Android v iOS Mobile Operating Systems

Android Android is an open source operating system widely used on smartphones and tablets. Android has been available under a free and open source software license from October 21, 2008 and until March 2011. Google published the entire source code (including network and telephony ) under an Apache License, and keeps the reviewed issues list publicly open for anyone to see and comment. Even though the software is open source, device manufacturers cannot use Google's Android trademark until Google certifies that the device complies with their Compatibility Definition Document (CDD). Devices must also meet this requirement to be eligible to license Google's closed-source applications, including the Android Market. Google purchased the initial developer of the software, Android Inc., in 2005. The unveiling of the Android distribution on November 5, 2007 was announced with the founding of the Open Handset Alliance, a consortium of 84 hardware, software, and telecommunication companies devoted to advancing open standards for mobile devices. Google released most of the Android code under an Apache License, a free software license. The Android Open Source Project is tasked with the maintenance and further development of Android. The Android Kernel is based on the Linux kernel, with middleware, libraries and APIs written in C, and application software running on an application framework, which includes Java-compatible libraries based on Apache Harmony. Android uses the Dalvik virtual machine with just-in-time compilation to run compiled Java code. Android has a large community of developers writing applications ("apps") that extend the functionality of the devices. Developers write primarily in a customized version of Java. There are currently more than 200,000 apps available for Android. Apps can be downloaded from third- party sites or through online stores such as Android Market (available through a browser as well as on the phone). The Android OS was listed as the best-selling smartphone platform worldwide in Q4 2010 by Canalys with over 190 million Android devices in use by October 2011. OS Versions The Android platform releases software upgrades periodically and each substantial upgrade is named after a dessert. The December 2010 release of Gingerbread OS 2.3/2.4 has the highest percentage of market share, with 50.1% in December 2011. The key features of this update are the improved resolution for large screens, near-field communication, copy-paste feature, improved graphics for gaming and multiple camera. The last OS released on February 22, 2011 was Honeycomb OS 3.0 SDK. This is the first ever tablet only release of Android. The Motorola Xoom is the first tablet to run on this OS. The attractive features are the 3D desktop with redesigned widgets, Gtalk video chat and improved performance with hardware acceleration. The update for Android will be Ice Cream Sandwich 3.0, which will include several software enhancements such as an improved copy and paste function, data logging and warnings, as well as the ability to be able to take screenshots by holding down on the power and volume buttons. There have been improvements with the UI, keyboard and dictionaries as well.

Apple iOS Apple iOS was originally developed for the iPhone, it has since been extended to support other Apple devices such as the iPod touch, iPad and Apple TV. Apple does not license iOS for installation on third-party hardware. As of December 2011, Apple is advertising more than 500,000 iOS applications, which have collectively been downloaded more than 18 billion times. The user interface of iOS is based on the concept of direct manipulation, using multi-touch gestures. Interface control elements consist of sliders, switches, and buttons. The response to user input is immediate and provides a fluid interface. Interaction with the OS includes gestures such as swipe, tap, pinch, and reverse pinch, all of which have specific definitions within the context of the iOS operating system and its multi-touch interface. Internal accelerometers are used by some applications to respond to shaking the device (one common result is the undo command) or rotating it in three dimensions (one common result is switching from portrait to landscape mode). iOS is derived from Mac OS X, which shares the Darwin foundation, and is therefore a Unix-like operating system by nature. In iOS, there are four abstraction layers: the Core OS layer, the layer, the Media layer, and the layer. The current version of the operating system (iOS 5.0) uses roughly 774.4 megabytes of the device's storage, varying for each model. OS Versions The latest update was released at 6pm GMT on October 12, 2011. iOS 5 introduced the iCloud service and the , as well as improvements to native apps such as Camera. The operating system also features new applications, such as the "" app and "", an application that lets you buy newspapers and magazines. Unlike other applications, Newsstand is the first native application to actually run on the homescreen. "iMessage" is an application that allows iPod touch, iPhone, and iPad users to communicate, much like a chat service only used between these devices. The iMessage feature has been integrated into the "" application on the iPhone. The iPod application on the iPhone and iPad has now been split into the and Video applications, just like on the iPod Touch. According to Apple, the new OS has over 200 new features. Application Distribution

Android Android distributes applications through the Android Market. Google hosts the applications, and a little more than half are available free of cost and the rest require nominal fees. Android has a refund policy in which they will issue a full refund if a user uninstalls an app within the first 24 hours after installing it. Because Google does not regulate or approve of applications in its Market, there are more security vulnerabilities and issues associated with Android. Apple Applications are available through the on all iOS devices. A little over a quarter of the applications Apple hosts are free, the rest require some form of payment. Applications hosted in Apples App Store are scrutinized prior to release. App writers must submit their apps to Apple, which has a process of deciding on whether they would like to host them or not. Additionally, Apple can also provide information about the range of the products available in their app store. Apple does not have a refund policy for their apps.

