[funsec] Enterprise Readiness of Mobile Platforms (Android, Blackberry, iOS, and Windows Phone security rankings)
noloader at gmail.com
Sun Apr 15 15:09:45 CDT 2012
The criteria and scoring begin at page 16. I suppose the skewed
criteria and scoring makes the difference between iOS and Windows
Item 1.20, “KeyChain” – iOS scored 5.0, WP scored 0. Windows uses the
Data Protection API (DPAPI), which is the equivalent. Linux/Android
has *not* warmed up to the fact that userland needs help in storing
Item 2.10, “Centralized app signing” – iOS scored 2.5, WP scored 0. WP
does use code signing tied to a root. When my company signed up for a
Windows Phone developer account, I had to provide the Articles of
Incorporation before my keys were issued.
I’m not sure what to make of 10.10 “Richness of the API” – WP scored
0, but uses a reduced set of the .Net runtime and Silverlight for the
Windowing. iOS, which scored 2.5 does the same. Ditto for Android with
its reduced Java implementation.
And 12.10, “Federal Information Processing Standard” is laughable.
Apple does not have *anything* that is FIPS validated for iOS (two
platforms are ‘in process” IIRC). At least Microsoft has actually
delivered past validations for Windows Mobile.
I also don't see a "language comparison," when Android and Windows
Phone use managed languages and iOS uses Objective C (NSZombieEnabled
More information about the funsec