Insight into the Android and iOS security architecture
- General
- by Jacob Riggs
- 09-07-2020
Mobile computing devices have revolutionised the way people interact with each other and the Internet, though just like any other computing device, mobile devices are subject to vulnerabilities. Some of these vulnerabilities are based on the design of the architecture and how data is processed, stored, and transmitted to and from the device.
Mobile device architecture
Smartphone and tablet devices are composed of various hardware and software components (e.g, an operating system and software applications). A battery provides the external power source, and a keypad or touchscreen allows the user to interact with the device. Most mobile devices are built with a system on a chip (SoC). The SoC is a small, integrated circuit that connects together common components that make up a mobile device.
SoC are designed to reduce overall system costs, increase performance, and lower power consumption. Just like in a personal computer (PC), the CPU is used for decision logic and the GPU is responsible for visual processing. RAM provides temporary memory storage for applications, and ROM provides the long-term storage, such as for firmware and operating systems.
When the mobile device is configured for a subscriber network like Three, EE, or Vodafone etc, the modem allows mobile devices to communicate over cellular networks, using basic phone services to make phone calls and send text messages. A SIM (subscriber identity module) card is unique, and is required in order to identify and authenticate a user's device on the cellular network. Once authenticated, the user's communications are encrypted. SIM cards have a limited storage capacity (up to 256KB) and contain information regarding the user's identity, location, network authentication data, phone number, stored contact lists, and even stored text messages. Setting a SIM personal identification number (PIN) on the mobile device can help protect your data in the event the device is lost or stolen.
Two of the most common mobile operating systems on the market are iOS (iPhone Operating System) and Android. The iOS operating system is proprietary and runs exclusively on Apple mobile devices (i.e, iPhone, iPad, etc). Android, which is developed by Google, is open-source and found on a variety of hardware such as mobile phones, televisions, and other technological items.
Android
Android is a mobile operating system based on the Linux 2.x and 3.x kernels. Much like iOS, the Android platform is made up of different layers (stacks) that offer distinct services and interface with other components within the stack.
On a mobile Android device, users interact within the application layer. This layer is also home for the native system apps that are installed by default such as the calendar app, camera, and email. Android applications are developed in Java. Applications run their own processes within a virtual machine (i.e, an instance of ART, which is short for Android Runtime), as if they were separate user accounts with separate home directories. This provides isolation among all the other applications running on the device. The Java application programming interface (API) framework exposes features of the Android OS to simplify access to application data and other system components.
The primary components of an Android application are:
- Activities - Parts of the application the user can see.
- Fragments - A behaviour that is placed in an activity.
- Intents - Used for sending messages between other components.
- Broadcast receivers - Allow an application to receive notifications from other apps.
- Content providers - A SQLite database to store data in the form of a flat file.
- Services - Used to start intents, send notifications, and process data.
The hardware abstraction layer (HAL) interfaces with built-in hardware components of the device. The native C and C++ libraries provide support for applications developed in native code, such as HAL and ART. The kernel provides foundational services to other components within the platform, such as drivers, memory management, display functionality, etc.
iOS
The iOS is based on Darwin, which is an open-source, Unix-based OS that was first released by Apple in 2000. iOS is a layered architecture that is made up of four levels of abstraction.
- Cocoa Touch - User interface (UI) framework for developing software apps, like games, to run on iOS.
- Media Services - Provides audio, graphics, video, and over-theair (AirPlay) capabilities.
- Core Services - Fundamental services like networking, file access, address book, etc.
- Core OS - Provides OS functionality such as power management, file system, etc.
Each layer contains different frameworks, which are groups of libraries and resources (i.e, images, header files, etc) that can be used for developing an application. Smaller applications typically contain all the resources they need to function directly in the application bundle. In relation to iOS development, another word for framework is a bundle. Objective-C and Swift are high-level programming languages specifically for Apple operating systems like iOS, whereas the low-level programming language C is used for operating system and kernel development.
The six core features of the iOS security architecture are:
- Hardware security
- Secure boot (secure boot chain)
- Code signing
- Sandbox
- Encryption and data protection
- General exploit mitigations
When an iOS device is booted, it goes through a process that Apple calls the secure boot chain. Apple uses an Apple Root CA (Certificate Authority) certificate, which is loaded in read-only memory (boot ROM) for verifying other certificates to establish explicit trust relationships. Each step of the boot process contains components that are cryptographically signed by Apple. This signature represents a chain of trust and is verified every time the device is booted to ensure the device has not been tampered with.
This process is similar to the applications that are allowed to run on the device. Apple use code signing to ensure only approved applications are deployed on the device. Users are forced to visit the Apple store to download authorised applications that have been signed by Apple, kind of like being in application prison. Ironically, jailbreaking the device is the only way to bypass the security mechanisms and run third-party applications.
The hardware security feature provides cryptographic opertions to secure technologies operating on the iDevice. This is probably the most important security feature of the device. There are two Advanced Encryption Standard (AES) 256-bit encryption keys included on every iDevice, called group ID (GID) and unique ID (UID) values. The GID key is used to prevent modification to firmware files, outside of the user's private data. UIDs are created during manufacturing and are unique to every device. They are used in conjunction with passcodes and other data protection mechanisms for file encryption and decryption.
If hardware-like memory chips are removed and reused on another iDevice, encrypted files would not be accessible. The keys are fused into the application processor and are not recoverable, not even when using a JTAG or other debugging interface. The AES-256 crypto engine, which works with a SHA-1 cryptographic hash function, is built into every iDevice to encrypt data and optimise overall performance.
The sandbox is a restricted area where applications are executed from. It is a general mitigation technique to prevent escalation attacks. If an application were to be compromised, the damage would be limited to the data managed by the vulnerable application and possibly the data from other applications, like your contacts, depending on the access restrictions enabled by the iOS user.
Conclusion
Android and iOS application developers perform the majority of the software development higher up the stack, since most of the resources and libraries for working with subcomponents are readily available and easy to work with. Because most of the development activity happens at the application layer, mobile users tend to fall victim to vulnerabilities derived from poor security development practices. This is why it's important for security conscious mobile users to understand not only the underlying architecture, but also how to balance their own security considerations with the growing need for varied mobile device usage in practice.