

Reasons for Concern

• Smartphones are advancing technologically

• Have become popular

• People are growing more dependant upon

them

• Size makes them easy to lose• Security problems are becoming more of an

issue as users store more and more personal information on them


4

Unsecure Devices Allow

• Access to emails and social networking accounts

• Access to personal messages

• Access to phone book

• Access to phone accounts

• Access to personal and confidential information


5

Unsecure Devices Allow

• Access to bank accounts

• Access to mobile payments

• Access to web accounts

• Access to passwords

• Knowledge of location


6

The 5 Security Pillars


Traditional Access

Controls

Permissions -based Access Control

Application ProvenanceEncryption Isolation

7

Traditional Access Controls


8

Traditional Access Control

iOS• Password and passcode locking mechanisms

• Touch ID

• Device self-wipe capabilities

• Lockout of internal memory if not unlocked

• Memory is soldered to PCB


9

Traditional Access Control

Android• Starting with 2.x, password, passcode, and

pattern locking mechanism, • 4.0 introduced facial recognition

• Other locking methods include fingerprint readers and pictures.

• Lockout of internal memory if not unlocked

• SD card removable


10

Data Encryption


12

Data Encryption

iOS• Hierarchy of encryption keys:• Passcode Key• Hardware Keys: Unique ID (UID) and device group ID (GID)

– AES 256-bit keys– Built Into Hardware and not directly accessible

• File System Key– Generated Randomly and stored in Flash Memory– Used to encrypt File Metadata

• Per File Key– Encrypted by Class Key for file’s encryption class– Encrypts contents of files on disk


13

Data Encryption

iOS• Encryption Classes

– Complete Protection• Only Decryptable when unlocked, unusable

when locked– Protected Unless Open

• Uses Asymmetric Elliptic Curves (it’s complicated)

– Protected Until First User Authentication• Similar to FDE

– No Protection• Only protected by UIDComputer and Information

Sciences

Trevor

14

Data Encryption

iOS• Effaceable Storage

– Low Level access to storage for secure wiping

– Used to erase File System Key


15

Data Encryption

iOS• Secure enclave

– Securely process fingerprints– Is given the key to decrypt the complete

protection data class when locked.– Separate and directly inaccessible to OS


16

Data Encryption

Android• Some data encryption present• Android 3.x “Honeycomb” and above

support full filesystem encryption (AES128 CBC & ESSIV:SHA256)

• SD card encryption is not supported on any version in AOSP

• Device Manufacturers Can implement this themselves


17

Data Encryption

Android• Samsung Knox:

– Brings android closer to iOS– Supports AES-256 encryption of internal

storage and SD cards


18

Permissions-based Access Control



19


• After an app is installed, it has access to all permitted resources of that device

• It can perform any kind of malicious operation using the permissions provided

20


iOS• Each app is given only certain permissions by

iOS

• Once installed, user has granted app access to any of the devices resources

• Apps can use most resources without additional permission

• May access things they don’t need

• Does not require permission of the userComputer and Information Sciences

21


Android• Follows Capability-Based Security Model

• App must request specific permissions from OS before access

• User sees what is being requested and must grant permission before app is installed

• Once app is granted permission, it could perform malicious activity using those permissions


22


Android vs. iOS

• Android allows more access to the system than iOS does

• Android only gives explicit permissions to apps while apps installed on iOS can perform any operation as defined by the OS


23

Default App Permissions: Android vs. iOS


Internet

Address Book

iOS

Calendar

Device UID

Read SD Card

Android

Phone Number

Music/Video Files

Safari Search History

Auto-Complete

YouTube History

WiFi Connection Logs

Mic and Video Camera

List of Installed Apps

Launch An Installed App

24

Requestable App Permissions: Android vs. iOS


Location (GPS)

Push Notifications

iOS

Make Phone Call

Send SMS/MMS

Fine Location (GPS)

Android

Coarse Location (Network) Internet

SMS/MMS Send/Receive Calendar Address Book

Music/Video/Picture

SD Read/Write

Make and Terminate Calls

Access Device Logs

Obtain Task List

Make Bluetooth Connections

Prevent Phone From Sleeping

Record Audio

Manage Accounts

Control NFC

25

Which is Legitimate?


AndroidOS.FakePlayer

Legit Video Player

26

Application Provenance


27


iOS• Robust signing system

• Apple provides digital certificate only to those who register

• $100 per year

• Thorough analysis of apps, takes weeks


28


Android• Not a robust signing system

• Anonymous signing certificates can be made without oversight from Google

• Allows legitimate applications to be repackaged after adding malware

• Although not signed with the same signature, they will be signed, and can be distributed on the web.


29

Isolation


30

ProgrammingiOS: • All apps are Objective-C or Swift

Android: • Apps run in Dalvik JVM

• Android does not use that as main form of isolation as not all code run in the VM

• Most web browsers use significant amounts of native code


31

Isolation

iOS• Sandboxed

– Own home directory– Must use APIs to access or modify system

settings– Cannot communicate with other apps

directly– Nothing runs as root except kernel


32

Isolation

iOS• Declared Entitlements

– Digitally signed– Allow extra permissions– Alternative to running as root


33

Isolation

Android• Sandboxing

– Uses native Linux user-based permissions model

– Each app is it’s own user– Secured by the Linux kernel itself


34

Isolation

Android• Samsung Knox:

– Further separates applications– Prevents access to Android APIs– Reduces API set allows data in, but not

out


35

Jailbreaking, Rooting, and Exploits


36


iOS• Jailbreaking: Uses exploits (buffer overflows

among other things) to allow unsigned code to run

Android• Rooting: Uses exploits (usually buffer

overflows) to load a su binary (usually harder than it sounds) to allow apps to run with elevated privileges


37


The Point: Although the uses for the exploits are usually beneficial for the user, their existence represents flaws in OS’s that can be leveraged by malicious apps.


38

Jailbreaking and Rooting

Advantages:• The (hacking) community can push out

patches for other exploits faster than the manufactures (iOS PDF)

• Finer control over the system


39

Jailbreaking and Rooting

Disadvantages:

• May cause security vulnerabilities

• May “brick” the device

• May void the warranty


40

After running the exploits, the device may become vulnerable in other ways

(iPhone.Ikee)


41

Summary

• Both have Strong Isolation• iOS’s Permission system is static, but due to vetting process

harder for apps to abuse them.• Android’s Permission system is flexible, but requires user

vigilance.• Both have Strong Traditional access controls• Both have encryption on recent versions, however android

2.x versions don’t have any and 3.x+ encryption pales compared to iOS

• Apple has a stronger vetting process, but also takes longer for app updates

• Android has weaker vetting process, but updates get pushed out almost immediately Computer and Information

Sciences

42Computer and Information

Sciences

xkcd,com

Documents

A Comparison of Android and iOS Security Models