YURY_CHEMERKIN_HackerHalted_2013_Conference.pdf
YuryChemerkin
13 views
52 slides
Jul 18, 2024
Slide 1 of 52
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
About This Presentation
This presentation by Yury Chemerkin at HackerHalted 2013 focuses on mobile device management (MDM) and mobile security. It covers compliance, security, transparency, and the simplification of MDM processes. The document discusses various aspects of mobile security, including secure bootloaders, runt...
Slide Content
MDM and Mobile Security: Compliance, Security,
Transparency, Elaboration, Simplification
YURY CHEMERKIN
HackerHalted2013
Transparency, Elaboration, Simplification
YURY CHEMERKIN
HackerHalted2013
MULTISKILLED SECURITY RESEARCHER, WORKS FOR RUSSIAN COMPANY
EXPERIENCED IN :
REVERSE ENGINEERING & AV, DEVELOPMENT (IN THE PAST)
MOBILE SECURITY, INCL. MDM, MAM, etc.
CYBER SECURITY & CLOUD SECURITY
COMPLIANCE & FORENSICS ON MOBILE & CLOUD
WRITING (STO BLOG, HAKING, PENTEST, eFORENSICSMagazines)
PARTICIPATION AT CONFERENCES:
INFOSECURITY RUSSIA, NULLCON, ATHCON, CONFIDENCE, PHDAYS,
DEFCON MOSCOW, HACKERHALTED, HACKTIVITY, HACKFEST
CYBERCRIME FORUM, CYBER INTELLIGENCE EUROPE/INTELLIGENCE-SEC, DEEPINTEL
ICITST, CTICON (CYBERTIMES), ITA, I-SOCIETY
[ YURY CHEMERKIN ]
www.linkedin.com/in/yurychemerkinhttp://sto-strategy.com [email protected]
EXPERIENCED IN :
REVERSE ENGINEERING & AV, DEVELOPMENT (IN THE PAST)
MOBILE SECURITY, INCL. MDM, MAM, etc.
CYBER SECURITY & CLOUD SECURITY
COMPLIANCE & FORENSICS ON MOBILE & CLOUD
WRITING (STO BLOG, HAKING, PENTEST, eFORENSICSMagazines)
PARTICIPATION AT CONFERENCES:
INFOSECURITY RUSSIA, NULLCON, ATHCON, CONFIDENCE, PHDAYS,
DEFCON MOSCOW, HACKERHALTED, HACKTIVITY, HACKFEST
CYBERCRIME FORUM, CYBER INTELLIGENCE EUROPE/INTELLIGENCE-SEC, DEEPINTEL
ICITST, CTICON (CYBERTIMES), ITA, I-SOCIETY
[ YURY CHEMERKIN ]
www.linkedin.com/in/yurychemerkinhttp://sto-strategy.com [email protected]
[ MOBILE DEVICE MANAGEMENT]
WHAT DO WORKERS WANT… WHAT DO COMPANIES WANT…
WHAT DO WORKERS WANT… WHAT DO COMPANIES WANT…
[ MOBILE DEVICE MANAGEMENT]
WHAT DO THIRD PART Y USUALLY SELL…FIRST CASEWHAT DO THIRD PARTY USUALLY SELL…SECOND
CASE
WHAT DO THIRD PART Y USUALLY SELL…FIRST CASEWHAT DO THIRD PARTY USUALLY SELL…SECOND
CASE
MOBILE DEVICE
MOBILE DEVICE MANAGEMENT SOLUTION
NATIVE / THIRD PARTY SOLUTION
MOBILE APPLICATION MANAGEMENT SOLUTION
EMBEDDED / NATIVE / THIRD PARTY SOLUTION
MOBILE EMAIL MANAGEMENT SOLUTION
NETWORK ACCESS CONTROL SOLUTION
NOT ENOUGH NEW IDEA, BUT QUITE USEFUL IN CLOUDS
ADDITIONAL SOLUTION
AV, LOG MANAGEMENT, DLP-BASED SOLUTION, FORENSICS SOLUTION
COMPLIANCE
GUIDELINES / BEST PRACTICES
[ MOBILE DEVICE MANAGEMENT]
WHAT’S THE REAL DEVICE MANAGEMENT APPROACH INCLUDE…NOT LESS THAN…
MOBILE DEVICE MANAGEMENT SOLUTION
NATIVE / THIRD PARTY SOLUTION
MOBILE APPLICATION MANAGEMENT SOLUTION
EMBEDDED / NATIVE / THIRD PARTY SOLUTION
MOBILE EMAIL MANAGEMENT SOLUTION
NETWORK ACCESS CONTROL SOLUTION
NOT ENOUGH NEW IDEA, BUT QUITE USEFUL IN CLOUDS
ADDITIONAL SOLUTION
AV, LOG MANAGEMENT, DLP-BASED SOLUTION, FORENSICS SOLUTION
COMPLIANCE
GUIDELINES / BEST PRACTICES
[ MOBILE DEVICE MANAGEMENT]
WHAT’S THE REAL DEVICE MANAGEMENT APPROACH INCLUDE…NOT LESS THAN…
APPLEIS SO SERIOUS TO LET MALWARE BE SPREADED THROUGH THEIR MARKET, EXCEPT
Ch. MILLER CASE
JAILBREAK,CYDIA,BLACK&OTHER MARKETS
MICROSOFT(WINDOWS PHONE) HAS IMPLEMENTED THE SAME IDEA
GOOGLEHAS A WEAK POLICY THAT WHY EVERYONE GOT MALWARE IN OFFICAL MARKET EVEN
PLUS 3
RD
PARTY MARKET
PLUS REPACKAGES
BLACKBERRYISTHESAFESTOSBECAUSETHAT'SABOUTTHESIZEOFIT
[ OPINIONS ]
Blackberry Windows iOSAndroid
Ch. MILLER CASE
JAILBREAK,CYDIA,BLACK&OTHER MARKETS
MICROSOFT(WINDOWS PHONE) HAS IMPLEMENTED THE SAME IDEA
GOOGLEHAS A WEAK POLICY THAT WHY EVERYONE GOT MALWARE IN OFFICAL MARKET EVEN
PLUS 3
RD
PARTY MARKET
PLUS REPACKAGES
BLACKBERRYISTHESAFESTOSBECAUSETHAT'SABOUTTHESIZEOFIT
[ OPINIONS ]
Blackberry Windows iOSAndroid
MDM HELPS TO PROTECT DATA AND MANAGE BLACKBERRY, iOS, WINDOWS, AND ANDROID DEVICES.
MDM ENHANCED BY MANAGING THE BEHAVIOR OF THE DEVICE
SECURE BOOTLOADER, SYSTEM SOFTWARE SECURITY (UPDATES),
APPLICATION CODE SIGNING
RUNTIME PROCESS SECURITY (SANDBOX, APIs)
HARDWARE SECURITY FEATURES
FILE DATA PROTECTION
SSL, TLS, VPN
PASSCODE PROTECTION
SETTINGS (PERMISSIONS/ RESTRICTIONS, CONFIGURATIONS)
REMOTE MAGAGEMENT
MDM
REMOTE WIPE
[ SECURITY ENVIRONMENT ]
EACH OS EVALUATES EVERY REQUEST THAT APPLICATION S MAKES TO ACCESS TO…
BUT LEADS AWAY FROM ANY DETAILS AND APIs
MDM ENHANCED BY MANAGING THE BEHAVIOR OF THE DEVICE
SECURE BOOTLOADER, SYSTEM SOFTWARE SECURITY (UPDATES),
APPLICATION CODE SIGNING
RUNTIME PROCESS SECURITY (SANDBOX, APIs)
HARDWARE SECURITY FEATURES
FILE DATA PROTECTION
SSL, TLS, VPN
PASSCODE PROTECTION
SETTINGS (PERMISSIONS/ RESTRICTIONS, CONFIGURATIONS)
REMOTE MAGAGEMENT
MDM
REMOTE WIPE
[ SECURITY ENVIRONMENT ]
EACH OS EVALUATES EVERY REQUEST THAT APPLICATION S MAKES TO ACCESS TO…
BUT LEADS AWAY FROM ANY DETAILS AND APIs
BYPASS MDM SOLUTIONS
iOS, ANDROID
EXPLOITS, DUMP /MEM TO GET EMAILS
BLACKHAT EU’13 http://goo.gl/HN829p
BLACKBERRY PLAYBOOK
EXPLOITS, MITM, DUMP ‘.ALL’ FILES
SECTO’11R, INFILTRATE’12, SOURCE
BOSTON’13 http://goo.gl/KaTtFG
GAIN ROOT ACCESS
ANDROID
APP SIGNATURE EXPLOITATION
APP MODIFICATION
BLACKHAT USA’13 http://goo.gl/p5FhWG
TIME-FRAME TO FIX
7+ MONTH or WAIT FOR A NEXT UPDATE
WAIT FOR A VENDOR’S INTEREST TO YOU
ANALYSIS OF APP’S DATA IN THE REST
BLACKBERRY, iOS
DATA LEAKAGE
REVEAL PASSWORDS, MASTERKEYS, ETC.
