NowSecure, profile picture
Uploaded byNowSecure
1,026 views

iOS and Android security: Differences you need to know

The document discusses the differences between iOS and Android security, highlighting the vulnerabilities in mobile apps that leak sensitive data, beyond just malware. It details NowSecure's automated mobile app security testing solutions and the challenges organizations face in mobile app testing. Additionally, it provides insights into platform security changes and statistics on security practices among top free iOS and Android apps.

Embed presentation

Downloaded 12 times
© Copyright 2016 NowSecure, Inc. All Rights Reserved. Proprietary information. iOS and Android Security: Differences You Need to Know August 22, 2016 | Security By Design Meetup
David Weinstein Director of Research @insitusec ● 10+ years of cybersecurity experience ● Former senior engineer at MITRE Email: dweinstein@nowsecure.com © Copyright 2016 NowSecure, Inc. All Rights Reserved. Proprietary information.
© Copyright 2016 NowSecure, Inc. All Rights Reserved. Proprietary information. NowSecure: Forged in mobile from day one Top engineers and researchers OSS authors of Radare, Frida, Santoku Linux, and Android VTS Disclosed Samsung keyboard vulnerability Impacting 650M+ devices worldwide Regular speaking appearances Black Hat USA, RSA Conference, OWASP AppSec USA & more 100+ customers From banking, healthcare, tech, government & more Founded in Oak Park, IL With a strong background in forensics & enterprise security 2009
© Copyright 2016 NowSecure, Inc. All Rights Reserved. Proprietary information.. Risk extends deeper than what’s on the surface What everyone is focused on: malware The real security problem extends much deeper: Mobile apps leaking sensitive data
© Copyright 2016 NowSecure, Inc. All Rights Reserved. Proprietary information. Mobile app security testing ● Fully automated static and dynamic analysis with results in minutes ● Analysis for iOS and Android performed on real devices ● Scalability and consistency via Cloud-based solution
© Copyright 2016 NowSecure, Inc. All Rights Reserved. Proprietary information. Problems we address: So you can succeed in testing mobile apps 1 Teams are overwhelmed with mobile app testing 2 Static testing returns too many false positives 3 Organizations lack a process for mobile
© Copyright 2016 NowSecure, Inc. All Rights Reserved. Proprietary information. Platform Security - Year In Review Differential Privacy Lock Screen Widgets ` image3/image4 no longer enc. Personal ID Codesigning App Transport Security Keychain ACLs, TouchID canOpenUrl changes Hardened Webkit usesCleartextTraffic SE Android Enforcing, Breaking Apps Instant Apps Verified Boot networkSecurityConfig “Project Svelte” Runtime Permissions FS Permissions Apple Android
© Copyright 2016 NowSecure, Inc. All Rights Reserved. Proprietary information. Quick Stats Top 50 free iOS apps: - 80% using NSAllowsArbitraryLoads - 34% using NSExceptionDomains - 0 using MinimumTLSVersion exception Top 50 free Android apps: - Only Chrome using networkSecurityPolicy, services with isolatedProcess - None leaving debuggable flag enabled - 66% set allowBackup true
© Copyright 2016 NowSecure, Inc. All Rights Reserved. Proprietary information..

More Related Content

PDF
The fundamentals of Android and iOS app security
byNowSecure
 
PDF
OWASP Mobile Top 10
byNowSecure
 
PDF
Mobile Penetration Testing: Episode 1 - The Forensic Menace
byNowSecure
 
PDF
5 Ways to Protect your Mobile Security
byLookout
 
PDF
Five mobile security challenges facing the enterprise
byNowSecure
 
PDF
How to make Android apps secure: dos and don’ts
byNowSecure
 
PDF
Mobile Penetration Testing: Episode II - Attack of the Code
byNowSecure
 
PDF
Shifting left: Continuous testing for better app quality and security
byNowSecure
 
