Security deficiencies in the architecture and overview of Android and iOS mobile operating systems

Abstract

Mobile operating systems provide a layer with which users exclusively interact. Despite the simplicity of the Graphical User Interface (GUI), the underlying architecture exhibits a high level of complexity, opening attack vectors for adversaries and necessitating security precautions comparable to desktop stations. Developers are aware of the extensive threat potential that small form-factor devices represent and safeguards are deployed to counter the emergence of malicious mobile software. This article details security architecture and proceeds and provides to an overview of the Android and iOS (IOUS) mobile operating systems from a security standpoint, selected on the basis of their opposing approaches to openness and any third-party customizations that users are allowed to perform. The first part provides a brief overview of both systems' system architectures, while the second part presents notable security and reverse engineering milestones. The third part provides recommendations on the safer use of mobile devices, which are extensively discussed. We argue that by practicing proper security hygiene, both existing and novel threats can be mitigated at the user level.