BLACKHAT EU’12 http://goo.gl/STpSll
ANDROID
DATA LEAKAGE
WEAKNESS OF CRYPTO ENGINGE
PHDAY III ‘13 http://goo.gl/x1PPGK
[ KNOWN ISSUES. Examples ]
THREATS BOUNDS BECOME UNCLEAR… COMPLIANCE BRINGS COMMON RECOMMENDATIONS
iOS, ANDROID
EXPLOITS, DUMP /MEM TO GET EMAILS
BLACKHAT EU’13 http://goo.gl/HN829p
BLACKBERRY PLAYBOOK
EXPLOITS, MITM, DUMP ‘.ALL’ FILES
SECTO’11R, INFILTRATE’12, SOURCE
BOSTON’13 http://goo.gl/KaTtFG
GAIN ROOT ACCESS
ANDROID
APP SIGNATURE EXPLOITATION
APP MODIFICATION
BLACKHAT USA’13 http://goo.gl/p5FhWG
TIME-FRAME TO FIX
7+ MONTH or WAIT FOR A NEXT UPDATE
WAIT FOR A VENDOR’S INTEREST TO YOU
ANALYSIS OF APP’S DATA IN THE REST
BLACKBERRY, iOS
DATA LEAKAGE
REVEAL PASSWORDS, MASTERKEYS, ETC.
BLACKHAT EU’12 http://goo.gl/STpSll
ANDROID
DATA LEAKAGE
WEAKNESS OF CRYPTO ENGINGE
PHDAY III ‘13 http://goo.gl/x1PPGK
[ KNOWN ISSUES. Examples ]
THREATS BOUNDS BECOME UNCLEAR… COMPLIANCE BRINGS COMMON RECOMMENDATIONS
PLAYBOOK ARTIFACTS (see the previous slide)
BROWSERS HISTORY
NETWORKING IDs, FLAGS, MACs
VIDEO CALLS DETAILS
ACCESS TO INTERNAL NETWORK
KERNEL
BLACKBERRY Z10
DUMP MICROKERNEL
EVEN DEVELOPERS’ CREDENTIALS
(FACEBOOK, MOBILE, EMAILS) BLACKHAT
DEFCON MOSCOW http://goo.gl/R74leX
GUI FAILS (my results)
BLACKBERRY OS
DATA LEAKAGE
REVEAL PASSWORDS, … ANYTHING
NO PERMISSIONS REQUESTED
BORROW PERMISSIONS OF ANOTHER APP
NullCon’13, CONFIDENCE’13
http://goo.gl/phMey2
Haven’t yet test on new blackberry devices
[ KNOWN ISSUES. Examples ]
THREATS BOUNDS BECOME UNCLEAR… COMPLIANCE BRINGS COMMON RECOMMENDATIONS
BROWSERS HISTORY
NETWORKING IDs, FLAGS, MACs
VIDEO CALLS DETAILS
ACCESS TO INTERNAL NETWORK
KERNEL
BLACKBERRY Z10
DUMP MICROKERNEL
EVEN DEVELOPERS’ CREDENTIALS
(FACEBOOK, MOBILE, EMAILS) BLACKHAT
DEFCON MOSCOW http://goo.gl/R74leX
GUI FAILS (my results)
BLACKBERRY OS
DATA LEAKAGE
REVEAL PASSWORDS, … ANYTHING
NO PERMISSIONS REQUESTED
BORROW PERMISSIONS OF ANOTHER APP
NullCon’13, CONFIDENCE’13
http://goo.gl/phMey2
Haven’t yet test on new blackberry devices
[ KNOWN ISSUES. Examples ]
THREATS BOUNDS BECOME UNCLEAR… COMPLIANCE BRINGS COMMON RECOMMENDATIONS
GOALS -MOBILE RESOURCES / AIM OF ATTACK
DEVICE RESOURCES
OUTSIDE-OF-DEVICE RESOURCES
ATTACKS –SET OF ACTIONS UNDER THE THREAT
APIs -RESOURCES WIDELY AVAILABLE TO CODERS
SECURITY FEATURES
KERNEL PROTECTION , NON-APP FEATURES
PERMISSIONS -EXPLICITLY CONFIGURED
3
RD
PARTY
AV, FIREWALL, VPN, MDM
COMPLIANCE -RULES TO DESIGN A MOBILE SECURITY
IN ALIGNMENT WITH COMPLIANCE TO…
[ DEVICE MANAGEMENT ]
APPLICATION LEVEL ATTACK’S VECTORAV, MDM,
DLP, VPN
Goals
Attacks
APIs
APIs
Permissions
Kernel
protection
Non-app
features
MDM features
DEVICE RESOURCES
OUTSIDE-OF-DEVICE RESOURCES
ATTACKS –SET OF ACTIONS UNDER THE THREAT
APIs -RESOURCES WIDELY AVAILABLE TO CODERS
SECURITY FEATURES
KERNEL PROTECTION , NON-APP FEATURES
PERMISSIONS -EXPLICITLY CONFIGURED
3
RD
PARTY
AV, FIREWALL, VPN, MDM
COMPLIANCE -RULES TO DESIGN A MOBILE SECURITY
IN ALIGNMENT WITH COMPLIANCE TO…
[ DEVICE MANAGEMENT ]
APPLICATION LEVEL ATTACK’S VECTORAV, MDM,
DLP, VPN
Goals
Attacks
APIs
APIs
Permissions
Kernel
protection
Non-app
features
MDM features
�=�∪�∪�∪??????, �⊂�, ??????⊆�, ??????⊂??????
�–set of OS permissions, �–set of device permissions, �–set
of MDM permissions, �–set of missed permissions (lack of
controls), ??????–set of rules are explicitly should be applied to gain
a compliance
�=�+�, �⊃�∪�
�–set of APIs , �–set of APIs that interact with sensitive data,
�–set of APIs that do not interact with sensitive data
To get a mobile security designed with full granularity the set�
should be empty set to get �⊇�∪�instead of �⊃�∪�, so
the matter how is it closer to empty. On another hand it should
find out whether assumptions ??????⊆�, ??????⊂??????are true and if it is
possible to get ⊆??????.
Set of permissions < Set of activities efficiency is
typical case < 100%,
ability to control each API = 100%
More than 1 permission per APIs >100%
lack of knowledge about possible attacks
improper granularity
[ DEVICE MANAGEMENT ]
Concurrency over native & additional security featuresThe situation is very serious MDM features
AV, MDM, DLP,
VPN
Non-app features
Permissions
Kernel protection
�–set of OS permissions, �–set of device permissions, �–set
of MDM permissions, �–set of missed permissions (lack of
controls), ??????–set of rules are explicitly should be applied to gain
a compliance
�=�+�, �⊃�∪�
�–set of APIs , �–set of APIs that interact with sensitive data,
�–set of APIs that do not interact with sensitive data
To get a mobile security designed with full granularity the set�
should be empty set to get �⊇�∪�instead of �⊃�∪�, so
the matter how is it closer to empty. On another hand it should
find out whether assumptions ??????⊆�, ??????⊂??????are true and if it is
possible to get ⊆??????.
Set of permissions < Set of activities efficiency is
typical case < 100%,
ability to control each API = 100%
More than 1 permission per APIs >100%
lack of knowledge about possible attacks
improper granularity
[ DEVICE MANAGEMENT ]
Concurrency over native & additional security featuresThe situation is very serious MDM features
AV, MDM, DLP,
VPN
Non-app features
Permissions
Kernel protection
[ BLACKBERRY. PERMISSIONS ]
BB 10 Cascades SDK BB 10 AIR SDK PB (NDK/AIR)
Background processing + +
BlackBerry Messenger - -
Calendar, Contacts + via invoke calls
Camera + +
Device identifying information + +
Email and PIN messages + via invoke calls
GPS location + +
Internet + +
Location + -
Microphone + +
Narrow swipe up - +
Notebooks + -
Notifications + +
Player - +
Phone + -
Push + -
Shared files + +
Text messages + -
Volume - +
BB 10 Cascades SDK BB 10 AIR SDK PB (NDK/AIR)
Background processing + +
BlackBerry Messenger - -
Calendar, Contacts + via invoke calls
Camera + +
Device identifying information + +
Email and PIN messages + via invoke calls
GPS location + +
Internet + +
Location + -
Microphone + +
Narrow swipe up - +
Notebooks + -
Notifications + +
Player - +
Phone + -
Push + -
Shared files + +
Text messages + -
Volume - +
[ BLACKBERRY. Significant APIs ]
Feature Q.APIs Q.sign.APIs % (sign .APIs) Controlled ?
BlackBerryMessenger 77 70 90,91 +
Calendar 443 126 28,44 +
Camera 47 41 87,23 +
Contacts 316 150 47,47 +
Deviceidentifyinginfo 15 14 93,33 +
Email&PINmessages 347 211 60,81 +
Internet 161 145 90,06 +
Microphone 21 15 71,43 +
Notebooks 123 86 69,92 +
Notifications 32 24 75,00 +
Phone 27 22 81,48 +
Push 25 22 88,00 +
Sharedfiles 78 70 89,74 +
Textmessages 10 6 60,00 +
Account 66 21 31,82 -
MediaPlayer 66 63 95,45 -
NFC 24 11 45,83 -
Radio&SIM 68 51 75,00 -
Clipboard 6 4 66,67 -
Feature Q.APIs Q.sign.APIs % (sign .APIs) Controlled ?
