Mobile Device Security: Data Protection on iOS and Android
Mobile device security is an important consideration in the digital age, given the high amount of time many of us spend using phones and tablets to conduct personal and corporate business. You may already know that you can turn your own Android device into a hacking machine by using termux for windows, but this just goes to show how careful you need to be. If you can do that by downloading some software, imagine what professional hackers can do to access your personal data. Android and iOS devices employ various security measures to keep data safe. If you use a mobile phone for business use, it might be in your best interest to invest in Mobile Threat Defense beyond the built in systems for extra security.
In this post we compare two security methods used on both devices: data encryption and data accessibility. We’ll wrap up with recommendations for steps you can take to protect your data and improve your mobile device security.
Encryption is the process of encoding user data on a device using encryption keys, and it is the primary method by which mobile device security is achieved. After initial encryption, user-created data is automatically encrypted before being saved locally on your device. Encryption ensures that your data will be unreadable if any unauthorized party tries to access it.
After an Android device is initially encrypted, data stored on the device is secure behind the passcode known only to the owner. Android uses both full-disk encryption and file-based encryption. Full-disk encryption uses a single key, protected with the user’s device password, to protect the entirety of the data on the device. Upon start up, the user must provide their credentials before any part of the disk is accessible. File-based encryption is separate from this, and allows different files to be encrypted with different keys that can be unlocked independently. Information about these two types of encryption (and more) can be found on Android’s Source.
With the introduction of Android 5.0 Lollipop in 2014, the default setting for encryption was turned on, but phone makers were not required by Google to enable encryption as the default. That changed in 2015 when Android 6.0 Marshmallow was released. At that time, Google required device manufacturers to enable encryption as the default, but they also allowed some manufacturers to disable this feature for devices that couldn’t handle the workload. In addition, each phone manufacturer can modify the look of Android by adding or removing features, which may introduce bugs or security vulnerabilities in the process. As a result, due to the number of Android device makers and different requirements for some, security can be compromised.
For iOS, you can choose to encrypt the contents of your phone, tablet, or watch by adding a passcode to the device. With the release of iOS 8 in 2014, Apple began encrypting iOS devices, making items stored on the phone inaccessible to anyone without the device’s passcode. Apple took mobile device security one step further by requiring multiple pieces of information to unlock data stored within the device. One piece, the passcode, is known only by the device owner and the other is embedded inside the device and unknown to anyone. Technical information about iOS security can be found on the most recent iOS Security white paper.
As it pertains to mobile device security, the concept of data accessibility refers to whether the data saved on your device is accessible to other apps. Android and iOS approach this accessibility a bit differently.
Each Android app is housed in a virtual sandbox that keeps personal data safe. Apps are able to access photos and location only if owners give permission. However, app data is sometimes saved external to the app and may be accessible by other apps, creating a potential security concern.
Data can be saved in three ways for Android apps: internal storage, external storage, or by a content provider. Files created on internal storage are accessible only to the app and Android implements this protection, which is sufficient, for most apps. Additional security can be provided by encrypting local files using a key that is not accessible to the app through file-based encryption. Files created on external storage, such as SD cards, are globally readable and writable and therefore sensitive information should not be stored there. Content providers (e.g. services like Dropbox) offer structured storage that can be limited to one app or exported to allow access by other apps.
In Android, app developers are able to programmatically query device information, including the device phone number. Apps can request permission to allow read access to your phone’s information, and can then use this permission to monitor the call status of your device, for example, to behave correctly when you receive an incoming call. However, this permission also enables apps to have access to your phone’s identifying information, such as IMEI, phone number, and cellular network information.
Like Android, every app on an iOS device runs in its own sandbox. App Sandbox is designed to contain damage to the system and the user’s data if an app becomes compromised. The app has access only to its own data and code, and as far as it knows, it’s the only thing running on that device. Well-defined protocols exist to exchange data between apps on an iOS device, but both apps have to agree, and a specific conversation has to happen between the apps for the data to be transferred securely.
Apple controls the underlying device infrastructure and does not hand any of this control over to developers. iOS blocks apps from reading phone number or device identification from the device. This control is a major difference between iOS and Android. At InspiringApps, we have occasionally received requests to develop an app that will change the behavior of another app, such as iMessage, which is impossible to do with iOS.
