So how have designers built their systems with an eye toward addressing security problems? Several steps have been taken, but overall there has been an attempt to approach the problem of security through five key areas, each addressing a specific problem or need:
- Access control is used to protect devices, which includes passwords, biometrics, and least-privilege technologies, to name a few.
- Digital signing has become part of the application model of most if not all mobile OSs. This feature allows applications to be signed so they can be verified that they originated from a specific author, and they cannot be tampered with without such activities being detected. While digital signing is not required, Android will not allow the installation of apps from unknown sources by default. In iOS, applications from unknown sources cannot be installed at all unless the owner specifically modifies or “jailbreaks” the phone to allow this.
- Encryption is another vital component of the security model of a mobile OS. Encryption is employed on devices to ensure that data is kept safe in the event a device is lost, stolen, or compromised. While not consistently implemented on many mobile devices in the past, this has changed, with Android 6.0 (codename Marshmallow) even requiring storage encryption by default.
- Isolation, which seeks to limit the access an application has, is an important issue addressed in mobile devices. Essentially, this is a form of least privilege for applications, where if you don’t need access to sensitive data or processes, you don’t get it.
- Permissions-based access control works much as it does on server and desktop operating systems. This feature limits the scope of access of an application by blocking those actions the user may attempt but has not been granted access to.