The fundamentals of Android and iOS app security
byNowSecure
 
OWASP Mobile Top 10
byNowSecure
 
Mobile Penetration Testing: Episode 1 - The Forensic Menace
byNowSecure
 
5 Ways to Protect your Mobile Security
byLookout
 
Five mobile security challenges facing the enterprise
byNowSecure
 
How to make Android apps secure: dos and don’ts
byNowSecure
 
Mobile Penetration Testing: Episode II - Attack of the Code
byNowSecure
 
Shifting left: Continuous testing for better app quality and security
byNowSecure
 

What's hot

PPTX
Three Secrets to Becoming a Mobile Security Superhero
bySkycure
 
PDF
Debunking the Top 5 Myths About Mobile AppSec
byNowSecure
 
PDF
Mobile hacking, pentest, and malware
byAmmar WK
 
PDF
Patches Arrren't Just for Pirates
bywebnowires
 
PPTX
Web Application Security
bysudip pudasaini
 
PDF
Jump-Start The MASVS
byPrathan Phongthiproek
 
PDF
Case Closed with IBM Application Security on Cloud infographic
byIBM Security
 
PPTX
Accessibility Clickjacking, Devastating Android Vulnerability
bySkycure
 
PDF
OSS Tools: Creating a Reverse Engineering Plug-in for r2frida
byNowSecure
 
PPTX
How to Add Advanced Threat Defense to Your EMM
bySkycure
 
PPTX
How Healthcare CISOs Can Secure Mobile Devices
bySkycure
 
PDF
Cybersecurity Fundamentals for Bar Associations
byNowSecure
 
PDF
2015 Cybersecurity Predictions
byLookout
 
PDF
Malware on Smartphones and Tablets - The Inconvenient Truth
byAGILLY
 
PDF
The New NotCompatible
byLookout
 
PDF
Xamarin security talk slideshare
byMarcus de Wilde
 
PDF
Mobile Hacking
byNovizul Evendi
 
PDF
How To [relatively] Secure your Web Applications
byAmmar WK
 
PDF
Mobile App Hacking In A Nutshell
byPrathan Phongthiproek
 
PDF
Android Security Development
byhackstuff
 
Three Secrets to Becoming a Mobile Security Superhero
bySkycure
 
Debunking the Top 5 Myths About Mobile AppSec
byNowSecure
 
Mobile hacking, pentest, and malware
byAmmar WK
 
Patches Arrren't Just for Pirates
bywebnowires
 
Web Application Security
bysudip pudasaini
 
Jump-Start The MASVS
byPrathan Phongthiproek
 
Case Closed with IBM Application Security on Cloud infographic
byIBM Security
 
Accessibility Clickjacking, Devastating Android Vulnerability
bySkycure
 
OSS Tools: Creating a Reverse Engineering Plug-in for r2frida
byNowSecure
 
How to Add Advanced Threat Defense to Your EMM
bySkycure
 
How Healthcare CISOs Can Secure Mobile Devices
bySkycure
 
Cybersecurity Fundamentals for Bar Associations
byNowSecure
 
2015 Cybersecurity Predictions
byLookout
 
Malware on Smartphones and Tablets - The Inconvenient Truth
byAGILLY
 
The New NotCompatible
byLookout
 
Xamarin security talk slideshare
byMarcus de Wilde
 
Mobile Hacking
byNovizul Evendi
 
How To [relatively] Secure your Web Applications
byAmmar WK
 
Mobile App Hacking In A Nutshell
byPrathan Phongthiproek
 
Android Security Development
byhackstuff
 

Similar to iOS and Android security: Differences you need to know

PDF
5 Mobile App Security MUST-DOs in 2018
byNowSecure
 
PDF
CASE STUDY - Ironclad Messaging & Secure App Dev for Regulated Industries
byNowSecure
 
PDF
Mobile App Security Testing: Tools, Techniques & Insights
bydigitaljignect
 
PPTX
Building a Mobile Security Program
byDenim Group
 
PDF
Unicom Conference - Mobile Application Security
bySubho Halder
 
PDF
Challenges in Testing Mobile App Security
byCygnet Infotech
 
PDF
It's not about you: Mobile security in 2016
byNowSecure
 
PDF
Mobile App Crashworthiness - Securing Vehicle-to-Device (V2D) Interfaces and ...
byNowSecure
 
