funsec mailing list archives
Enterprise Readiness of Mobile Platforms (Android, Blackberry, iOS, and Windows Phone security rankings)
From: Jeffrey Walton <noloader () gmail com>
Date: Sun, 15 Apr 2012 16:09:45 -0400
http://www.trendmicro.com/cloud-content/us/pdfs/business/reports/rpt_enterprise_readiness_consumerization_mobile_platforms.pdf The criteria and scoring begin at page 16. I suppose the skewed criteria and scoring makes the difference between iOS and Windows Phone reporting. Item 1.20, “KeyChain” – iOS scored 5.0, WP scored 0. Windows uses the Data Protection API (DPAPI), which is the equivalent. Linux/Android has *not* warmed up to the fact that userland needs help in storing secrets. Item 2.10, “Centralized app signing” – iOS scored 2.5, WP scored 0. WP does use code signing tied to a root. When my company signed up for a Windows Phone developer account, I had to provide the Articles of Incorporation before my keys were issued. I’m not sure what to make of 10.10 “Richness of the API” – WP scored 0, but uses a reduced set of the .Net runtime and Silverlight for the Windowing. iOS, which scored 2.5 does the same. Ditto for Android with its reduced Java implementation. And 12.10, “Federal Information Processing Standard” is laughable. Apple does not have *anything* that is FIPS validated for iOS (two platforms are ‘in process” IIRC). At least Microsoft has actually delivered past validations for Windows Mobile. I also don't see a "language comparison," when Android and Windows Phone use managed languages and iOS uses Objective C (NSZombieEnabled anyone?). _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Enterprise Readiness of Mobile Platforms (Android, Blackberry, iOS, and Windows Phone security rankings) Jeffrey Walton (Apr 15)