Class: NCS 320 Fundamentals of Information AssuranceA Window into Mobile Device Security by “Carey Nachenberg & VP, Fellow” article had discussed the security weaknesses related to the two most widely used OS: Android and iOS along with the possible risks associated with these weaknesses. Nowadays, phones have become more than just a means of communication, they now serve more as a portable computer that can be used to access company services, view data and carry out various transactions. Most of these devices have no administrative control over them, leaving sensitive data vulnerable. Both operating systems have their own security vulnerabilities. Each operating system has been tested to determine its resistance to web and network-based attacks, malware, social engineering, abuse of resource and service availability, malicious data loss and unintentional and attacks against the integrity of device data. Apple iOSIOS is primarily access-based. control, encryption, application provenance and isolation. Traditional access control: (like any other smartphone, iOS offers the administrator the possibility to configure the password and choose its strength, the classic way to prevent an unauthorized entity from accessing the system. Another option is the account locks, meaning there are only a certain number of failed login attempts. Once the maximum number of attempts is reached, the device locks or clears. One of the strongest aspects of iOS is its app provenance technique. Registration is required for every developer. Every developer must go through a registration process with Apple and pay an annual licensing fee. release its software to the general public Developers must digitally sign each application with the numbers issued by Apple ...... middle of paper ...... who have obtained access control. permission-based: The problem with this approach is that it relies on the user. to make security decisions and decide whether the combination of permissions requested by an application is safe or not. App Provenance: Unlike Apple, software developers don't need to go to Google for a code-signed certificate. Instead, app developers can generate their own signatures, as often as they want. The result is that the malware author can generate “anonymous” digital certificates, leaving the author untraceable. Encryption: Only the latest generations of Android tablets support hardware encryption to protect data. However, earlier versions relied on isolation rather than encryption. So if an attacker manages to gain physical access to the device or jailbreak it, they can access every byte of data on the device..