Android or iOS is one of the biggest decisions you’ll make for your company, especially regarding security. Here are the latest security updates from both ecosystems.
Major players in the mobile market have been making leaps and bounds over the past few years in order to position themselves as enterprise-ready. But, no matter how many updates the user experience gets, or what cool new features are added, security remains the ultimate battleground for enterprise mobility.
Nowhere is this seen more clearly than in the two leading mobile ecosystems — Apple’s iOS and Google’s Android. Both are fresh from their annual developer events, bringing new approaches to security along with a host of new features.
According to Gartner analyst Dionisio Zumerle, mobile security is in a “relatively good place today.” The biggest reason, he said, is that mobile platforms were built from the ground up, with the existing knowledge of the previous few decades of personal computing. Security mechanisms such as app sandboxing, app store distribution, and user permissions are getting stronger.
Still, cyberattackers are getting more sophisticated as well. as example Stagefright vulnerability and xCodeGhost. However, both Apple and Google have recognized this shift and are taking steps to mitigate the additional risk.
They are actively working against motivated and capable adversaries who are attempting to identify and exploit vulnerabilities in their mobile offerings. Both Google and Apple now are accelerating efforts to enhance security, including the integration of third-party offerings and enforced use of leading security practices.
Both parties are addressing security, but their approaches are different.
The biggest mobile security news of the past year concerned the iPhone and Apple’s approach to security. When Apple refused to unlock an iPhone 5C for the FBI, the conversation around its encryption practices moved center stage.
Apple’s iOS devices are known for their strong security, partly because Apple controls the entire device ecosystem — hardware, firmware, and software. It also relies on strong encryption practices throughout the platform. In response to the FBI requests to unlock an iPhone, Apple reportedly strengthened its encryption around iCloud and hardware to make it even harder to hack.
Apple is working hard to ensure it can demonstrate that it’s constantly trying to improve security to its global constituency while it’s under scrutiny by the US and other Governments to provide methods to circumvent their capabilities
Recently, at Apple’s 2016 WWDC event, the company announced that it would require the use of its App Transport Security (ATS) feature in all apps by January 1, 2017. This would essentially force all app traffic to run through encrypted HTTPS connections from now on.
In realizing Android’s business potential, Google has also made a plethora of changes to its mobile OS recently to beef up its security. Google has worked hard to rid its app stores of harmful apps. The improved hardware-backed security functionality, which leverages ARM’s TrustZone, is one of the most important security-related Android updates.
Google also recently announced automatic security updates for Android, which makes it quicker and easier to patch applications. Android N will also be getting a new update system, similar to Chrome OS, where apps will be patched in the background. Changes have also been made to its app permissions model, making it more granular.
An app that asks for a specific permission at the point when it needs that permission to perform a user-invoked action is more likely to be trusted by the user. Also, the user may by that time have been using the app for a while, and might have started to trust it.
Android will always be limited in its capabilities because of a lack of control of its potential integrations. That, and the additional issue of fragmentation, can make it difficult for users to access the newest updates.
Feel free to contact E-SPIN for mobile monitoring, and mobile security solution.
To know more about Mobile Security, please click on the link below.