SlideShare a Scribd company logo

iOS and Android security: Differences you need to know

NowSecure, profile picture
NowSecure

The document discusses the differences between iOS and Android security, highlighting the vulnerabilities in mobile apps that leak sensitive data, beyond just malware. It details NowSecure's automated mobile app security testing solutions and the challenges organizations face in mobile app testing. Additionally, it provides insights into platform security changes and statistics on security practices among top free iOS and Android apps.

Technology
Related topics:
Mobile Security Insights
1 of 9
Downloaded 12 times
1
2
3
4
5
6
7
8
9
© Copyright 2016 NowSecure, Inc. All Rights Reserved. Proprietary information. iOS and Android Security: Differences You Need to Know August 22, 2016 | Security By Design Meetup
David Weinstein Director of Research @insitusec ● 10+ years of cybersecurity experience ● Former senior engineer at MITRE Email: dweinstein@nowsecure.com © Copyright 2016 NowSecure, Inc. All Rights Reserved. Proprietary information.
© Copyright 2016 NowSecure, Inc. All Rights Reserved. Proprietary information. NowSecure: Forged in mobile from day one Top engineers and researchers OSS authors of Radare, Frida, Santoku Linux, and Android VTS Disclosed Samsung keyboard vulnerability Impacting 650M+ devices worldwide Regular speaking appearances Black Hat USA, RSA Conference, OWASP AppSec USA & more 100+ customers From banking, healthcare, tech, government & more Founded in Oak Park, IL With a strong background in forensics & enterprise security 2009
© Copyright 2016 NowSecure, Inc. All Rights Reserved. Proprietary information.. Risk extends deeper than what’s on the surface What everyone is focused on: malware The real security problem extends much deeper: Mobile apps leaking sensitive data
© Copyright 2016 NowSecure, Inc. All Rights Reserved. Proprietary information. Mobile app security testing ● Fully automated static and dynamic analysis with results in minutes ● Analysis for iOS and Android performed on real devices ● Scalability and consistency via Cloud-based solution
© Copyright 2016 NowSecure, Inc. All Rights Reserved. Proprietary information. Problems we address: So you can succeed in testing mobile apps 1 Teams are overwhelmed with mobile app testing 2 Static testing returns too many false positives 3 Organizations lack a process for mobile
© Copyright 2016 NowSecure, Inc. All Rights Reserved. Proprietary information. Platform Security - Year In Review Differential Privacy Lock Screen Widgets ` image3/image4 no longer enc. Personal ID Codesigning App Transport Security Keychain ACLs, TouchID canOpenUrl changes Hardened Webkit usesCleartextTraffic SE Android Enforcing, Breaking Apps Instant Apps Verified Boot networkSecurityConfig “Project Svelte” Runtime Permissions FS Permissions Apple Android
© Copyright 2016 NowSecure, Inc. All Rights Reserved. Proprietary information. Quick Stats Top 50 free iOS apps: - 80% using NSAllowsArbitraryLoads - 34% using NSExceptionDomains - 0 using MinimumTLSVersion exception Top 50 free Android apps: - Only Chrome using networkSecurityPolicy, services with isolatedProcess - None leaving debuggable flag enabled - 66% set allowBackup true
© Copyright 2016 NowSecure, Inc. All Rights Reserved. Proprietary information..

More Related Content

PDF
The fundamentals of Android and iOS app security
NowSecure
 
PDF
How to make Android apps secure: dos and don’ts
NowSecure
 
PDF
Five mobile security challenges facing the enterprise
NowSecure
 
PDF
Shifting left: Continuous testing for better app quality and security
NowSecure
 