PDF
Vetting Mobile Apps for Corporate Use: Security Essentials
byNowSecure
 
PDF
How to scale mobile application security testing
byNowSecure
 
PDF
Preparing for the inevitable: The mobile incident response playbook
byNowSecure
 
PDF
Building a Mobile App Pen Testing Blueprint
byNowSecure
 
PDF
Security Best Practices for Mobile Development
bySalesforce Developers
 
PDF
85% of App Store Apps Fail OWASP Mobile Top 10: Are you exposed?
byNowSecure
 
PDF
Android P Security Updates: What You Need to Know
byNowSecure
 
PDF
Top OSS for Mobile AppSec Testing: The Latest on R2 and FRIDA
byNowSecure
 
PDF
Mobile App Security Predictions 2019
byNowSecure
 
PDF
Android Q & iOS 13 Privacy Enhancements
byNowSecure
 
PPTX
Security Imeprative for iOS and Android Apps
bySymosis Security (Previously C-Level Security)
 
PDF
What attackers know about your mobile apps that you don’t: Banking & FinTech
byNowSecure
 
5 Mobile App Security MUST-DOs in 2018
byNowSecure
 
CASE STUDY - Ironclad Messaging & Secure App Dev for Regulated Industries
byNowSecure
 
Mobile App Security Testing: Tools, Techniques & Insights
bydigitaljignect
 
Building a Mobile Security Program
byDenim Group
 
Unicom Conference - Mobile Application Security
bySubho Halder
 
Challenges in Testing Mobile App Security
byCygnet Infotech
 
It's not about you: Mobile security in 2016
byNowSecure
 
Mobile App Crashworthiness - Securing Vehicle-to-Device (V2D) Interfaces and ...
byNowSecure
 
Vetting Mobile Apps for Corporate Use: Security Essentials
byNowSecure
 
How to scale mobile application security testing
byNowSecure
 
Preparing for the inevitable: The mobile incident response playbook
byNowSecure
 
Building a Mobile App Pen Testing Blueprint
byNowSecure
 
Security Best Practices for Mobile Development
bySalesforce Developers
 
85% of App Store Apps Fail OWASP Mobile Top 10: Are you exposed?
byNowSecure
 
Android P Security Updates: What You Need to Know
byNowSecure
 
Top OSS for Mobile AppSec Testing: The Latest on R2 and FRIDA
byNowSecure
 
Mobile App Security Predictions 2019
byNowSecure
 
Android Q & iOS 13 Privacy Enhancements
byNowSecure
 
Security Imeprative for iOS and Android Apps
bySymosis Security (Previously C-Level Security)
 
What attackers know about your mobile apps that you don’t: Banking & FinTech
byNowSecure
 

More from NowSecure

PDF
Solving for Compliance: Mobile app security for banking and financial services
byNowSecure
 
PDF
From Tangled Mess to Organized Flow: A Mobile DevSecOps Reference Architecture
byNowSecure
 
PDF
Next-level mobile app security: A programmatic approach
byNowSecure
 
PDF
Leaky Mobile Apps: What You Need to Know
byNowSecure
 
PDF
iOS recon with Radare2
byNowSecure
 
PDF
Mobile Penetration Testing: Episode III - Attack of the Code
byNowSecure
 
PDF
Delivering secure mobile financial services (MFS) - "Frictionless" vs diligence
byNowSecure
 
PDF
Cutting out the middleman: Man-in-the-middle attacks and prevention for mobil...
byNowSecure
 
PDF
Mobile Apps & Connected Healthcare: Managing 3rd-Party Mobile App Risk
byNowSecure
 
PDF
A Risk-Based Mobile App Security Testing Strategy
byNowSecure
 
PDF
How Android and iOS Security Enhancements Complicate Threat Detection
byNowSecure
 
PDF
5 Tips for Agile Mobile App Security Testing
byNowSecure
 
PDF
iOS 12 Preview - What You Need To Know
byNowSecure
 
PDF
Jeff's Journey: Best Practices for Securing Mobile App DevOps
byNowSecure
 
Solving for Compliance: Mobile app security for banking and financial services
byNowSecure
 
