The New Security Features of iOS 8 and Android Lollipop
The tail-end of the third quarter and the onset of the fourth quarter of 2014 saw the surfacing of news that sparked interest in the tech world. In a span of two months, two of the mobile market's biggest players, Apple and Google, announced their latest mobile OS updates.
Up until September 2014, Android still showed dominance among mobile users with a 55.23% market share. Apple cornered 24.74% of the market with iOS, leaving little percentage for other OS providers.
As usual, the recent release of the latest Apple operating system made a big global news splash. September marked the launch of iOS8, the tech giant’s eighth major release accompanying the newest additions to their mobile device models. On the other hand, Google teased Android users with an upcoming update named Android L—its latest upgrade from KitKat. It was later revealed that Android 5.0 Lollipop is set for a late October release. Similar to what we did with their predecessors, let’s take a closer look at these latest mobile OS versions and what these mean to mobile users.
While it doesn't feature a dramatic facelift like its predecessor (iOS 7), iOS 8 boasts of new features that the tech giant dubbed as their “biggest iOS release ever.” Instead of a makeover, improvements came in the form of less flashy—but equally important—features.
Touch ID was introduced in iOS 7 as a way to unlock an iPhone or iPad with a fingerprint identity sensor in place of a passcode. According to Apple, prior to the introduction of the Touch ID, less than half of its iPhone users have enabled a passcode. With the entry of the iPhone 5s that first offered this feature, 83% have utilized this safety measure.
For iOS 8, the Touch ID feature breaks out of the confines of just unlocking the phone and allowing iTunes, iBooks, and App Store purchases on iTunes, it has now extended its capabilities to allow access to third-party applications. Apps with credentials stored in the iOS keychain are given access to use the Touch ID to authenticate the user. This lessens the need for a user to key in passwords each time they log into an app. Instead, this improved feature allows passwords for third-party apps to be locked into the keychain. The fingerprint registered with the device will then have the ability to release it.
Apple also made modifications on how apps track locations. Before, a user can either choose “Always On/ Always Off”. In iOS 8, an added option to select When App is Open”. This gives the user greater control on what kind of access is granted to apps.
As a testament to the company’s dedication to customer privacy, Apple has also enhanced their data security. In a section of their official website, Apple CEO Tim Cook readily laid out measures undertaken to show how seriously they take issues of security and privacy.
For devices running iOS 8, the protection of a user’s personal data will be harnessed by enclosing everything under the user’s passcode or Touch ID. This means that photos, messages, (including attachments), email, contacts, call history, iTunes content, notes, and reminders can be protected using a key that can only be unlocked by a user's fingerprint. Cook furthered that this passcode is so secure that it can't be bypassed—not by Apple or the authorities.
Android 5.0 Lollipop
Google has revealed that their latest OS update will be called Lollipop and that it's set for a release late this month. Initially tagged as Android L, Android 5.0 Lollipop will be rolled out on Google's new Nexus 6 and Nexus 9 tablet starting early in November, and will feature support for earlier Nexus devices. This Android update boasts a new design, promises longer battery life, and seamless device switching. Google believes this to be their “largest, most ambitious release on Android.” But what of its security features?
Google also introduced a Smart Lock feature where the user can pair a trusted device like a smart watch, fitness tracker, or even headphones via Bluetooth. The OS will prompt a question asking if it’s a “trusted device”. Once it's paired with a trusted device, the screen unlocks—without requiring a security code—when your smartphone is within range of the paired device. Lose the connection, and it locks up again. Convenience wins.
Security-enhanced Linux was made available in KitKat in “enforcing mode”. Meaning, the Linux-based architecture was designed to protect the OS from threats that access the device during privilege elevation attacks. In Lollipop, SELinux enforcement becomes mandatory for all applications rather than simply an option, offering better security against malware.
Google also confirmed that default encryption on user data will be carried out with the release of Lollipop. Since 2011, Android has offered optional encryption on some devices but admittedly, users have little to no knowledge about turning the feature on. Newer Android devices running on Lollipop will be designed with automatic encryption out of the box where only the user who has the device’s password will be able to see data like photos, videos, and communications stored in the device.
It's similar to Apple’s data encryption method where a user can choose a passcode. The data stored in the device can only be accessed by users who have these credentials. Turning these security measures on by default is also a step taken to keep government snooping at bay, an aftermath on the uproar generated by the Edward Snowden expose.
Security by default: What it means to users
In the past, protection for user data is something that users had to work on, with what little knowledge they have to keep their data private. Now, default encryption for user data is being applied by two of the mobile industry's biggest players to provide intensified protection against surveillance and even theft.
After previous OS updates focused on improving design and the user experience, the surge in the number of mobile threats have practically made it necessary to improve security. The new focus on improved security features isn't flashy, but it's certainly a significant development.
Bear in mind that in the first half of the year alone, the mobile platform took a beating from cyber crooks as the number of mobile malware and high-risk apps reached two million unique samples. And this figure is still expected to grow in terms of volume and the sophistication of cybercriminal tactics used.
Like it? Add this infographic to your site:
1. Click on the box below. 2. Press Ctrl+A to select all. 3. Press Ctrl+C to copy. 4. Paste the code into your page (Ctrl+V).
Image will appear the same size as you see above.
- Ransomware Spotlight: TargetCompany
- Email Threat Landscape Report: Cybercriminal Tactics, Techniques That Organizations Need to Know
- Preventing an Imminent Ransomware Attack With Early Detection and Investigation
- Inside the Halls of a Cybercrime Business
- Securing Cloud-Native Environments with Zero Trust: Real-World Attack Cases