PDF
Mobile Penetration Testing: Episode II - Attack of the Code
NowSecure
 
PDF
Mobile Penetration Testing: Episode 1 - The Forensic Menace
NowSecure
 
PDF
OWASP Mobile Top 10
NowSecure
 
PDF
5 Ways to Protect your Mobile Security
Lookout
 
The fundamentals of Android and iOS app security
NowSecure
 
How to make Android apps secure: dos and don’ts
NowSecure
 
Five mobile security challenges facing the enterprise
NowSecure
 
Shifting left: Continuous testing for better app quality and security
NowSecure
 
Mobile Penetration Testing: Episode II - Attack of the Code
NowSecure
 
Mobile Penetration Testing: Episode 1 - The Forensic Menace
NowSecure
 
OWASP Mobile Top 10
NowSecure
 
5 Ways to Protect your Mobile Security
Lookout
 

What's hot (20)

PDF
2015 Cybersecurity Predictions
Lookout
 
PDF
Debunking the Top 5 Myths About Mobile AppSec
NowSecure
 
PPTX
How Healthcare CISOs Can Secure Mobile Devices
Skycure
 
PPTX
Accessibility Clickjacking, Devastating Android Vulnerability
Skycure
 
PPTX
How to Add Advanced Threat Defense to Your EMM
Skycure
 
PDF
Case Closed with IBM Application Security on Cloud infographic
IBM Security
 
PDF
Xamarin security talk slideshare
Marcus de Wilde
 
PDF
Mobile hacking, pentest, and malware
Ammar WK
 
PDF
The New NotCompatible
Lookout
 
PDF
Mobile App Hacking In A Nutshell
Prathan Phongthiproek
 
PDF
Android Security Development
hackstuff
 
PDF
Patches Arrren't Just for Pirates
webnowires
 
PDF
OSS Tools: Creating a Reverse Engineering Plug-in for r2frida
NowSecure
 
PDF
Cybersecurity Fundamentals for Bar Associations
NowSecure
 
PPTX
Three Secrets to Becoming a Mobile Security Superhero
Skycure
 
PDF
Jump-Start The MASVS
Prathan Phongthiproek
 
PDF
Mobile Hacking
Novizul Evendi
 
PPTX
Web Application Security
sudip pudasaini
 
PDF
How To [relatively] Secure your Web Applications
Ammar WK
 
PDF
Malware on Smartphones and Tablets - The Inconvenient Truth
AGILLY
 
2015 Cybersecurity Predictions
Lookout
 
Debunking the Top 5 Myths About Mobile AppSec
NowSecure
 
How Healthcare CISOs Can Secure Mobile Devices
Skycure
 
Accessibility Clickjacking, Devastating Android Vulnerability
Skycure
 
How to Add Advanced Threat Defense to Your EMM
Skycure
 
Case Closed with IBM Application Security on Cloud infographic
IBM Security
 
Xamarin security talk slideshare
Marcus de Wilde
 
Mobile hacking, pentest, and malware
Ammar WK
 
The New NotCompatible
Lookout
 
Mobile App Hacking In A Nutshell
Prathan Phongthiproek
 
Android Security Development
hackstuff
 
Patches Arrren't Just for Pirates
webnowires
 
OSS Tools: Creating a Reverse Engineering Plug-in for r2frida
NowSecure
 
Cybersecurity Fundamentals for Bar Associations
NowSecure
 
Three Secrets to Becoming a Mobile Security Superhero
Skycure
 
Jump-Start The MASVS
Prathan Phongthiproek
 
Mobile Hacking
Novizul Evendi
 
Web Application Security
sudip pudasaini
 
How To [relatively] Secure your Web Applications
Ammar WK
 
Malware on Smartphones and Tablets - The Inconvenient Truth
AGILLY
 
Ad

Similar to iOS and Android security: Differences you need to know (20)