BlackBerryMessenger 77 70 90,91 +
Calendar 443 126 28,44 +
Camera 47 41 87,23 +
Contacts 316 150 47,47 +
Deviceidentifyinginfo 15 14 93,33 +
Email&PINmessages 347 211 60,81 +
Internet 161 145 90,06 +
Microphone 21 15 71,43 +
Notebooks 123 86 69,92 +
Notifications 32 24 75,00 +
Phone 27 22 81,48 +
Push 25 22 88,00 +
Sharedfiles 78 70 89,74 +
Textmessages 10 6 60,00 +
Account 66 21 31,82 -
MediaPlayer 66 63 95,45 -
NFC 24 11 45,83 -
Radio&SIM 68 51 75,00 -
Clipboard 6 4 66,67 -
[ BLACKBERRY. Common activities ]
6
21
5
34
7
18
6
3
17
3
4
2
44
8
3
4
2
14
1
4
3
2
111
222
1111
4
1
2
5
1
0
5
10
15
20
25
30
35
Q. of m.+a. activityQ. of m.+a. permission
6
21
5
34
7
18
6
3
17
3
4
2
44
8
3
4
2
14
1
4
3
2
111
222
1111
4
1
2
5
1
0
5
10
15
20
25
30
35
Q. of m.+a. activityQ. of m.+a. permission
[ BLACKBERRY. Derived activities ]
6
116
24
59
7
89
16
23
47
3
11
3
19
46
9
2425
2
27
1
4331312221211
8
12
5
10
20
40
60
80
100
120
Q. of derived activitiesQ. of derived perm
6
116
24
59
7
89
16
23
47
3
11
3
19
46
9
2425
2
27
1
4331312221211
8
12
5
10
20
40
60
80
100
120
Q. of derived activitiesQ. of derived perm
[ BLACKBERRY. Efficiency (%) ]
16.67
19.05
60.00
5.88
14.29
5.56
16.67
66.67
11.76
66.67
25.00
50.00
25.0025.00
50.00
33.33
50.00
250.00
7.14
16.67
3.45
12.50
5.08
14.29
3.37
6.25
8.70
4.26
66.67
9.09
66.67
5.26
2.17
88.89
4.17
8.00
250.00
3.70
0.00
50.00
100.00
150.00
200.00
250.00
% m+a activity vs perm% m+a derived activity vs perm
16.67
19.05
60.00
5.88
14.29
5.56
16.67
66.67
11.76
66.67
25.00
50.00
25.0025.00
50.00
33.33
50.00
250.00
7.14
16.67
3.45
12.50
5.08
14.29
3.37
6.25
8.70
4.26
66.67
9.09
66.67
5.26
2.17
88.89
4.17
8.00
250.00
3.70
0.00
50.00
100.00
150.00
200.00
250.00
% m+a activity vs perm% m+a derived activity vs perm
[ iOS. Info.plist(app capabilities) ]
Key Description
auto-focus-camera handleautofocuscapabilitiesinthedevice’sstillcameraincaseofamacrophotographyorimageprocessing.
bluetooth-le handlethepresenceofBluetoothlow-energyhardwareonthedevice.
camera-flash handleacameraflashfortakingpicturesorshootingvideo.
front-facing-camera handleaforward-facingcamerasuchascapturingvideofromthedevice’scamera.
gamekit handleaGameCenter.
gps handleaGPS(orAGPS)hardwaretotrackalocationsincaseofneedthehigheraccuracymorethanCellular/Wi-Fi.
location-services retrievethedevice’scurrentlocationusingtheCoreLocationframeworkthoughCellular/Wi-Fi
microphone handlethebuilt-inmicrophoneanditsaccessories
peer-peer handlepeer-to-peerconnectivityoveraBluetoothnetwork.
sms handlethepresenceoftheMessagesapplicationsuchasopeningURLswiththesmsscheme.
still-camera handlethepresenceofacameraonthedevicesuchascapturingimagesfromthedevice’sstillcamera.
telephony handlethepresenceofthePhoneapplicationsuchasopeningURLswiththetelephonyscheme.
video-camera handlethepresenceofacamerawithvideocapabilitiesondevicesuchascapturingvideofromthedevice’scamera.
wifi accesstothenetworkingfeaturesofthedevice.
Key Description
auto-focus-camera handleautofocuscapabilitiesinthedevice’sstillcameraincaseofamacrophotographyorimageprocessing.
bluetooth-le handlethepresenceofBluetoothlow-energyhardwareonthedevice.
camera-flash handleacameraflashfortakingpicturesorshootingvideo.
front-facing-camera handleaforward-facingcamerasuchascapturingvideofromthedevice’scamera.
gamekit handleaGameCenter.
gps handleaGPS(orAGPS)hardwaretotrackalocationsincaseofneedthehigheraccuracymorethanCellular/Wi-Fi.
location-services retrievethedevice’scurrentlocationusingtheCoreLocationframeworkthoughCellular/Wi-Fi
microphone handlethebuilt-inmicrophoneanditsaccessories
peer-peer handlepeer-to-peerconnectivityoveraBluetoothnetwork.
sms handlethepresenceoftheMessagesapplicationsuchasopeningURLswiththesmsscheme.
still-camera handlethepresenceofacameraonthedevicesuchascapturingimagesfromthedevice’sstillcamera.
telephony handlethepresenceofthePhoneapplicationsuchasopeningURLswiththetelephonyscheme.
video-camera handlethepresenceofacamerawithvideocapabilitiesondevicesuchascapturingvideofromthedevice’scamera.
wifi accesstothenetworkingfeaturesofthedevice.
[ iOS. Settings ]
Component Unit
Restrictions :: Native application
Safari
Camera, FaceTime
iTunes Store, iBookstore
Siri
Manage applications*
Restrictions :: 3
rd
application
Manage applications*
Explicit Language (Siri)
Privacy*, Accounts*
Content Type Restrictions*
Unit subcomponents
Privacy :: Location
Per each 3
rd
party app
For system services
Privacy :: Private Info
Contacts, Calendar, Reminders, Photos
Bluetooth Sharing
Twitter, Facebook
Accounts
Disables changes to Mail, Contacts, Calendars, iCloud, and Twitter accounts
Find My Friends
Volume limit
Content Type Restrictions
Ratings per country and region
Music and podcasts
Movies, Books, Apps, TV shows
In-app purchases
Require Passwords (in-app purchases)
Game Center
Multiplayer Games
Adding Friends (Game Center)
Manage applications
Installing Apps
Removing Apps
Component Unit
Restrictions :: Native application
Safari
Camera, FaceTime
iTunes Store, iBookstore
Siri
Manage applications*
Restrictions :: 3
rd
application
Manage applications*
Explicit Language (Siri)
Privacy*, Accounts*
Content Type Restrictions*
Unit subcomponents
Privacy :: Location
Per each 3
rd
party app
For system services
Privacy :: Private Info
Contacts, Calendar, Reminders, Photos
Bluetooth Sharing
Twitter, Facebook
Accounts
Disables changes to Mail, Contacts, Calendars, iCloud, and Twitter accounts
Find My Friends
Volume limit
Content Type Restrictions
Ratings per country and region
Music and podcasts
Movies, Books, Apps, TV shows
In-app purchases
Require Passwords (in-app purchases)
Game Center
Multiplayer Games
Adding Friends (Game Center)
Manage applications
Installing Apps
Removing Apps
[ iOS. Common activities ]
5
12
3 3
8
13
2
10
2
6
10
3
17
10
0
2
0
0
0
1
0
0
1
1
0
0
1
3
1
3
1
0
0
1
0
0
1
1
0
1
2
4
0
2
4
6
8
10
12
14
16
18
20
Q. of m.+a. activityQ. of m.+a. permission Q. of m.+a. perm plus parental perm
5
12
3 3
8
13
2
10
2
6
10
3
17
10
0
2
0
0
0
1
0
0
1
1
0
0
1
3
1
3
1
0
0
1
0
0
1
1
0
1
2
4
0
2
4
6
8
10
12
14
16
18
20
Q. of m.+a. activityQ. of m.+a. permission Q. of m.+a. perm plus parental perm
[ iOS. Derived activities ]
9
20
13
13
9
18 12
10 2 10
10 6
25
82
0
2
0
0
0
1
0
0
1 1
0
0
1
3
1
3
1
0
0
1
0
0 1 1
0
1
2
4
0
10
20
30
40
50
60
70
80
Q. of derived activitiesQ. of derived perm Q. of derived perm + plus parental perm
9
20
13
13
9
18 12
10 2 10
10 6
25
82
0
2
0
0
0
1
0
0
1 1
0
0
1
3
1
3
1
0
0
1
0
0 1 1
0
1
2
4
0
10
20
30
40
50
60
70
80
Q. of derived activitiesQ. of derived perm Q. of derived perm + plus parental perm
[ iOS. Efficiency (%) ]
0.00
16.67
0.000.00
0.00
7.69
0.00
0.00
50.00
16.67
0.00
0.00
5.88
30.00
0.00
10.00
0.00
0.00
0.00
5.56
0.00
0.00
50.00
10.00
0.00
0.00
4.00
3.66
20.00
25.00
33.33
0.00
0.00
7.69
0.00
0.00
50.0016.67
0.00
33.33
11.76
40.00
11.11
15.00
7.69
0.00
0.00
5.56
0.00
0.00
50.0010.00
0.00
16.67
8.00
4.88
0%
10%
20%
30%
40%
50%
60%
70%
80%
90%
100%
% m+a activity vs perm% m+a derived activity vs permQ. of m.+a. perm plus parental permQ. of derived perm + plus parental perm
0.00
16.67
0.000.00
0.00
7.69
0.00
0.00
50.00
16.67
0.00
0.00
5.88
30.00
0.00
10.00
0.00
0.00
0.00
5.56
0.00
0.00
50.00
10.00
0.00
0.00
4.00
3.66
20.00
25.00
33.33
0.00
0.00
7.69
0.00
0.00
50.0016.67
0.00
33.33
11.76
40.00
11.11
15.00
7.69
0.00
0.00
5.56
0.00
0.00
50.0010.00
0.00
16.67
8.00
4.88
0%
10%
20%
30%
40%
50%
60%
70%
80%
90%
100%
% m+a activity vs perm% m+a derived activity vs permQ. of m.+a. perm plus parental permQ. of derived perm + plus parental perm
[ Windows. Permissions ]
Permission Description
General use capabilities
musicLibrary provides access to the user's Music library, allowing the app to enumerate and access all files w/o user interaction.
picturesLibrary provides access to the user's Pictures library, allowing to enumerate and access all files w/o user interaction.
videosLibrary provides access to the user's Videos library, allowing the app to enumerate and access all w/o user interaction.
removableStorage provides access to files on removable storage, such as USB keys and external hard drives, filtered to the file type
microphone provides access to the microphone’s audio feed, which allows to record audio from connected microphones..
webcam provides access to the webcam’s video feed, which allows to capture snapshots, movies from a connected webcam.
location provides access to location functionality like a GPS sensor or derived from available network info.
proximity
enables multiple devices in close proximity to communicate with one another via possible connection, incl.