From Tangled Mess to Organized Flow: A Mobile DevSecOps Reference Architecture
byNowSecure
 
Next-level mobile app security: A programmatic approach
byNowSecure
 
Leaky Mobile Apps: What You Need to Know
byNowSecure
 
iOS recon with Radare2
byNowSecure
 
Mobile Penetration Testing: Episode III - Attack of the Code
byNowSecure
 
Delivering secure mobile financial services (MFS) - "Frictionless" vs diligence
byNowSecure
 
Cutting out the middleman: Man-in-the-middle attacks and prevention for mobil...
byNowSecure
 
Mobile Apps & Connected Healthcare: Managing 3rd-Party Mobile App Risk
byNowSecure
 
A Risk-Based Mobile App Security Testing Strategy
byNowSecure
 
How Android and iOS Security Enhancements Complicate Threat Detection
byNowSecure
 
5 Tips for Agile Mobile App Security Testing
byNowSecure
 
iOS 12 Preview - What You Need To Know
byNowSecure
 
Jeff's Journey: Best Practices for Securing Mobile App DevOps
byNowSecure
 

Recently uploaded

PDF
Navigating the Spectrum of Advanced AI – Agentic, Autonomous, and Autopoietic...
byScott M. Graffius
 
PDF
Ai In Courts Ai in courts AI in court AI in court
byZainKarim7
 
PPTX
Corporate AI Training to AI Enable a Company Workforce
byStélio Inácio
 
PDF
Techbrains Baku 2025 by GoUP - all speaker session
byHusseinMalikMammadli
 
PDF
Industrial RFID Landscape for 2025 - Readers, Tags, Antennas, Printers, etc
byRich Rogers
 
PDF
The map to conquer linear algebra for IT engineer
byakipii ogaoga
 
PDF
Unit 1.2 Components of a Computer System.pdf
bySanieBautista
 
PDF
Xemelgo - RFID Industry Predictions for 2026
byRich Rogers
 
PDF
How Azure DevOps Consultants Dubai Reduce Release Delays.pdf
byLogicEra
 
PDF
Digital Marketing Trends in 2026: AI, Data, Content & Future Growth
byConacent Consulting
 
PDF
Huawei Datacom – How To Pass H12-892 On Your First Try
by591lab
 
PDF
Top Benefits of Using KVM VPS Hosting for Growing Businesses
byEthernet Servers
 
PDF
Regenerative Agriculture Finance : Environmental impact
byrose mason
 
PDF
“Lessons from Yesterday's Tomorrowland” by Scott M. Graffius
byScott M. Graffius
 
DOCX
Top Websites To ⭐Buy ⭐Old ⭐Gmail ⭐Accounts (PVA & Bulk) (5).docx
byBuy Old Gmail Accounts
 
PPTX
Document Reconstruction using AI & Deep Learning
bysonjuktaweb
 
PDF
कम्प्यूटर.pdf for all computer examination
bynm92169694
 
PDF
Small Business Automation: A Comprehensive Cost and ROI Guide
byAmelia Swank
 
PDF
Groq Series A Investment Memo - Chamath Palihapitiya
byRazin Mustafiz
 
PPTX
Cesium formate brine - A brief history - prepared by John Downs in May 2011
byJohn Downs
 
Navigating the Spectrum of Advanced AI – Agentic, Autonomous, and Autopoietic...
byScott M. Graffius
 
Ai In Courts Ai in courts AI in court AI in court
byZainKarim7
 
Corporate AI Training to AI Enable a Company Workforce
byStélio Inácio
 
Techbrains Baku 2025 by GoUP - all speaker session
byHusseinMalikMammadli
 
Industrial RFID Landscape for 2025 - Readers, Tags, Antennas, Printers, etc
byRich Rogers
 
The map to conquer linear algebra for IT engineer
byakipii ogaoga
 
Unit 1.2 Components of a Computer System.pdf
bySanieBautista
 
Xemelgo - RFID Industry Predictions for 2026
byRich Rogers
 
How Azure DevOps Consultants Dubai Reduce Release Delays.pdf
byLogicEra
 
Digital Marketing Trends in 2026: AI, Data, Content & Future Growth
byConacent Consulting
 