PDF
5 Mobile App Security MUST-DOs in 2018
NowSecure
 
PDF
Mobile App Security Predictions 2019
NowSecure
 
PDF
Building a Mobile App Pen Testing Blueprint
NowSecure
 
PDF
Android Q & iOS 13 Privacy Enhancements
NowSecure
 
PDF
How to scale mobile application security testing
NowSecure
 
PDF
Vetting Mobile Apps for Corporate Use: Security Essentials
NowSecure
 
PDF
85% of App Store Apps Fail OWASP Mobile Top 10: Are you exposed?
NowSecure
 
PDF
It's not about you: Mobile security in 2016
NowSecure
 
PDF
Mobile App Crashworthiness - Securing Vehicle-to-Device (V2D) Interfaces and ...
NowSecure
 
PDF
Security Best Practices for Mobile Development
Salesforce Developers
 
PDF
CASE STUDY - Ironclad Messaging & Secure App Dev for Regulated Industries
NowSecure
 
PDF
Challenges in Testing Mobile App Security
Cygnet Infotech
 
PDF
Unicom Conference - Mobile Application Security
Subho Halder
 
PPTX
Building a Mobile Security Program
Denim Group
 
PDF
Top OSS for Mobile AppSec Testing: The Latest on R2 and FRIDA
NowSecure
 
PDF
Preparing for the inevitable: The mobile incident response playbook
NowSecure
 
PDF
Android P Security Updates: What You Need to Know
NowSecure
 
PPTX
Security Imeprative for iOS and Android Apps
Symosis Security (Previously C-Level Security)
 
PDF
What attackers know about your mobile apps that you don’t: Banking & FinTech
NowSecure
 
PDF
Ios Application Security The Definitive Guide For Hackers And Developers Davi...
durresaiman
 
5 Mobile App Security MUST-DOs in 2018
NowSecure
 
Mobile App Security Predictions 2019
NowSecure
 
Building a Mobile App Pen Testing Blueprint
NowSecure
 
Android Q & iOS 13 Privacy Enhancements
NowSecure
 
How to scale mobile application security testing
NowSecure
 
Vetting Mobile Apps for Corporate Use: Security Essentials
NowSecure
 
85% of App Store Apps Fail OWASP Mobile Top 10: Are you exposed?
NowSecure
 
It's not about you: Mobile security in 2016
NowSecure
 
Mobile App Crashworthiness - Securing Vehicle-to-Device (V2D) Interfaces and ...
NowSecure
 
Security Best Practices for Mobile Development
Salesforce Developers
 
CASE STUDY - Ironclad Messaging & Secure App Dev for Regulated Industries
NowSecure
 
Challenges in Testing Mobile App Security
Cygnet Infotech
 
Unicom Conference - Mobile Application Security
Subho Halder
 
Building a Mobile Security Program
Denim Group
 
Top OSS for Mobile AppSec Testing: The Latest on R2 and FRIDA
NowSecure
 
Preparing for the inevitable: The mobile incident response playbook
NowSecure
 
Android P Security Updates: What You Need to Know
NowSecure
 
Security Imeprative for iOS and Android Apps
Symosis Security (Previously C-Level Security)
 
What attackers know about your mobile apps that you don’t: Banking & FinTech
NowSecure
 
Ios Application Security The Definitive Guide For Hackers And Developers Davi...
durresaiman
 
Ad

More from NowSecure (14)

PDF
iOS recon with Radare2
NowSecure
 
PDF
From Tangled Mess to Organized Flow: A Mobile DevSecOps Reference Architecture
NowSecure
 
PDF
Jeff's Journey: Best Practices for Securing Mobile App DevOps
NowSecure
 
PDF
A Risk-Based Mobile App Security Testing Strategy
NowSecure
 
PDF
iOS 12 Preview - What You Need To Know
NowSecure
 
PDF
5 Tips for Agile Mobile App Security Testing
NowSecure
 
PDF
Mobile Apps & Connected Healthcare: Managing 3rd-Party Mobile App Risk
NowSecure
 
PDF
Solving for Compliance: Mobile app security for banking and financial services
NowSecure
 
PDF
Leaky Mobile Apps: What You Need to Know
NowSecure
 
PDF
Cutting out the middleman: Man-in-the-middle attacks and prevention for mobil...
NowSecure
 