Bluetooth, WiFi, and the internet.
internetClient,
internetClientServer
provides outbound (inbound is for server only) access to the Internet, public networks via the firewall.
privateNetworkClientServer
provides inbound and outbound access to home and work networks through the firewall for games or for
applications that share data across local devices.
Special use capabilities
enterpriseAuthentication
enable a user to log into remote resources using their credentials, and act as if a user provided their user name and
password.
sharedUserCertificates enables an access to software and hardware certificates like smart card.
documentsLibrary provides access to the user's Documents library, filtered to the file type associations
Permission Description
General use capabilities
musicLibrary provides access to the user's Music library, allowing the app to enumerate and access all files w/o user interaction.
picturesLibrary provides access to the user's Pictures library, allowing to enumerate and access all files w/o user interaction.
videosLibrary provides access to the user's Videos library, allowing the app to enumerate and access all w/o user interaction.
removableStorage provides access to files on removable storage, such as USB keys and external hard drives, filtered to the file type
microphone provides access to the microphone’s audio feed, which allows to record audio from connected microphones..
webcam provides access to the webcam’s video feed, which allows to capture snapshots, movies from a connected webcam.
location provides access to location functionality like a GPS sensor or derived from available network info.
proximity
enables multiple devices in close proximity to communicate with one another via possible connection, incl.
Bluetooth, WiFi, and the internet.
internetClient,
internetClientServer
provides outbound (inbound is for server only) access to the Internet, public networks via the firewall.
privateNetworkClientServer
provides inbound and outbound access to home and work networks through the firewall for games or for
applications that share data across local devices.
Special use capabilities
enterpriseAuthentication
enable a user to log into remote resources using their credentials, and act as if a user provided their user name and
password.
sharedUserCertificates enables an access to software and hardware certificates like smart card.
documentsLibrary provides access to the user's Documents library, filtered to the file type associations
[ Windows. Significant APIs ]
Feature Q.APIs Q.sign.APIs %(sign.APIs) Controlled?
General use capabilities
Notifications 68 4 5,88 +
Musiclibrary 1300 138 10,62 +
Pictureslibrary 1157 133 11,50 +
Videoslibrary 1300 138 10,62 +
Removablestorage 1045 109 10,43 +
Microphone 274 33 12,04 +
Webcam 409 91 22,25 +
Location 37 5 13,51 +
Proximity 54 19 35,19 +
Internetandpublicnetworks 488 134 27,46 +
Homeandworknetworks 488 134 27,46 +
Special use capabilities
Enterpriseauthentication 8 4 50,00 +
SharedUserCertificates 20 5 25,00 +
Documentslibrary 1045 126 12,06 +
Non-controlled capabilities
Clipboard 132 20 15,15 -
Phone 18 6 33,33 -
SMS 122 25 20,49 -
Contacts 97 31 31,96 -
DeviceInfo 221 30 13,57 -
Feature Q.APIs Q.sign.APIs %(sign.APIs) Controlled?
General use capabilities
Notifications 68 4 5,88 +
Musiclibrary 1300 138 10,62 +
Pictureslibrary 1157 133 11,50 +
Videoslibrary 1300 138 10,62 +
Removablestorage 1045 109 10,43 +
Microphone 274 33 12,04 +
Webcam 409 91 22,25 +
Location 37 5 13,51 +
Proximity 54 19 35,19 +
Internetandpublicnetworks 488 134 27,46 +
Homeandworknetworks 488 134 27,46 +
Special use capabilities
Enterpriseauthentication 8 4 50,00 +
SharedUserCertificates 20 5 25,00 +
Documentslibrary 1045 126 12,06 +
Non-controlled capabilities
Clipboard 132 20 15,15 -
Phone 18 6 33,33 -
SMS 122 25 20,49 -
Contacts 97 31 31,96 -
DeviceInfo 221 30 13,57 -
[ Windows. Common Activities ]
11
3
11
3
5
3
6
14
4
3
4
2
3
88
1
2
11111
3
6
11
2
5
1
22
000000
2
4
6
8
10
12
14
Q. of m.+a. activityQ. of m.+a. permission
11
3
11
3
5
3
6
14
4
3
4
2
3
88
1
2
11111
3
6
11
2
5
1
22
000000
2
4
6
8
10
12
14
Q. of m.+a. activityQ. of m.+a. permission
[ Windows. Derived Activities ]
1
8
10
8
5
11
14
3
7
21
16
6
1212
8
15
11
88
1
222
1
3
6
11
2
5
1
22
000000
5
10
15
20
25
Q. of derived activitiesQ. of derived perm
1
8
10
8
5
11
14
3
7
21
16
6
1212
8
15
11
88
1
222
1
3
6
11
2
5
1
22
000000
5
10
15
20
25
Q. of derived activitiesQ. of derived perm
[ Windows. Efficiency (%) ]
100.00
100.00
33.33
100.00
100.00
100.00
120.00
33.33
16.6714.29
125.00
33.33
50.00
100.00
0.000.00
0.00
0.000.00
100.00
25.00
20.00
25.0020.00
27.27
42.86
33.33
14.29
9.52
31.25
16.6716.67
16.67
0.000.000.000.000.00
0.00
20.00
40.00
60.00
80.00
100.00
120.00
% m+a activity vs perm% m+a derived activity vs perm
100.00
100.00
33.33
100.00
100.00
100.00
120.00
33.33
16.6714.29
125.00
33.33
50.00
100.00
0.000.00
0.00
0.000.00
100.00
25.00
20.00
25.0020.00
27.27
42.86
33.33
14.29
9.52
31.25
16.6716.67
16.67
0.000.000.000.000.00
0.00
20.00
40.00
60.00
80.00
100.00
120.00
% m+a activity vs perm% m+a derived activity vs perm
ACCESS_CHECKIN_PROPERTIES,ACCESS_COARSE_LOCATION,
ACCESS_FINE_LOCATION,ACCESS_LOCATION_EXTRA_COMM
ANDS,ACCESS_MOCK_LOCATION,ACCESS_NETWORK_STATE,
ACCESS_SURFACE_FLINGER,ACCESS_WIFI_STATE,ACCOUNT_
MANAGER,ADD_VOICEMAIL,AUTHENTICATE_ACCOUNTS,BAT
TERY_STATS,BIND_ACCESSIBILITY_SERVICE,BIND_APPWIDGET
,BIND_DEVICE_ADMIN,BIND_INPUT_METHOD,BIND_REMOTE
VIEWS,BIND_TEXT_SERVICE,BIND_VPN_SERVICE,BIND_WALL
PAPER,BLUETOOTH,BLUETOOTH_ADMIN,BRICK,BROADCAST_
PACKAGE_REMOVED,BROADCAST_SMS,BROADCAST_STICKY,
BROADCAST_WAP_PUSH,CALL_PHONE,CALL_PRIVILEGED,CA