The steps that Apple has taken should give users comfort that they are running apps from known developers and that those developers have created apps that play by the rules on the platform.
Check the encryption status of your device by opening the Settings app and selecting Security. The Encryption section will contain the encryption status of your device. If it is not encrypted, find a time when you do not need your device for about an hour, then tap the option to encrypt it. Depending on your device model and data, it may take up to an hour to encrypt your device. In addition, keep your OS up-to-date as security enhancements are included in new OS releases.
Set up Touch ID & Passcode under Settings. Use an alphanumeric passcode containing at least six digits. The longer password is more time-consuming to enter, but with Touch ID enabled, you will not have to enter it too often. Keep your OS up-to-date. Apple will remind you regularly when a new version is available to install.
Interested in learning more about data security and protecting your personal information? Over the past month we’ve discussed several ways to protect your privacy in the digital age. Check out our post on the practice of behind-the-scenes data tracking (and how to opt out if you desire), as well as the post on protecting personal information you pro-actively provide.
Let’s build something together
If you’re looking to build a custom application, there are many different questions to ask an iOS app development company. Still, one of the most common questions we receive about the development process is whether we recommend building both iOS and Android versions of an app simultaneously or just one at a time. And if app development for each platform occurs at different times, should iOS development or Android development come first? We touch on this question in Chapter 3 of our book InspiringApps: A Business Perspective on Building Mobile Apps, but we will provide more insight on this debated topic here. Should we develop iOS & Android at the same time? When feasible in mobile app development, we recommend picking a single platform to start with rather than developing for both simultaneously. You may not have that luxury if you’re developing an app to release to consumers who all need to have the mobile app at the same time—perhaps in conjunction with a film or other product release. If it’s possible, though, we think one at a time in the development process is better because it will enable you to learn from your customers on the first platform. Unless a mobile app is extremely simple, it will go through several iterations before it offers the desired experience. Trying to manage learnings across both iOS devices and Android devices is cumbersome. Instead, the feedback and refinements from the first platform can be leveraged to speed mobile app development on the second platform, saving both time and money in producing across mobile devices. What factors should we consider in picking an OS? When advising customers whether to focus on Android development or iOS app development first, we consider these factors to help guide the decision. Industry & Demographics You may find an industry bias for operating systems (OS) that affects your project. For instance, we found iOS devices more prevalent in medical applications, while Android app development seems more prevalent in construction. If you don’t have industry insight, try checking your website’s analytics to determine user platforms. Trends might help decide what type of platform may be best suited. You can also use sites similar to Mixpanel to discover applications and software that would be more suited to that platform. If one platform is used far more than the other, you know a preference exists and should develop accordingly. Likewise, depending on the market you are serving, you may also find that age-related differences affect whether you should focus on iOS app development or Android app development first. Market Share For app developers who intend to produce mobile applications for the general public and do not know the OS preference of their target audience, these market considerations may provide some guidance: In the United States, the market share of both iOS and Android has stayed just about constant over the past year, hovering at or around 60% and 40%, respectively. In Europe, the UK, Asia, and many other countries, Android has had a higher market share than iOS. Android maintained its lead in global market share capturing around 70% in August of 2022. Android devices have captured most of the global market share for many years. Google provides free, open-source software that manufacturers can install on their smartphone devices. Because of the large number of Android users and the lower cost of Android devices to consumers, Android developers are at an advantage in many markets. Unquestionably, Android is the world’s most popular smartphone OS. However, Apple has a powerful brand, particularly in the US, where Apple's ecosystem, stable OS, and device durability enable iOS to keep large numbers of active and premium smartphone users. OS Adoption Rates & Upgrade Complexity Apple has a remarkable track record of getting iOS users to upgrade to current versions of its OS, whereas Android adoption is much slower: As of May this year, 89% of users are on the current iOS. As much as 60% of users keep older versions of Android on their phones. Apple handles the distribution of its iOS updates exclusively. Developing for and supporting a smaller number of OS versions on Apple devices leads to quicker builds, faster testing, and more straightforward support in the long run for iOS developers. Google only gives direct updates to its products, like the Pixel series. Other manufacturers like Samsung must first get the update from Google and optimize it