PDF
Delivering secure mobile financial services (MFS) - "Frictionless" vs diligence
NowSecure
 
PDF
Next-level mobile app security: A programmatic approach
NowSecure
 
PDF
How Android and iOS Security Enhancements Complicate Threat Detection
NowSecure
 
PDF
Mobile Penetration Testing: Episode III - Attack of the Code
NowSecure
 
iOS recon with Radare2
NowSecure
 
From Tangled Mess to Organized Flow: A Mobile DevSecOps Reference Architecture
NowSecure
 
Jeff's Journey: Best Practices for Securing Mobile App DevOps
NowSecure
 
A Risk-Based Mobile App Security Testing Strategy
NowSecure
 
iOS 12 Preview - What You Need To Know
NowSecure
 
5 Tips for Agile Mobile App Security Testing
NowSecure
 
Mobile Apps & Connected Healthcare: Managing 3rd-Party Mobile App Risk
NowSecure
 
Solving for Compliance: Mobile app security for banking and financial services
NowSecure
 
Leaky Mobile Apps: What You Need to Know
NowSecure
 
Cutting out the middleman: Man-in-the-middle attacks and prevention for mobil...
NowSecure
 
Delivering secure mobile financial services (MFS) - "Frictionless" vs diligence
NowSecure
 
Next-level mobile app security: A programmatic approach
NowSecure
 
How Android and iOS Security Enhancements Complicate Threat Detection
NowSecure
 
Mobile Penetration Testing: Episode III - Attack of the Code
NowSecure
 

Recently uploaded (20)

PDF
Per capita expenditure prediction using model stacking based on satellite ima...
IAESIJAI
 
PPTX
Programs and apps: productivity, graphics, security and other tools
4mqw9zch22
 
PPTX
Detection-First SIEM: Rule Types, Dashboards, and Threat-Informed Strategy
ReZa AdineH
 
PPTX
sap open course for s4hana steps from ECC to s4
sreeni2106invites
 
PDF
KodekX | Application Modernization Development
KodekX
 
PDF
Chapter 3 Spatial Domain Image Processing.pdf
Getnet Tigabie Askale -(GM)
 
PDF
Encapsulation theory and applications.pdf
gurumoop
 
PDF
Building Integrated photovoltaic BIPV_UPV.pdf
SandeepSingh286037
 
PDF
MIND Revenue Release Quarter 2 2025 Press Release
MIND CTI
 
PDF
TokAI - TikTok AI Agent : The First AI Application That Analyzes 10,000+ Vira...
SOFTTECHHUB
 
PPTX
ACSFv1EN-58255 AWS Academy Cloud Security Foundations.pptx
23bcla24
 
PDF
Approach and Philosophy of On baking technology
30anthuong17
 
PPTX
20250228 LYD VKU AI Blended-Learning.pptx
DatVoNgoc
 
PDF
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
PPT
“AI and Expert System Decision Support & Business Intelligence Systems”
ZubinRadhakrishnan
 
PPTX
Big Data Technologies - Introduction.pptx
kuthubussaman1
 
PDF
Unlocking AI with Model Context Protocol (MCP)
Brian McKeiver
 
PPTX
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
PDF
Review of recent advances in non-invasive hemoglobin estimation
IAESIJAI
 
PDF
Build a system with the filesystem maintained by OSTree @ COSCUP 2025
Jian-Hong Pan
 
Per capita expenditure prediction using model stacking based on satellite ima...
IAESIJAI
 
Programs and apps: productivity, graphics, security and other tools
4mqw9zch22
 
Detection-First SIEM: Rule Types, Dashboards, and Threat-Informed Strategy
ReZa AdineH
 
sap open course for s4hana steps from ECC to s4
sreeni2106invites
 
KodekX | Application Modernization Development
KodekX
 
Chapter 3 Spatial Domain Image Processing.pdf
Getnet Tigabie Askale -(GM)
 