MERA,CHANGE_COMPONENT_ENABLED_STATE,CHANGE_CO
NFIGURATION,CHANGE_NETWORK_STATE,CHANGE_WIFI_M
ULTICAST_STATE,CHANGE_WIFI_STATE,CLEAR_APP_CACHE,C
LEAR_APP_USER_DATA,CONTROL_LOCATION_UPDATES,DELE
TE_CACHE_FILES,DELETE_PACKAGES,DEVICE_POWER,DIAGN
OSTIC,DISABLE_KEYGUARD,DUMP,EXPAND_STATUS_BAR,FAC
TORY_TEST,FLASHLIGHT,FORCE_BACK,GET_ACCOUNTS,GET_
PACKAGE_SIZE,GET_TASKS,GLOBAL_SEARCH,HARDWARE_TE
ST,INJECT_EVENTS,INSTALL_LOCATION_PROVIDER,INSTALL_P
ACKAGES,INTERNAL_SYSTEM_WINDOW,INTERNET,KILL_BACK
GROUND_PROCESSES,MANAGE_ACCOUNTS,MANAGE_APP_T
OKENS,MASTER_CLEAR,MODIFY_AUDIO_SETTINGS,MODIFY_
PHONE_STATE,MOUNT_FORMAT_FILESYSTEMS,MOUNT_UN
MOUNT_FILESYSTEMS,NFC,PERSISTENT_ACTIVITY,PROCESS_
OUTGOING_CALLS,READ_CALENDAR,READ_CALL_LOG,READ_
CONTACTS,READ_EXTERNAL_STORAGE,READ_FRAME_BUFFE
R,READ_HISTORY_BOOKMARKS,READ_INPUT_STATE,READ_L
OGS,READ_PHONE_STATE,READ_PROFILE,READ_SMS,READ_
SOCIAL_STREAM,READ_SYNC_SETTINGS,READ_SYNC_STATS,
READ_USER_DICTIONARY,REBOOT,RECEIVE_BOOT_COMPLET
ED,RECEIVE_MMS,RECEIVE_SMS,RECEIVE_WAP_PUSH,RECO
RD_AUDIO,REORDER_TASKS,RESTART_PACKAGES,SEND_SMS
,SET_ACTIVITY_WATCHER,SET_ALARM,SET_ALWAYS_FINISH,
SET_ANIMATION_SCALE,SET_DEBUG_APP,SET_ORIENTATION
,SET_POINTER_SPEED,SET_PREFERRED_APPLICATIONS,SET_P
ROCESS_LIMIT,SET_TIME,SET_TIME_ZONE,SET_WALLPAPER,S
ET_WALLPAPER_HINTS,SIGNAL_PERSISTENT_PROCESSES,STA
TUS_BAR,SUBSCRIBED_FEEDS_READ,SUBSCRIBED_FEEDS_WR
ITE,SYSTEM_ALERT_WINDOW,UPDATE_DEVICE_STATS,USE_C
REDENTIALS,USE_SIP,VIBRATE,WAKE_LOCK,WRITE_APN_SET
TINGS,WRITE_CALENDAR,WRITE_CALL_LOG,WRITE_CONTAC
TS,WRITE_EXTERNAL_STORAGE,WRITE_GSERVICES,WRITE_HI
STORY_BOOKMARKS,WRITE_PROFILE,WRITE_SECURE_SETTIN
GS,WRITE_SETTINGS,WRITE_SMS,WRITE_SOCIAL_STREAM,W
RITE_SYNC_SETTINGS,WRITE_USER_DICTIONARY,
[ A droid. Permissions ]
List contains ~150 permissionsI have ever seen that on old BlackBerry devices
ACCESS_FINE_LOCATION,ACCESS_LOCATION_EXTRA_COMM
ANDS,ACCESS_MOCK_LOCATION,ACCESS_NETWORK_STATE,
ACCESS_SURFACE_FLINGER,ACCESS_WIFI_STATE,ACCOUNT_
MANAGER,ADD_VOICEMAIL,AUTHENTICATE_ACCOUNTS,BAT
TERY_STATS,BIND_ACCESSIBILITY_SERVICE,BIND_APPWIDGET
,BIND_DEVICE_ADMIN,BIND_INPUT_METHOD,BIND_REMOTE
VIEWS,BIND_TEXT_SERVICE,BIND_VPN_SERVICE,BIND_WALL
PAPER,BLUETOOTH,BLUETOOTH_ADMIN,BRICK,BROADCAST_
PACKAGE_REMOVED,BROADCAST_SMS,BROADCAST_STICKY,
BROADCAST_WAP_PUSH,CALL_PHONE,CALL_PRIVILEGED,CA
MERA,CHANGE_COMPONENT_ENABLED_STATE,CHANGE_CO
NFIGURATION,CHANGE_NETWORK_STATE,CHANGE_WIFI_M
ULTICAST_STATE,CHANGE_WIFI_STATE,CLEAR_APP_CACHE,C
LEAR_APP_USER_DATA,CONTROL_LOCATION_UPDATES,DELE
TE_CACHE_FILES,DELETE_PACKAGES,DEVICE_POWER,DIAGN
OSTIC,DISABLE_KEYGUARD,DUMP,EXPAND_STATUS_BAR,FAC
TORY_TEST,FLASHLIGHT,FORCE_BACK,GET_ACCOUNTS,GET_
PACKAGE_SIZE,GET_TASKS,GLOBAL_SEARCH,HARDWARE_TE
ST,INJECT_EVENTS,INSTALL_LOCATION_PROVIDER,INSTALL_P
ACKAGES,INTERNAL_SYSTEM_WINDOW,INTERNET,KILL_BACK
GROUND_PROCESSES,MANAGE_ACCOUNTS,MANAGE_APP_T
OKENS,MASTER_CLEAR,MODIFY_AUDIO_SETTINGS,MODIFY_
PHONE_STATE,MOUNT_FORMAT_FILESYSTEMS,MOUNT_UN
MOUNT_FILESYSTEMS,NFC,PERSISTENT_ACTIVITY,PROCESS_
OUTGOING_CALLS,READ_CALENDAR,READ_CALL_LOG,READ_
CONTACTS,READ_EXTERNAL_STORAGE,READ_FRAME_BUFFE
R,READ_HISTORY_BOOKMARKS,READ_INPUT_STATE,READ_L
OGS,READ_PHONE_STATE,READ_PROFILE,READ_SMS,READ_
SOCIAL_STREAM,READ_SYNC_SETTINGS,READ_SYNC_STATS,
READ_USER_DICTIONARY,REBOOT,RECEIVE_BOOT_COMPLET
ED,RECEIVE_MMS,RECEIVE_SMS,RECEIVE_WAP_PUSH,RECO
RD_AUDIO,REORDER_TASKS,RESTART_PACKAGES,SEND_SMS
,SET_ACTIVITY_WATCHER,SET_ALARM,SET_ALWAYS_FINISH,
SET_ANIMATION_SCALE,SET_DEBUG_APP,SET_ORIENTATION
,SET_POINTER_SPEED,SET_PREFERRED_APPLICATIONS,SET_P
ROCESS_LIMIT,SET_TIME,SET_TIME_ZONE,SET_WALLPAPER,S
ET_WALLPAPER_HINTS,SIGNAL_PERSISTENT_PROCESSES,STA
TUS_BAR,SUBSCRIBED_FEEDS_READ,SUBSCRIBED_FEEDS_WR
ITE,SYSTEM_ALERT_WINDOW,UPDATE_DEVICE_STATS,USE_C
REDENTIALS,USE_SIP,VIBRATE,WAKE_LOCK,WRITE_APN_SET
TINGS,WRITE_CALENDAR,WRITE_CALL_LOG,WRITE_CONTAC
TS,WRITE_EXTERNAL_STORAGE,WRITE_GSERVICES,WRITE_HI
STORY_BOOKMARKS,WRITE_PROFILE,WRITE_SECURE_SETTIN
GS,WRITE_SETTINGS,WRITE_SMS,WRITE_SOCIAL_STREAM,W
RITE_SYNC_SETTINGS,WRITE_USER_DICTIONARY,
[ A droid. Permissions ]
List contains ~150 permissionsI have ever seen that on old BlackBerry devices
ACCOUNTS
AFFECTS_BATTERY
APP_INFO
AUDIO_SETTINGS
BLUETOOTH_NETWORK
BOOKMARKS
CALENDAR
CAMERA
COST_MONEY
DEVELOPMENT_TOOLS
DEVICE_ALARMS
DISPLAY
HARDWARE_CONTROLS
LOCATION
MESSAGES
MICROPHONE
NETWORK
PERSONAL_INFO
PHONE_CALLS
SCREENLOCK
SOCIAL_INFO
STATUS_BAR
STORAGE
SYNC_SETTINGS
SYSTEM_CLOCK
SYSTEM_TOOLS
USER_DICTIONARY
VOICEMAIL
WALLPAPER
WRITE_USER_DICTIONARY
[ A droid. Permission Groups ]
But there only 30 permissions groupsI have ever seen that on old BlackBerry devices too
AFFECTS_BATTERY
APP_INFO
AUDIO_SETTINGS
BLUETOOTH_NETWORK
BOOKMARKS
CALENDAR
CAMERA
COST_MONEY
DEVELOPMENT_TOOLS
DEVICE_ALARMS
DISPLAY
HARDWARE_CONTROLS
LOCATION
MESSAGES
MICROPHONE
NETWORK
PERSONAL_INFO
PHONE_CALLS
SCREENLOCK
SOCIAL_INFO
STATUS_BAR
STORAGE
SYNC_SETTINGS
SYSTEM_CLOCK
SYSTEM_TOOLS
USER_DICTIONARY
VOICEMAIL
WALLPAPER
WRITE_USER_DICTIONARY
[ A droid. Permission Groups ]
But there only 30 permissions groupsI have ever seen that on old BlackBerry devices too
[ A droid. Efficiency (%) ]
20.00
15.38
28.57
9.52
33.33
25.00
2.00
20.00
8.33
7.14
4.00
10.00
5.88
20.00
15.38
0.000.00
10.71
0.00
2.91
0.00
4.55
7.14
3.13
0.00
3.13
0.00
5.00
10.00
15.00
20.00
25.00
30.00
35.00
40.00
45.00
50.00
% m+a activity vs perm% m+a derived activity vs perm
20.00
15.38
28.57
9.52
33.33
25.00
2.00
20.00
8.33
7.14
4.00
10.00
5.88
20.00
15.38
0.000.00
10.71
0.00
2.91
0.00
4.55
7.14
3.13
0.00
3.13
0.00
5.00
10.00
15.00
20.00
25.00
30.00
35.00
40.00
45.00
50.00
% m+a activity vs perm% m+a derived activity vs perm
[ Average quantitative indicators ]
