Comparative analysis of Android and iOS from security viewpoint

Abstract Smartphone usage has increased exponentially in the recent years. Android and iOS are the most popular smartphone platforms, while the ease of use along with the computational power to handle a wide array of applications attracts millions of users worldwide, also raises the security concerns on these platforms. This paper presents a comparative analysis between Android and iOS on a wide range of security aspects. It analyzes data for the period 2015-2019 and gives a detailed snapshot of not only the quantum of vulnerabilities, but also their impact. In addition, the paper leverages the well-established security triad i.e. CIA (Confidentiality, Integrity, Availability) to compare both the operating systems. The comprehensive and pragmatic approach taken in the paper makes it easier to infer that Android is more susceptible to security breaches and malware attacks as compared to iOS. Hence, researchers should divert their efforts and focus on finding solutions to problems pertaining to Android. The paper concludes by laying down future research directions and scope of work, which can be leveraged not only by application developers, but also by researchers. This will help make Android safer for users and will further increase its demand as a mobile operating system.

[1]  Patricia A. Morreale,et al.  Comparing Android App Permissions , 2016, HCI.

[2]  Niyati Baliyan,et al.  Data on Vulnerability Detection in Android , 2019, Data in brief.

[3]  Joseph G. Davis,et al.  EVALUATION OF THE SMARTPHONE PLATFORMS A CASE STUDY WITH ANDROID, iOS AND WINDOWS PHONES , 2015 .

[4]  Sangho Lee,et al.  Assessment of malicious applications using permissions and enhanced user interfaces on Android , 2013, 2013 IEEE International Conference on Intelligence and Security Informatics.

[5]  Niyati Baliyan,et al.  A novel parallel classifier scheme for vulnerability detection in Android , 2019, Comput. Electr. Eng..

[6]  Aniello Cimitile,et al.  Talos: no more ransomware victims with formal methods , 2018, International Journal of Information Security.

[7]  Jeong Hyun Yi,et al.  Structural analysis of packing schemes for extracting hidden codes in mobile malware , 2016, EURASIP J. Wirel. Commun. Netw..

[8]  S. SubrahmanianV.,et al.  A Data-driven Characterization of Modern Android Spyware , 2020 .

[9]  Ahmed Raza Rajput,et al.  A Survey on Smartphones Security: Software Vulnerabilities, Malware, and Attacks , 2020, ArXiv.

[10]  Seung-Hyun Seo,et al.  A Strengthened Android Signature Management Method , 2015, KSII Trans. Internet Inf. Syst..

[11]  Yan Zhu,et al.  Tap-Wave-Rub: Lightweight Human Interaction Approach to Curb Emerging Smartphone Malware , 2015, IEEE Transactions on Information Forensics and Security.

[12]  Steven Salerno,et al.  Exploration of Attacks on Current Generation Smartphones , 2011, ANT/MobiWIS.

[13]  Jonathan Zdziarski Identifying back doors, attack points, and surveillance mechanisms in iOS devices , 2014, Digit. Investig..

[14]  S. Sibi Chakkaravarthy,et al.  A Survey on malware analysis and mitigation techniques , 2019, Comput. Sci. Rev..

[15]  Niyati Baliyan,et al.  Android Malware Classification using Ensemble Classifiers , 2021 .

[16]  Carol J. Fung,et al.  A Survey of Android Security Threats and Defenses , 2015, J. Wirel. Mob. Networks Ubiquitous Comput. Dependable Appl..

[17]  Ping Yan,et al.  A survey on dynamic mobile malware detection , 2017, Software Quality Journal.

[18]  Ahmad-Reza Sadeghi,et al.  PSiOS: bring your own privacy & security to iOS devices , 2013, ASIA CCS '13.

[19]  Linxi Zhang Smartphone App Security: Vulnerabilities and Implementations , 2018 .

[20]  Miss Laiha Mat Kiah,et al.  Comprehensive review and analysis of anti-malware apps for smartphones , 2019, Telecommunication Systems.

[21]  Hong Wang,et al.  Enhancing data security of iOS client by encryption algorithm , 2017, 2017 IEEE 2nd Advanced Information Technology, Electronic and Automation Control Conference (IAEAC).

[22]  Rakesh Kumar,et al.  On cloud security requirements, threats, vulnerabilities and countermeasures: A survey , 2019, Comput. Sci. Rev..

[23]  Tor-Morten Grønli,et al.  Mobile Application Platform Heterogeneity: Android vs Windows Phone vs iOS vs Firefox OS , 2014, 2014 IEEE 28th International Conference on Advanced Information Networking and Applications.

[24]  Shivi Garg,et al.  Analysis of software vulnerability classification based on different technical parameters , 2019, Inf. Secur. J. A Glob. Perspect..

[25]  Thomas Zefferer,et al.  Mobile Device Encryption Systems , 2013, SEC.

[26]  Ahmad-Reza Sadeghi,et al.  Privilege Escalation Attacks on Android , 2010, ISC.

[27]  Victor Chang,et al.  Mobile malware attacks: Review, taxonomy & future directions , 2019, Future Gener. Comput. Syst..

[28]  Heloise Pieterse,et al.  Detecting Manipulated Smartphone Data on Android and iOS Devices , 2018, ISSA.

[29]  Chetna Gupta,et al.  Comparison of Static and Dynamic Analyzer Tools for iOS Applications , 2017, Wirel. Pers. Commun..

[30]  Angelina Geetha,et al.  Detection of Vulnerabilities Caused by WebView Exploitation in Smartphone , 2017, 2017 Ninth International Conference on Advanced Computing (ICoAC).

[31]  Michael Lutaaya Rethinking App Permissions on iOS , 2018, CHI Extended Abstracts.

[32]  Matthew Smith,et al.  Evaluating the threat of epidemic mobile malware , 2012, 2012 IEEE 8th International Conference on Wireless and Mobile Computing, Networking and Communications (WiMob).