Symantec recently conducted a lengthy analysis in regards to the vulnerability of Apple’s iOS and Android. It outlined how iOS is more resistant to traditional malware attacks, mostly due to Apple’s app approval process and their extensive process of investigating developers to identify and eliminate potential attackers.

Number of Apps iOS vs. Android

400 350 300 Apple App Store 250 Android Market 200 150 100 No. of Apps, in 1,000's 50 0 8/1/10 9/1/10 10/1/10 11/1/10 12/1/10 1/1/11 2/1/11

Graph depicting the growth of apps in the Android Market compared to the Apple App Store as of February 2011.

Free vs. Paid Apps iOS & Android

Android (08-15-2010)

iPhone (08-15-2010)

Paid Android (02-14-2011) Free

iPhone (02-14-2011)

0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100% Percentage of Apps

Graph depicting the number of free versus paid apps in the Android Market and Apple App Store.

Vulnerabilities

Android It can be assumed that Android is a more vulnerable platform due to the fact that it is open-source and does not have as tight a leash on platform rules and features as Apple’s iOS. One of the recent vulnerabilities exposed in this platform was the “permission-escalation vulnerability”, which allows for an app to be installed without a user approving of the permissions typically required when installing an app. Another vulnerability is called the “Linux kernel privilege escalation” and it allows for an unprivileged application to escalate or gain privileges and full control over a device. The researcher that discovered the aforementioned vulnerabilities, Jon Oberheide, was able to upload an app disguised as “Angry Birds expansion pack” into the Android Market. Once downloaded, without any user knowledge, the application was able to install three additional apps that monitored the phone’s , location information, and text messages. All of the extracted data could then be transmitted to a remote server. Apple Although Apple’s iOS platform is more tightly controlled in comparison to Android, there is still some vulnerability that exists within the platform. One such exposed vulnerability is to an updated version of a tool called sslsniff, which allows users to easily perform man-in-the-middle attacks against SSL/TLS connections. With this tool, hackers can identify vulnerable Apple devices and have the ability to snoop on secure communications. The vulnerability is present in many versions of iOS 4 as well as the newly released iOS 5, and it allows anyone to capture traffic from your iOS device with techniques to read and intercept any and all encrypted SSL traffic silently without notifying the user. Another vulnerability exposed within the iOS platform is in conjunction with the Skype iOS app. With this vulnerability, hackers can use a JavaScript exploit to extract address books from iOS devices. For example, if a user is to open a chat with a malicious person, they can get access to the user’s friend list and do whatever they would like with the information. Framework/SDK Differences

Android Android is programmed primarily in Java on top of a custom VM (virtual machine). The Android object model is distributed and classes are freely invoked between apps and libraries, meaning that there is no sandboxing of applications such as that seen in Apple’s iOS platform. The lack of sandboxing between applications leads to a less secure device. Applications are free to communicate with one another, exchange information and data. Application development is facilitated through a set of tools that are provided with the Android SDK; these tools are accessible with the Eclipse plugin called ADT (Android Development Tools) or from the command line. Development with Eclipse is preferred and encouraged because it allows the developer to directly invoke the tools needed while developing. The steps for developing are as follows: • Set up Android Virtual devices or hardware devices • Create an Android project • Build and run the application • Debug the application with the SDK debugging and logging tools • Test the application with the Testing and Instrumentation framework