394.86
67.48
9.23
32.48
2.01 2.19
38.4
27.6
38.4
27.6
435.95
62.37
3.84
9.68
1.47
1.63
54 20.97
58.06 22.76
119.31
60.38
7.43 17.07
0.64
0.69
9.06
5.94
16.99
9.21
102.74
60.63
8.86
29.26 1.89
2.32
42.04
30.48
48.06
32.79
0%
10%
20%
30%
40%
50%
60%
70%
80%
90%
100%
Q. APIs Q. sign APIsQ. of m.+a.
activities
Q. of derived
activities
Q. of m.+a.
permissions
Q. of derived
permissions
% m+a activities
vs perm
%m+a derived vs
perm
% m+a vs perm
enhanced by
MDM
% derived vs
perm enhanced
by MDM
AndroidWindows iOSBlackBerry
394.86
67.48
9.23
32.48
2.01 2.19
38.4
27.6
38.4
27.6
435.95
62.37
3.84
9.68
1.47
1.63
54 20.97
58.06 22.76
119.31
60.38
7.43 17.07
0.64
0.69
9.06
5.94
16.99
9.21
102.74
60.63
8.86
29.26 1.89
2.32
42.04
30.48
48.06
32.79
0%
10%
20%
30%
40%
50%
60%
70%
80%
90%
100%
Q. APIs Q. sign APIsQ. of m.+a.
activities
Q. of derived
activities
Q. of m.+a.
permissions
Q. of derived
permissions
% m+a activities
vs perm
%m+a derived vs
perm
% m+a vs perm
enhanced by
MDM
% derived vs
perm enhanced
by MDM
AndroidWindows iOSBlackBerry
CAMERA AND VIDEO
HIDE THE DEFAULT CAMERA APPLICATION
PASSWORD
DEFINE PASSWORD PROPERTIES
REQUIRE LETTERS (incl. case)
REQUIRE NUMBERS
REQUIRE SPECIAL CHARACTERS
DELETE DATA AND APPLICATIONS FROM THE
DEVICE AFTER
INCORRECT PASSWORD ATTEMPTS
DEVICE PASSWORD
ENABLE AUTO-LOCK
LIMIT PASSWORD AGE
LIMIT PASSWORD HISTORY
RESTRICT PASSWORD LENGTH
MINIMUM LENGTH FOR THE DEVICE
PASSWORD THAT IS ALLOWED
ENCRYPTION
APPLY ENCRYPTION RULES
ENCRYPT INTERNAL DEVICE STORAGE
TOUCHDOWN SUPPORT
MICROSOFT EXCHANGE SYNCHRONIZATION
EMAIL PROFILES
ACTIVESYNC
MDM . Extend your device security capabilities
Android CONTROLLED FOUR GROUPS ONLY
HIDE THE DEFAULT CAMERA APPLICATION
PASSWORD
DEFINE PASSWORD PROPERTIES
REQUIRE LETTERS (incl. case)
REQUIRE NUMBERS
REQUIRE SPECIAL CHARACTERS
DELETE DATA AND APPLICATIONS FROM THE
DEVICE AFTER
INCORRECT PASSWORD ATTEMPTS
DEVICE PASSWORD
ENABLE AUTO-LOCK
LIMIT PASSWORD AGE
LIMIT PASSWORD HISTORY
RESTRICT PASSWORD LENGTH
MINIMUM LENGTH FOR THE DEVICE
PASSWORD THAT IS ALLOWED
ENCRYPTION
APPLY ENCRYPTION RULES
ENCRYPT INTERNAL DEVICE STORAGE
TOUCHDOWN SUPPORT
MICROSOFT EXCHANGE SYNCHRONIZATION
EMAIL PROFILES
ACTIVESYNC
MDM . Extend your device security capabilities
Android CONTROLLED FOUR GROUPS ONLY
BROWSER
DEFAULT APP,
AUTOFILL, COOKIES, JAVASCRIPT, POPUPS
CAMERA, VIDEO, VIDEO CONF
OUTPUT, SCREEN CAPTURE, DEFAULT APP
CERTIFICATES (UNTRUSTED CERTs)
CLOUD SERVICES
BACKUP / DOCUMENT / PICTURE / SHARING
CONNECTIVITY
NETWORK, WIRELESS, ROAMING
DATA, VOICE WHEN ROAMING
CONTENT
CONTENT (incl. EXPLICIT)
RATING FOR APPS/ MOVIES / TV SHOWS / REGIONS
DIAGNOSTICS AND USAGE (SUBMISSION LOGS)
MESSAGING (DEFAULT APP)
BACKUP / DOCUMENT PICTURE / SHARING
ONLINE STORE
ONLINE STORES , PURCHASES, PASSWORD
DEFAULT STORE / BOOK / MUSIC APP
MESSAGING (DEFAULT APP)
PASSWORD (THE SAME WITH ANDROID, NEW BLACKBERRY DEVICES)
PHONE AND MESSAGING (VOICE DIALING)
PROFILE & CERTs (INTERACTIVE INSTALLATION)
SOCIAL (DEFAULT APP)
SOCIAL APPS / GAMING / ADDING FRIENDS / MULTI-PLAYER
DEFAULT SOCIAL-GAMING / SOCIAL-VIDEO APPS
STORAGE AND BACKUP
DEVICE BACKUP AND ENCRYPTION
VOICE ASSISTANT (DEFAULT APP)
MDM . Extend your device security capabilities
iOS CONTROLLED 16 GROUPS ONLY
DEFAULT APP,
AUTOFILL, COOKIES, JAVASCRIPT, POPUPS
CAMERA, VIDEO, VIDEO CONF
OUTPUT, SCREEN CAPTURE, DEFAULT APP
CERTIFICATES (UNTRUSTED CERTs)
CLOUD SERVICES
BACKUP / DOCUMENT / PICTURE / SHARING
CONNECTIVITY
NETWORK, WIRELESS, ROAMING
DATA, VOICE WHEN ROAMING
CONTENT
CONTENT (incl. EXPLICIT)
RATING FOR APPS/ MOVIES / TV SHOWS / REGIONS
DIAGNOSTICS AND USAGE (SUBMISSION LOGS)
MESSAGING (DEFAULT APP)
BACKUP / DOCUMENT PICTURE / SHARING
ONLINE STORE
ONLINE STORES , PURCHASES, PASSWORD
DEFAULT STORE / BOOK / MUSIC APP
MESSAGING (DEFAULT APP)
PASSWORD (THE SAME WITH ANDROID, NEW BLACKBERRY DEVICES)
PHONE AND MESSAGING (VOICE DIALING)
PROFILE & CERTs (INTERACTIVE INSTALLATION)
SOCIAL (DEFAULT APP)
SOCIAL APPS / GAMING / ADDING FRIENDS / MULTI-PLAYER
DEFAULT SOCIAL-GAMING / SOCIAL-VIDEO APPS
STORAGE AND BACKUP
DEVICE BACKUP AND ENCRYPTION
VOICE ASSISTANT (DEFAULT APP)
MDM . Extend your device security capabilities
iOS CONTROLLED 16 GROUPS ONLY
GENERAL
MOBILE HOTSPOT AND TETHERING
PLANS APP, APPWORLD
PASSWORD (THE SAME WITH ANDROID, iOS)
BES MANAGEMENT (SMARTPHONES, TABLETS)
SOFTWARE
OPEN WORK EMAIL MESSAGES LINKS IN THE PERSONAL BROWSER
TRANSFER THOUGH WORK PERIMETER TO SAME/ANOTHER DEVICE
BBM VIDEO ACCESS TO WORK NETWORK
VIDEO CHAT APP USES ORGANIZATION’S WI-FI/VPN NETWORK
SECURITY
WIPE WORK SPACE WITHOUT NETWORK, RESTRICT DEV. MODE
VOICE CONTROL & DICTATION IN WORK & USER APPS
BACKUP AND RESTORE (WORK) & DESKTOP SOFTWARE
PC ACCESS TO WORK & PERSONAL SPACE (USB, BT)
PERSONAL SPACE DATA ENCRYPTION
NETWORK ACCESS CONTROL FOR WORK APPS
PERSONAL APPS ACCESS TO WORK CONTACTS
SHARE WORK DATA DURING BBM VIDEO SCREEN SHARING
WORK DOMAINS, WORK NETWORK USAGE FOR PERSONAL APPS
EMAIL PROFILES
CERTIFICATES & CIPHERS & S/MIME
HASH & ENCRYPTION ALGS AND KEY PARAMS
TASK/MEMO/CALENDAR/CONTACT/DAYS SYNC
WI-FI PROFILES
ACCESS POINT, DEFAULT GATEWAY, DHCP, IPV6, SSID, IP ADDRESS
PROXY PASSWORD/PORT/SERVER/SUBNET MASK
VPN PROFILES
PROXY, SCEP, AUTH PROFILE PARAMS
TOKENS, IKE, IPSEC OTHER PARAMS
PROXY PORTS, USERNAME, OTHER PARAMS
MDM . Extend your device security capabilities
BlackBerry (new, 10, QNX) CONTROLLED 7 GROUPS ONLY
MOBILE HOTSPOT AND TETHERING
PLANS APP, APPWORLD
PASSWORD (THE SAME WITH ANDROID, iOS)
BES MANAGEMENT (SMARTPHONES, TABLETS)
SOFTWARE
OPEN WORK EMAIL MESSAGES LINKS IN THE PERSONAL BROWSER
TRANSFER THOUGH WORK PERIMETER TO SAME/ANOTHER DEVICE
BBM VIDEO ACCESS TO WORK NETWORK
VIDEO CHAT APP USES ORGANIZATION’S WI-FI/VPN NETWORK
SECURITY
WIPE WORK SPACE WITHOUT NETWORK, RESTRICT DEV. MODE
VOICE CONTROL & DICTATION IN WORK & USER APPS
BACKUP AND RESTORE (WORK) & DESKTOP SOFTWARE
PC ACCESS TO WORK & PERSONAL SPACE (USB, BT)
PERSONAL SPACE DATA ENCRYPTION
NETWORK ACCESS CONTROL FOR WORK APPS
PERSONAL APPS ACCESS TO WORK CONTACTS
SHARE WORK DATA DURING BBM VIDEO SCREEN SHARING
WORK DOMAINS, WORK NETWORK USAGE FOR PERSONAL APPS
EMAIL PROFILES
CERTIFICATES & CIPHERS & S/MIME
HASH & ENCRYPTION ALGS AND KEY PARAMS
TASK/MEMO/CALENDAR/CONTACT/DAYS SYNC
WI-FI PROFILES
