Arsitektur and Security Model Android & iOS (en)

Android Architecture and Security Model

Architecture:
- Linux Kernel: Serving as the foundation, the Linux kernel manages system resources, executes processes, and provides an interface between hardware and other software.
- Android Runtime (ART): Compiles Android applications into native code prior to execution, enhancing performance and efficiency.
- Bionic: A C standard library optimized for mobile devices.
- HAL (Hardware Abstraction Layer): Provides a standard interface to interact with various types of hardware.
- Framework: Provides core components for building Android applications, such as Activity, Service, Content Provider, and Broadcast Receiver.

  ** Applications: The everyday apps we use, built on top of the framework.

Security Model:
- Permission-based: Each app must request user permission to access certain data or features.
- Sandbox: Each app runs in its own sandbox, limiting access to system resources.
- SELinux: Enforces access control policy to enhance system security.
- App Verification: Google Play Protect scans apps for malware and other potential threats.
- Cryptography: Used to secure sensitive data, such as passwords and communications.

Architecture:
- Kernel: Similar to the Linux kernel but specific to iOS devices.
- Darwin: The underlying operating system of iOS, providing core services such as memory, process, and network management.
- Cocoa Touch: A framework providing user interface and core components for building iOS applications.
- Applications: The everyday apps we use, built on top of Cocoa Touch.

Security Model:
- Code signing: Every app must be digitally signed by a trusted developer.
- App Sandbox: Each app runs in its own sandbox, restricting access to files and other system resources.
- Data Protection: User data is encrypted when the device is locked.
- Secure Enclave: A dedicated chip used to store encryption keys and other sensitive data.

Application reverse engineering: Analyzing app code to find vulnerabilities.
SQL Injection: Attacking web applications that do not properly validate user input.
Cross-site scripting (XSS): Injecting malicious scripts into web pages.
Man-in-the-middle attack: Intercepting and modifying communications between a device and a server.
Jailbreaking/rooting: Gaining administrative access to devices to install unofficial apps.
Malware analysis: Analyzing malware that targets mobile devices.
Side-channel attacks: Extracting sensitive information from devices by observing power consumption, electromagnetic radiation, or execution time.
Physical attacks: Physically attacking a device to access data.

Android: Exploiting vulnerabilities in banking apps to steal login information.
iOS: Creating a jailbreak app to install apps unavailable on the App Store.
Android and iOS: Analyzing malware spread through fake apps to steal user data.

Ethical hacking is conducted to identify and fix vulnerabilities before they can be exploited by malicious actors.
Never engage in hacking activities without permission.
Always comply with applicable laws and ethics.