Application Licensing The Android market offers a licensing service that lets you enforce licensing policies for paid applications that you publish through the Android market. With Android market licensing, the developer’s applications can query Android market at run time to obtain their licensing status for the current user, then allow or disallow further use as appropriate. The licensing service is a secure means of controlling access to a developer’s applications; when an application checks the licensing status, the Market server signs the licensing status response using a key pair that is uniquely associated with the publisher account. The developer’s application stores the public key in its compiled .apk file and uses it to verify the licensing status response. The Android SDK provides developers with library sources that can be included in their application projects; the License Verification Library (LVL) handles all of the licensing-related communication with the Android market client and licensing service. With the LVL integrated, the developer’s application can determine its licensing status for the current user by simply calling a library checker method and implementing a callback that receives the status. In order for a developer to be able to use licensing for an application, they must register with a publisher account on Android market so they can publish the application to users. Developers can register for a publisher account through their existing Google accounts after agreeing to the terms of service. After the registration process has been completed and a publisher account has been acquired, developers can upload applications at their own convenience, and begin debugging and testing their licensing implementations. Developers can use the publisher account to obtain a public key for licensing, debug and test an application’s licensing implementation (prior to publishing the application), and publish the applications to which they have already added licensing support. Apple iOS Apple’s iOS is developed using the iOS Software Development Kit. The iOS SDK includes iOS, Xcode tools, access to documentation, sample code, and resources needed to develop applications. The SDK and Xcode tools can be used on any Intel-based computer with a current version of Mac OS X. Xcode provides the development environment developers can use to create the application code, compile it, run it, and debug it. Apple’s iOS is based on a variant of the same Mach kernel that is found on Mac OS X, and there are layers of technology services that are used to implement applications on the platform. The layers are divided into four; Cocoa Touch, media, Core Services, and core OS. Core OS and Core Services layers contain the fundamental interfaces for iOS, including those used for accessing , low-level data types, services, network sockets, etc. The layers are mostly C- based and contain technologies such as , CFNetwork, SQLite, and access to POSIX threads and UNIX sockets among others. Moving into the upper layers, such as the media layer, there are more advanced technologies using a mixture of C and Objective-C. The media layer contains the fundamental technologies used to support 2D and 3D drawing, audio, and video. This layer includes C- based technologies such as Open GL ES, , and , along with Core Animation, which is an advanced Objective-C based animation engine. In the Cocoa Touch layer, most of the technologies use Objective-C. Frameworks within this layer provide the fundamental infrastructure used by the developer’s application; foundation framework provides object-oriented support for collections, file management, network operations and more. The UIKit framework provides the visual infrastructure for the application, including classes for windows, views, controls and the controllers that manage those objects. The starting point for any development project is the Cocoa Touch layer and the UIKit framework in particular.

Application Licensing Prior to having apps uploaded and installable on the App Store, developers must wait for approval of the application by Apple. Once Apple determines if the app can be published, it is uploaded to the app store and can be downloaded by any iOS user. Developers have the option of offering free or commercial apps to iTunes customers all over the world; they have the option of picking the price and receive 70% of the revenue generated. Developers that host their applications on the app store are able to get paid monthly and no hosting, credit card, and marketing fees are incurred. Additionally, there are no charges incurred for hosting free apps. Application developers can also create new and additional revenue by leveraging opportunities such as In-App purchases, iAd Rich Media Ads, and the App Store Volume Purchase Program. Publishers can offer custom B2B apps directly to business customers that have a Volume Purchase Program account; a custom B2B app provides a unique, tailored solution to address a specific business need or requirement. Furthermore, Ad Hoc distribution enables developers to share their applications with up to 100 other iPad, iPhone or iPod touch users. Through email or by posting it to a website or a server, users can download and install the developer’s app. For more information on the Apple iOS Enterprise Development program as well as creating in- house apps, please refer to the PaRaBaL document entitled iOS Enterprise Developers Program.

Apple iOS Google Android

Estimated Number of Apps ~500,000 ~200,000

Latest s/w version iOS 5.0.1 Ice Cream Sandwich 3.0

Application Distribution Apple App Store Android Market

SDK iOS Software Development Kit Google Android SDK

Framework C and Objective-C Java and C

Grouped Notifications Notification Center Pull-down Notifications (2008)

Group, multimedia Standard messaging; third- messaging (free within iMessage party apps (Kik, GroupMe) ecosystem) Sharing an original Android Twitter sharing, integration iOS 5, October 2011 feature; status updates via apps Over-the-air updates iOS 5, October 2011 Original feature (2008)

Rich text formatting Mail app Third-party apps

Voice Controls Voice actions; third-party apps

Android vs. Apple iOS Comparison Table