ACCESS POINT, DEFAULT GATEWAY, DHCP, IPV6, SSID, IP ADDRESS
PROXY PASSWORD/PORT/SERVER/SUBNET MASK
VPN PROFILES
PROXY, SCEP, AUTH PROFILE PARAMS
TOKENS, IKE, IPSEC OTHER PARAMS
PROXY PORTS, USERNAME, OTHER PARAMS
MDM . Extend your device security capabilities
BlackBerry (new, 10, QNX) CONTROLLED 7 GROUPS ONLY
THERE 55 GROUPS CONTROLLED IN ALL
EACH GROUP CONTAINSFROM 10 TO 30 UNITS
ARE CONTROLLED TOO
EACH UNIT IS UNDER A LOT OF FLEXIBLE PARAMs
INSTEADOF A WAY ‘DISABLE/ENABLED &
HIDE/UNHIDE’
EACH EVENT IS
CONTROLLED BY CERTAIN PERMISSION
ALLOWED TO CONTROL BY SIMILAR
PERMISSIONS TO BE MORE FLEXIBLE
DESCRIBED 360 PAGES IN ALL THAT IN FOUR TIME
MORE THAN OTHER DOCUMENTS
EACH UNIT CAN’T CONTROL ACTIVITY UNDER
ITSELF
‘CREATE, READ, WRITE/SAVE, SEND,
DELETE’ ACTIONS IN REGARDS TO
MESSAGES LEAD TO SPOOFING BY
REQUESTING A ‘MESSAGE’ PERMISSION
ONLY
SOME PERMISSIONS AREN’T REQUIRED (TO
DELETE ANY OTHER APP)
SOME PERMISSIONS ARE RELATED TO APP,
WHICH 3
RD
PARTY PLUGIN WAS EMBEDDED
IN, INSTEAD OF THAT PLUGIN
MDM . Extend your device security capabilities
Blackberry (old) Huge amount of permissions are MDM & device built-in
EACH GROUP CONTAINSFROM 10 TO 30 UNITS
ARE CONTROLLED TOO
EACH UNIT IS UNDER A LOT OF FLEXIBLE PARAMs
INSTEADOF A WAY ‘DISABLE/ENABLED &
HIDE/UNHIDE’
EACH EVENT IS
CONTROLLED BY CERTAIN PERMISSION
ALLOWED TO CONTROL BY SIMILAR
PERMISSIONS TO BE MORE FLEXIBLE
DESCRIBED 360 PAGES IN ALL THAT IN FOUR TIME
MORE THAN OTHER DOCUMENTS
EACH UNIT CAN’T CONTROL ACTIVITY UNDER
ITSELF
‘CREATE, READ, WRITE/SAVE, SEND,
DELETE’ ACTIONS IN REGARDS TO
MESSAGES LEAD TO SPOOFING BY
REQUESTING A ‘MESSAGE’ PERMISSION
ONLY
SOME PERMISSIONS AREN’T REQUIRED (TO
DELETE ANY OTHER APP)
SOME PERMISSIONS ARE RELATED TO APP,
WHICH 3
RD
PARTY PLUGIN WAS EMBEDDED
IN, INSTEAD OF THAT PLUGIN
MDM . Extend your device security capabilities
Blackberry (old) Huge amount of permissions are MDM & device built-in
[ Vulnerabilities of OS and apps ]
0
1
2
3
4
5
6
7
8
9
10
2004 2005 2007 2007 2007 2008 2008 2008 2008 2008 2009 2009 2009 2009 2009 2009 2009 2009 2009 2010 2010 2010 2010 2010 2010 2010 2010 2011 2011 2011 2011 2011 2011 2011 2012 2012 2012 2012 2012 2012 2012 2012 2012 2012 2012 2012 2012 2013 2013 2013 2013
Score - iOS Score - Android Score - BB
0
1
2
3
4
5
6
7
8
9
10
2004 2005 2007 2007 2007 2008 2008 2008 2008 2008 2009 2009 2009 2009 2009 2009 2009 2009 2009 2010 2010 2010 2010 2010 2010 2010 2010 2011 2011 2011 2011 2011 2011 2011 2012 2012 2012 2012 2012 2012 2012 2012 2012 2012 2012 2012 2012 2013 2013 2013 2013
Score - iOS Score - Android Score - BB
[ Vulnerabilities of OS and apps ]
iOS Average, 6.3
Android Average, 8.2
BB-Average, 6.3
iOS Min, 1.2
Android Min, 1.9
BB Min, 2.1
Min & Average Score
MIN & AVERAGE SCORE
iOS Average, 6.3
Android Average, 8.2
BB-Average, 6.3
iOS Min, 1.2
Android Min, 1.9
BB Min, 2.1
Min & Average Score
MIN & AVERAGE SCORE
HOW MANY THE TOOLS ARE
(approximately):
iOS–10
ANDROID –50
WINDOWSPHONE –40
BLACKBERRY -10
QUANTITY OF BUGS /
SECURITY FLAWS
AVERAGE –50
MIN –20
MAX –INFINITY
BUGS TYPE (OBVIOUS |
LIKELY)
OBVIOUS BUGS
LIKELY BUGS LIKE SQL
WARNING BUGS
(CHECK IT OUT)
[ APPLICATION AUDIT , APP ANALYSIS TOOLS ]
HEY DUDE, WHY IS IT VULNERABLE AGAIN?SORRY, BOSS, I’HAD JUST BEEN COMMITED A WRONG BRANCH
(approximately):
iOS–10
ANDROID –50
WINDOWSPHONE –40
BLACKBERRY -10
QUANTITY OF BUGS /
SECURITY FLAWS
AVERAGE –50
MIN –20
MAX –INFINITY
BUGS TYPE (OBVIOUS |
LIKELY)
OBVIOUS BUGS
LIKELY BUGS LIKE SQL
WARNING BUGS
(CHECK IT OUT)
[ APPLICATION AUDIT , APP ANALYSIS TOOLS ]
HEY DUDE, WHY IS IT VULNERABLE AGAIN?SORRY, BOSS, I’HAD JUST BEEN COMMITED A WRONG BRANCH
Device diversity
Configuration management
Software Distribution
Device policy compliance & enforcement
Enterprise Activation
Logging
Security Settings
Security Wipe, Lock
IAM
Make you sure to start managing security under
uncertain terms without AI
Refers to NIST-800-53 and other
Sometimes missed requirements such as
locking device, however it is in NIST-800-53
A bit details than CSA
No statements on permission management
Make you sure to start managing security under
uncertain termswithout AI
COMPLIANCE AND MDM
CSA Mobile Device Management: Key ComponentsNIST-124
Configuration management
Software Distribution
Device policy compliance & enforcement
Enterprise Activation
Logging
Security Settings
Security Wipe, Lock
IAM
Make you sure to start managing security under
uncertain terms without AI
Refers to NIST-800-53 and other
Sometimes missed requirements such as
locking device, however it is in NIST-800-53
A bit details than CSA
No statements on permission management
Make you sure to start managing security under
uncertain termswithout AI
COMPLIANCE AND MDM
CSA Mobile Device Management: Key ComponentsNIST-124
Permissions
BlackBerry Windows Android iOS
MDM
BlackBerry (old) iOS –BlackBerry (new) Windows
Vulnerabilities
BlackBerry Windows iOS Android
Severity & Efficiency
BlackBerry Windows Android iOS
MDM
BlackBerry (old) iOS –BlackBerry (new) Windows
Vulnerabilities
BlackBerry Windows iOS Android
Severity & Efficiency
Account
country code, phone number
Device Hardware Key
login / tokens of Twitter & Facebook
Calls history
Name + internal ID
Duration + date and time
Address book
Quantity of contacts / viber-contacts
Full name / Email / phone numbers
Messages
Conversations
Quantity of messages & participants
per conversations
Additional participant info (full name,
phone)
Messages
Date & Time
content of message
ID
[ APPLICATION EXAMINATION ]
ONLY THOSE I HAVE TO USE EVERY DAYFORENSICS EXAMINATION
country code, phone number
Device Hardware Key
login / tokens of Twitter & Facebook
Calls history
Name + internal ID
Duration + date and time
Address book
Quantity of contacts / viber-contacts
Full name / Email / phone numbers
Messages
Conversations
Quantity of messages & participants
per conversations
Additional participant info (full name,
phone)
Messages
Date & Time
content of message
ID
[ APPLICATION EXAMINATION ]
ONLY THOSE I HAVE TO USE EVERY DAYFORENSICS EXAMINATION
Account
country code, phone number
login / tokens Facebook wasn’t revealed
‘Buy me for….$$$’
Avatars :: [email protected](jfif)
Address book
No records of address book were revealed…
Check log-file and find these records (!)