Encapsulation theory and applications.pdf
gurumoop
 
Building Integrated photovoltaic BIPV_UPV.pdf
SandeepSingh286037
 
MIND Revenue Release Quarter 2 2025 Press Release
MIND CTI
 
TokAI - TikTok AI Agent : The First AI Application That Analyzes 10,000+ Vira...
SOFTTECHHUB
 
ACSFv1EN-58255 AWS Academy Cloud Security Foundations.pptx
23bcla24
 
Approach and Philosophy of On baking technology
30anthuong17
 
20250228 LYD VKU AI Blended-Learning.pptx
DatVoNgoc
 
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
“AI and Expert System Decision Support & Business Intelligence Systems”
ZubinRadhakrishnan
 
Big Data Technologies - Introduction.pptx
kuthubussaman1
 
Unlocking AI with Model Context Protocol (MCP)
Brian McKeiver
 
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
Review of recent advances in non-invasive hemoglobin estimation
IAESIJAI
 
Build a system with the filesystem maintained by OSTree @ COSCUP 2025
Jian-Hong Pan
 

iOS and Android security: Differences you need to know

  • 1. © Copyright 2016 NowSecure, Inc. All Rights Reserved. Proprietary information. iOS and Android Security: Differences You Need to Know August 22, 2016 | Security By Design Meetup
  • 2. David Weinstein Director of Research @insitusec ● 10+ years of cybersecurity experience ● Former senior engineer at MITRE Email: dweinstein@nowsecure.com © Copyright 2016 NowSecure, Inc. All Rights Reserved. Proprietary information.
  • 3. © Copyright 2016 NowSecure, Inc. All Rights Reserved. Proprietary information. NowSecure: Forged in mobile from day one Top engineers and researchers OSS authors of Radare, Frida, Santoku Linux, and Android VTS Disclosed Samsung keyboard vulnerability Impacting 650M+ devices worldwide Regular speaking appearances Black Hat USA, RSA Conference, OWASP AppSec USA & more 100+ customers From banking, healthcare, tech, government & more Founded in Oak Park, IL With a strong background in forensics & enterprise security 2009
  • 4. © Copyright 2016 NowSecure, Inc. All Rights Reserved. Proprietary information.. Risk extends deeper than what’s on the surface What everyone is focused on: malware The real security problem extends much deeper: Mobile apps leaking sensitive data
  • 5. © Copyright 2016 NowSecure, Inc. All Rights Reserved. Proprietary information. Mobile app security testing ● Fully automated static and dynamic analysis with results in minutes ● Analysis for iOS and Android performed on real devices ● Scalability and consistency via Cloud-based solution
  • 6. © Copyright 2016 NowSecure, Inc. All Rights Reserved. Proprietary information. Problems we address: So you can succeed in testing mobile apps 1 Teams are overwhelmed with mobile app testing 2 Static testing returns too many false positives 3 Organizations lack a process for mobile
  • 7. © Copyright 2016 NowSecure, Inc. All Rights Reserved. Proprietary information. Platform Security - Year In Review Differential Privacy Lock Screen Widgets ` image3/image4 no longer enc. Personal ID Codesigning App Transport Security Keychain ACLs, TouchID canOpenUrl changes Hardened Webkit usesCleartextTraffic SE Android Enforcing, Breaking Apps Instant Apps Verified Boot networkSecurityConfig “Project Svelte” Runtime Permissions FS Permissions Apple Android
  • 8. © Copyright 2016 NowSecure, Inc. All Rights Reserved. Proprietary information. Quick Stats Top 50 free iOS apps: - 80% using NSAllowsArbitraryLoads - 34% using NSExceptionDomains - 0 using MinimumTLSVersion exception Top 50 free Android apps: - Only Chrome using networkSecurityPolicy, services with isolatedProcess - None leaving debuggable flag enabled - 66% set allowBackup true
  • 9. © Copyright 2016 NowSecure, Inc. All Rights Reserved. Proprietary information..