for Android devices before they can send it to Android users. Some mobile carriers also go through updates before distribution, too. Android developers may have to deliver more app fixes as a result. Speed & Ease of Development & Publishing Speed and ease of development and publishing are not as cut and dry in terms of pros and cons. Android pros include: The Android platform enables a more flexible development environment. Because Windows, Mac OS, and Linux all support Java—which Android relies on—Android developers can build Android apps on various machines. Google Play allows developers to publish multiple versions of the same app (alpha and beta) to ensure developers can test the app live, fix bugs, and launch it to a broader audience. However, developing and maintaining apps is generally more time-consuming for Android than for iOS: Whereas iOS developers build for a limited type of device (iPhone, iPad, and Apple Watch), Android accessibility to a wide range of devices means more devices to test and support. Google has become less lenient and more time-consuming towards apps that developers want to post on Google Play, narrowing the line between ease of publishing on Google Play vs. the App Store. And through TestFlight, Apple does support previewing versions of an app with up to a thousand beta testers before releasing it for wide distribution in the Apple App Store. Development Cost & Profit Opportunities Cost and profit will vary depending on the type and complexity of the app you’re developing; still, Android apps are generally more expensive to create than iOS apps are for iPhones. Overall, Android users tend to favor free apps and spend less on in-app purchases than iOS users, which can lead to higher sources of profit on iOS, not accounting for market differences. Should we develop for iOS or Android first? If you’ve considered all the above factors, and neither platform is the clear winner, we’d recommend starting with iOS for a US-focused app. Our reasons are speed to market, lower development cost, and revenue generation potential. Please contact us if you’d like to discuss your particular situation or have other questions on this topic. We’d love to hear from you.
in 6 hours
Boulder, CO—InspiringApps, a premier web and mobile app development company, is proud to be Certified™ by Great Place to Work® for the second year in a row. The prestigious award is based entirely on what current employees say about their experience as part of InspiringApps’ team. This year, 92% of employees said it’s a great place to work—35% higher than employees at a typical US-based company. InspiringApps recently celebrated its 15th birthday. Over the years, its leaders have rolled out various initiatives to boost employee engagement and retention. Listening to employee feedback is a big part of that. For example, team feedback as a result of last year’s Great Place to Work survey created IA Commits, pairing inspiring not-for-profit clients with developers who can use a hand-up early in their software career. “InspiringApps wouldn’t be what it is today without our amazing people,” said Brad Weber, CEO and President of InspiringApps. “InspiringApps is better because of the people who work here. We are all passionate about our craft and united in our goal to make a real difference in the world.” According to Great Place to Work research, job seekers are 4.5 times more likely to find a great boss at a Certified great workplace. Additionally, employees at Certified workplaces are 93% more likely to look forward to coming to work and are twice as likely to be paid fairly, earn a fair share of the company’s profits, and have a fair chance at promotion. “Great Place to Work Certification™ isn’t something that comes easily—it takes ongoing dedication to the employee experience,” said Sarah Lewis-Kulin, Vice President of Global Recognition at Great Place to Work. “It’s the only official recognition determined by employees’ real-time reports of their company culture. Earning this designation means that InspiringApps is one of the best companies to work for in the country.” About InspiringApps App development that makes an impact. InspiringApps builds digital products that help companies impact their employees, customers, and communities. Yes, we build web, mobile, and custom apps, but what we offer is something above and beyond that. What we offer is inspiration. Our award-winning work has included 200+ apps since the dawn of the iPhone. Our core values: integrity, respect, commitment, inclusivity, and empathy. Our guarantee: finish line, every time, for every project. About Great Place to Work® Certification™ Great Place to Work® Certification™ is the most definitive “employer-of-choice” recognition that companies aspire to achieve. It is the only recognition based entirely on what employees report about their workplace experience—specifically, how consistently they experience a high-trust workplace. Great Place to Work Certification is recognized worldwide by employees and employers alike and is the global benchmark for identifying and recognizing outstanding employee experience. Every year, more than 10,000 companies across 60 countries apply to get Great Place to Work-Certified. About Great Place to Work® Great Place to Work® is the global authority on workplace culture. Since 1992, they have surveyed more than 100 million employees worldwide and used those deep insights to define what makes a great workplace: trust. Their employee survey platform empowers leaders with the feedback, real-time reporting, and insights they need to make data-driven people decisions. Everything they do is driven by the mission to build a better world by helping every organization become a great place to work For All™. Learn more at greatplacetowork.com and on LinkedIn, Twitter, Facebook, and Instagram.
18 hours ago