Professional Documents
Culture Documents
One of the big reasons that mobile security is such a major concern for
businesses relates to the emerging use of mobile devices, including personal
employee devices, in corporate systems. A trend called bring your own device
(BYOD) is allowing businesses and their employees to profit from device-
sharing strategies. The downside is the security gap, which is what mobile
security seeks to address.
Some of the biggest issues in mobile security are related to device loss or
device theft. In either case, sensitive corporate information could get into the
wrong hands. Another big element of mobile security is preventing malware on
mobile devices from attacking corporate systems. Yet another significant part
of mobile security involves device data leakage, where mobile device screens
can display information that could be captured by unauthorized parties.
Both start with a kernel, which is pretty much what controls the hardware,
timing, file system, interrupts, drivers, and power management. Android runs
off the Linux kernel, while iOS opted for a BSD-derived kernel called Darwin.
Both are UNIX based.
Next for iOS is the Core OS layer, which has most of the low-level things
needed for abstraction of system functions like OpenCL and disk access.
For Android, it’s the library layer, which has a bit more libraries in it than the
Core OS, like media frameworks, OpenGL, SSL, LibWebCore, and LibC.
Next for iOS is the Core Services layer, which is more like the library layer for
Android, but it’s all Apple made libraries, like Core Data, Core Animation,
WebKit, Address Book, Core Foundation, Social Libraries, and Security.
After that comes the Media layer, which controls all the video, audio, text, and
animations. Pretty much everything that’s displayed on the screen.
Then for Android, there is the Android Runtime, which has the Core Libraries for
Java and the JavaVM. This is pretty much the basis for the Application
Framework, which is a layer we will get to later.
After the Media Layer in iOS comes AppKit. This is the part that brings all the
layers together to be able to function as a whole; this hooks all the libraries and
runtimes together to be able to run iOS apps. Developers use AppKit to be able
to make and run iOS apps. This is the last layer in the iOS architecture.
After the Android Runtime is the Application Framework, which works a lot like
AppKit. This is the layer that brings everything together to be able to be used
by programmers. This is the last layer in Android.
The way that the iOS architecture differs from Android is that iOS is more
customized and programmed for security. This is because Apple uses a custom
BSD-based kernel and programs almost all their libraries from scratch. This is
compared to Android which uses a lot of open-source software instead of
customized software like Apple opted for. This means a lot of it may not even
be needed for your phone and is useless.
Because the way I think about it is having the choice between a super thin
laptop with every part in it built by the same manufacturer or building your own
computer and using off-the-shelf parts, while using a custom case to put it in.
Some people like the laptop because it’s sleek, while others like building their
own because they like how they can change or modify what they have, and
they like how they can participate in creating it, like Android.
OAuth 2.0 is the industry-standard protocol for authorization. OAuth 2.0 focuses
on client developer simplicity while providing specific authorization flows for
web applications, desktop applications, mobile phones, and living room
devices. This specification and its extensions are being developed within the
IETF OAuth Working Group.
FACEBOOK,GOOGLE
USER CLIENT APP
TWITTER etc.
7. authenticating application
returns an access token to the
client application
Answer: Use scapy methods to filter out uninteresting packets. For starters,
let us consider all IPv4/TCP packets as interesting.
def process_pcap(file_name):
print('Opening {}...'.format(file_name))
count = 0
interesting_packet_count = 0
ether_pkt = Ether(pkt_data)
if 'type' not in ether_pkt.fields:
# LLC frames will have 'len' instead of 'type'.
# We disregard those
continue
if ether_pkt.type != 0x0800:
# disregard non-IPv4 packets
continue
ip_pkt = ether_pkt[IP]
if ip_pkt.proto != 6:
# Ignore non-TCP packet
continue
interesting_packet_count += 1