Device Security Models: So how have designers built their systems with an eye toward addressing security problems? Several steps have been taken, but overall there has been an attempt to approach the problem of security through five key areas, each addressing a specific problem or need:
- Access control is used to protect devices, which includes passwords, biometric, and least-privilege technologies, to name a few.
- Digital signing has become part of the application model of most if not all mobile Oss. This feature allows applications to be signed so they can be verified that they originated from a specific author, and they can’t be tampered with without such activities being detected.
While digital signing is not required, Android will not allow the installation of apps from unknown sources by default. In iOS, applications from unknown sources can’t be installed at all unless the owner specifically modifies or “jailbreaks” the phone to allow this.
- Encryption is another vital component of the security model of a mobile OS. Encryption is employed or devices to ensure that data is kept safe in the event a device are lost, stolen, or compromised.
While not consistently implemented on many mobile devices in the past, this has changed, with Android 6.0 (code name Marshmallow) even requiring storage encryption by default.
- Isolation, which seeks to limit the access an application has, is an important issue addressed in mobile devices.
Essentially, this is a form of least privilege for applications, where if you don’t need access sensitive data or processes, you don’t get it.
- Permission-based access control works much as it does on server and desktop operating systems.
This feature limits the scope of access of an application by blocking those actions the user may attempt but has not been granted access to.