Home / Blog / Comparative study of mobile architectures

Comparative study of mobile architectures

Posted on 05/31/2016, by Asier Martínez (INCIBE)
Balance

The following article shall outline the most significant technical specifications of the main mobile platforms. Accordingly, the 4 most widely used mobile platforms are going to be taken into account based on their market share: Android, iOS, Windows Phone and BlackBerry OS, with a global distribution as follows:

 

Share in Unit Shipments

Table

The parameters used in order to carry out the comparative survey are as follows:

General

  • Processor architecture.
  • Kernel architecture.
  • Type of licence.
  • Operating system file system.
  • Executables format.
  • Application package file format.

Directly related to security

  • External storage file system.
  • Languages used to develop the applications.
  • Application distribution method.
  • Application signature.
  • Update distribution method.
  • Update responsibility.
  • Backup policy.
  • Approximate validity period of update software.
  • Own software implemented by manufacturers.
  • Fragmentation.
  • Vulnerabilities reported in 2015.
  • Critical vulnerabilities reported in 2015.

Architecture

Storage

Responsibility

Fragmentation

These are all fundamental issues when it comes to a whole host of decision-making processes, such as whether we should choose a platform on which a security policy for mobile device deployment in a corporate environment will be based in accordance with the requirements of the system itself or whether we should assess the possibility of implementing Mobile Device Management (MDM) to cover specific requirements.

In relation to the first example, and taking into account the aspects compared, the following conclusions can be drawn:

  • iOS does not allow external storage systems which, despite being an issue in terms of user experience, in terms of security it is an important aspect.
  • iOS does not enable other manufacturers to install additional software on the operating system, which significantly reduces the risk of a user being exposed to security failures with third party applications that are not going to be used and cannot be uninstalled.
  • Android enables applications from alternative markets to be installed, which poses a significant risk as they do not pass the Bouncer controls, the Google Play application analysis and validation system.
  • Android does not require developer accounts like the other platforms, which leads to a certain degree of instability and can lead to users being deceived.
  • The validity period of the iOS update software is somewhat longer than the other platforms, which gives the device a longer life as it is protected for longer.
  • Android’s backup policy is less complete and therefore requires the use of third party software.
  • The fact that with iOS solely Apple is responsible for the operating system updates, significantly reduces fragmentation and improves protection against exposed faults, which is not the case with the other platforms since the final responsibility of the update lies with the manufacturer who very often does not publish it. In this regard, both the FTC (Federal Telecommunications Commission) and the FCC (Federal Commerce Commission) in the United States have opened separate investigations into the update process carried out by mobile device manufacturers. The reason for these investigations is mainly the significant increase in attacks against user security via these types of platforms and the large amount of personal data that are normally stored on mobile devices.
  • iOS is the mobile operating system with the highest number of vulnerabilities reported in 2015. However, Android has the highest percentage of critical vulnerabilities.
  • Furthermore, it is important to bear in mind that all the platforms implement data encrypting as a preventive measure, although this feature is questionable with Blackberry.