Huawei Datacom – How To Pass H12-892 On Your First Try
by591lab
 
Top Benefits of Using KVM VPS Hosting for Growing Businesses
byEthernet Servers
 
Regenerative Agriculture Finance : Environmental impact
byrose mason
 
“Lessons from Yesterday's Tomorrowland” by Scott M. Graffius
byScott M. Graffius
 
Top Websites To ⭐Buy ⭐Old ⭐Gmail ⭐Accounts (PVA & Bulk) (5).docx
byBuy Old Gmail Accounts
 
Document Reconstruction using AI & Deep Learning
bysonjuktaweb
 
कम्प्यूटर.pdf for all computer examination
bynm92169694
 
Small Business Automation: A Comprehensive Cost and ROI Guide
byAmelia Swank
 
Groq Series A Investment Memo - Chamath Palihapitiya
byRazin Mustafiz
 
Cesium formate brine - A brief history - prepared by John Downs in May 2011
byJohn Downs
 

iOS and Android security: Differences you need to know

  • 1.
    © Copyright 2016NowSecure, Inc. All Rights Reserved. Proprietary information. iOS and Android Security: Differences You Need to Know August 22, 2016 | Security By Design Meetup
  • 2.
    David Weinstein Director ofResearch @insitusec ● 10+ years of cybersecurity experience ● Former senior engineer at MITRE Email: dweinstein@nowsecure.com © Copyright 2016 NowSecure, Inc. All Rights Reserved. Proprietary information.
  • 3.
    © Copyright 2016NowSecure, Inc. All Rights Reserved. Proprietary information. NowSecure: Forged in mobile from day one Top engineers and researchers OSS authors of Radare, Frida, Santoku Linux, and Android VTS Disclosed Samsung keyboard vulnerability Impacting 650M+ devices worldwide Regular speaking appearances Black Hat USA, RSA Conference, OWASP AppSec USA & more 100+ customers From banking, healthcare, tech, government & more Founded in Oak Park, IL With a strong background in forensics & enterprise security 2009
  • 4.
    © Copyright 2016NowSecure, Inc. All Rights Reserved. Proprietary information.. Risk extends deeper than what’s on the surface What everyone is focused on: malware The real security problem extends much deeper: Mobile apps leaking sensitive data
  • 5.
    © Copyright 2016NowSecure, Inc. All Rights Reserved. Proprietary information. Mobile app security testing ● Fully automated static and dynamic analysis with results in minutes ● Analysis for iOS and Android performed on real devices ● Scalability and consistency via Cloud-based solution
  • 6.
    © Copyright 2016NowSecure, Inc. All Rights Reserved. Proprietary information. Problems we address: So you can succeed in testing mobile apps 1 Teams are overwhelmed with mobile app testing 2 Static testing returns too many false positives 3 Organizations lack a process for mobile
  • 7.
    © Copyright 2016NowSecure, Inc. All Rights Reserved. Proprietary information. Platform Security - Year In Review Differential Privacy Lock Screen Widgets ` image3/image4 no longer enc. Personal ID Codesigning App Transport Security Keychain ACLs, TouchID canOpenUrl changes Hardened Webkit usesCleartextTraffic SE Android Enforcing, Breaking Apps Instant Apps Verified Boot networkSecurityConfig “Project Svelte” Runtime Permissions FS Permissions Apple Android
  • 8.
    © Copyright 2016NowSecure, Inc. All Rights Reserved. Proprietary information. Quick Stats Top 50 free iOS apps: - 80% using NSAllowsArbitraryLoads - 34% using NSExceptionDomains - 0 using MinimumTLSVersion exception Top 50 free Android apps: - Only Chrome using networkSecurityPolicy, services with isolatedProcess - None leaving debuggable flag enabled - 66% set allowBackup true
  • 9.
    © Copyright 2016NowSecure, Inc. All Rights Reserved. Proprietary information..