Enterprise Mobility Management has turned so relevant today that enterprises and organizations across the globe are investing heavily in mobile device management, managing wireless networks and managing mobile computing services. Mobile threat detection is now key agenda for any organization’s security. It’s in this context and also in the light of the recent large-scale outbreak of Ransomware WannaCry that we seek to do an overview of Apple’s official iOS Security Guide, released recently in March, and Google’s ‘Android Security 2016 Year In Review’, which too was released in March 2017.
A very notable fact about the iOS security guide is that it refrains from discussing the rate of security incidents, any type of security incidents or malware threats/attacks. Instead, it takes a very close and analytical look at all the security mechanisms that are in place. After a concise but comprehensive introduction that discusses what iOS and iOS devices are and give, it goes on to detail how security technology and features are implemented within the iOS platform. The guide covers areas like System security, Encryption and data protection, Network security, App security, Apple Pay, Internet services, Device controls and Privacy controls. Though it doesn’t focus much on actual security incidents, the iOS security guide is quite exhaustive and educational.
The Google reports is its third annual report on Android’s security protections. The report, in its initial section titled ‘Overview’, states- “The report covers new and updated features, provides metrics that informed our view of Android security, and discusses trends around security for Android devices in 2016.” The report discusses in depth PHAs (potentially harmful applications) and MUwS (mobile unwanted software) and also discusses their definitions, methodology for finding them, tools they use etc. In the very first section titled ‘Google security services for Android’, the report states that by the fourth quarter of 2016, “…fewer than 0.71% of devices had Potentially Harmful Applications (PHAs) installed and for devices that exclusively download apps from Google Play, that number was even smaller at 0.05%. “
In the section titled ‘Ecosystem security programs’, the report states- “By Q4 2016, over half of the top 50 devices worldwide had a recent security patch. Several manufacturers, including Samsung,
LG, BlackBerry, and OnePlus, regularly deliver security updates to flagship devices on the same day as Google’s updates to Nexus and Pixel devices, thereby providing their customers with the most up-to-date security available.”
The report also discusses things like Verify Apps (which acts as Google’s own anti-malware service), SafetyNet (which allows devices to contribute security-related information to Google’s cloud-based services), Safe Browsing, Android Device Manager, Smart Lock etc in detail.
Instead of discussing the Android OS security model in detail, the Android Security report highlights the improvements in Android 7.0.
In the introductory section itself, the report states- “Looking forward to 2017, we’re working to increase the number of patched Android devices and accelerate adoption of key platform security features. “
The two reports are really interesting for anyone who likes discussing Enterprise Mobility Management, Mobile threat detection, device management etc.