Messages
Messages
Date & Time
content of message
ID:: [email protected]
[ APPLICATION EXAMINATION ]
ONLY THOSE I HAVE TO USE EVERY DAYFORENSICS EXAMINATION
country code, phone number
login / tokens Facebook wasn’t revealed
‘Buy me for….$$$’
Avatars :: [email protected](jfif)
Address book
No records of address book were revealed…
Check log-file and find these records (!)
Messages
Messages
Date & Time
content of message
ID:: [email protected]
[ APPLICATION EXAMINATION ]
ONLY THOSE I HAVE TO USE EVERY DAYFORENSICS EXAMINATION
Account
Phone number
Password, secret code weren’t revealed
Trace app, find the methods use it
Repack app and have a fun
No masking of data typed
Information
Amount
Full info in history section (incl. info about
who receive money)
Connected cards
Encryption?
No
Bank cards
Masked card number only
QiwiBank cards
Full & masked number
Cvv/cvc
All other card info
[ APPLICATION EXAMINATION ]
ONLY THOSE I HAVE TO USE EVERY DAYFORENSICS EXAMINATION
Phone number
Password, secret code weren’t revealed
Trace app, find the methods use it
Repack app and have a fun
No masking of data typed
Information
Amount
Full info in history section (incl. info about
who receive money)
Connected cards
Encryption?
No
Bank cards
Masked card number only
QiwiBank cards
Full & masked number
Cvv/cvc
All other card info
[ APPLICATION EXAMINATION ]
ONLY THOSE I HAVE TO USE EVERY DAYFORENSICS EXAMINATION
Account
ID , email, password
Information
Loyalty (bonus) of your membership
all you ever type
Date of birth
Passport details
Book/order history
Routes,
Date and time,
Bonus earning
Full info per each order
Connected cards
Encryption?
AES
256 bit
On password
anywayanydayanywayanyday
Store in plaintext
Sizeof(anywayanydayanywayanyday) =
192 bit
[ APPLICATION EXAMINATION ]
ONLY THOSE I HAVE TO USE EVERY DAYFORENSICS EXAMINATION
ID , email, password
Information
Loyalty (bonus) of your membership
all you ever type
Date of birth
Passport details
Book/order history
Routes,
Date and time,
Bonus earning
Full info per each order
Connected cards
Encryption?
AES
256 bit
On password
anywayanydayanywayanyday
Store in plaintext
Sizeof(anywayanydayanywayanyday) =
192 bit
[ APPLICATION EXAMINATION ]
ONLY THOSE I HAVE TO USE EVERY DAYFORENSICS EXAMINATION
Account
ID ,bonus card number, password not revealed
Other id & tokens
Information
Date of birth
Passport details
History (airlines, city, flight number only)
Flights tickets, logins credentials
Repack app and grab it
[ APPLICATION EXAMINATION ]
ONLY THOSE I HAVE TO USE EVERY DAYFORENSICS EXAMINATION
ID ,bonus card number, password not revealed
Other id & tokens
Information
Date of birth
Passport details
History (airlines, city, flight number only)
Flights tickets, logins credentials
Repack app and grab it
[ APPLICATION EXAMINATION ]
ONLY THOSE I HAVE TO USE EVERY DAYFORENSICS EXAMINATION
Account
ID , password
Loyalty (bonus) card number
Information
Not revealed (tickets, history or else)
Repack app
[ APPLICATION EXAMINATION ]
ONLY THOSE I HAVE TO USE EVERY DAYFORENSICS EXAMINATION
ID , password
Loyalty (bonus) card number
Information
Not revealed (tickets, history or else)
Repack app
[ APPLICATION EXAMINATION ]
ONLY THOSE I HAVE TO USE EVERY DAYFORENSICS EXAMINATION
Account
ID , email, password
Other id & tokens
Information
Loyalty (bonus) of your membership
all you ever type
Date of birth
Passport details
All PASSPORT INFO (not only travel data)
Your work data (address, job, etc.) you have never typed! (except preparing member card)
Flights tickets
Repack app and grab it
[ APPLICATION EXAMINATION ]
ONLY THOSE I HAVE TO USE EVERY DAYFORENSICS EXAMINATION
ID , email, password
Other id & tokens
Information
Loyalty (bonus) of your membership
all you ever type
Date of birth
Passport details
All PASSPORT INFO (not only travel data)
Your work data (address, job, etc.) you have never typed! (except preparing member card)
Flights tickets
Repack app and grab it
[ APPLICATION EXAMINATION ]
ONLY THOSE I HAVE TO USE EVERY DAYFORENSICS EXAMINATION
Account
ID , however password is encrypted
Information
Loyalty (bonus) of your membership, program name901***** \\Skymiles
Flight
confirmations, depart time, flight #:: GCXXXX || 0467 || 2013-11-07T12:40:00+04:00 || DL90
"checkedIn": "false“, "seatNumber": "09B",
Issued date, ticket # :: "2013-10-26T15:37:00-04:00", 006xxxxxxxxxxx
Aeroports::
SVO/ "SheremetyevoArpt, JFK/"John F Kennedy International“, NYC / "New York-Kennedy“…
[ APPLICATION EXAMINATION ]
ONLY THOSE I HAVE TO USE EVERY DAYFORENSICS EXAMINATION
ID , however password is encrypted
Information
Loyalty (bonus) of your membership, program name901***** \\Skymiles
Flight
confirmations, depart time, flight #:: GCXXXX || 0467 || 2013-11-07T12:40:00+04:00 || DL90
"checkedIn": "false“, "seatNumber": "09B",
Issued date, ticket # :: "2013-10-26T15:37:00-04:00", 006xxxxxxxxxxx
Aeroports::
SVO/ "SheremetyevoArpt, JFK/"John F Kennedy International“, NYC / "New York-Kennedy“…
[ APPLICATION EXAMINATION ]
ONLY THOSE I HAVE TO USE EVERY DAYFORENSICS EXAMINATION
[ APPLICATION EXAMINATION ]
ONLY THOSE I HAVE TO USE EVERY DAYFORENSICS EXAMINATION
ONLY THOSE I HAVE TO USE EVERY DAYFORENSICS EXAMINATION
Account ::: PIN , Names, Status"74afbe19","Yury Chemerkin“, "*fly*“, "@ Holiday Inn (MOSCOW)"
Information
Barcode / QR history (when, what) "QR_CODE","bbm:2343678095c7649723436780","1382891450014"
Transferred files "RemotePin“, "Path","ContentType“, "image/jpeg“,"23436780“,
"/storage/sdcard0/Android/data/com.skype.raider/cache/photo_1383731771908.jpg“
Transferred as a JFIF file :: FFD8FFE000104A464946 ......JFIF
Invitations: "Pin","Greeting","Timestamp",”LocalPublicKey/PrivateKey","EncryptionKey«
Messages (Date, Text,…) :: "1383060689","Gde","Edu k metro esche, probkatut","Parkpobedy”,"Aha","А
щас","Belorusskaja","Долго"
Logs
Revealing PINs, Email, device information,
Applications actions associated with applications modules *.c files, *.so, etc.
It helps to analyze .apkin future
[ APPLICATION EXAMINATION ]
ONLY THOSE I HAVE TO USE EVERY DAYFORENSICS EXAMINATION
Information
Barcode / QR history (when, what) "QR_CODE","bbm:2343678095c7649723436780","1382891450014"
Transferred files "RemotePin“, "Path","ContentType“, "image/jpeg“,"23436780“,
"/storage/sdcard0/Android/data/com.skype.raider/cache/photo_1383731771908.jpg“
Transferred as a JFIF file :: FFD8FFE000104A464946 ......JFIF
Invitations: "Pin","Greeting","Timestamp",”LocalPublicKey/PrivateKey","EncryptionKey«
Messages (Date, Text,…) :: "1383060689","Gde","Edu k metro esche, probkatut","Parkpobedy”,"Aha","А
щас","Belorusskaja","Долго"
Logs
Revealing PINs, Email, device information,
Applications actions associated with applications modules *.c files, *.so, etc.
It helps to analyze .apkin future
[ APPLICATION EXAMINATION ]
ONLY THOSE I HAVE TO USE EVERY DAYFORENSICS EXAMINATION
MERGINGPERMISSIONS INTO GROUPS, e.g.
‘SCREEN CAPTURE, CAMERA, VIDEO PERMISSIONS’ SEPARATED (BlackBerry old)
‘SCREEN CAPTURE, CAMERA, VIDEO PERMISSIONS’ MERGED INTO ONE UNIT (BlackBerry new)
SCREEN CAPTURE
IS ALLOWED VIA HARDWARE BUTTONS ONLY
NO EMULATION OF HARDWARE BUTTONS AS IT WAS IN OLD BLACKBERRY DEVICES
LOCKS WHEN WORK PERIMITER HAS BECOME TO PREVENT SCREEN-CAPTURE LOGGERS
OFFICIALLYANNOUNCED SANDBOX
MALWAREIS STILL A PERSONAL APPLICATION SUBTYPE IN TERMS OF (IN-)SECURITY
SANDBOXPROTECTSONLYAPPDATA, WHILE USER DATA STORED IN SHARED FOLDERS
INABILITY OF BACKUP MAKE DEVELOPERS TO STORE DATA IN SHARED FOLDERS
ISSUES : USELESS SOLUTIONS
USERFULL IDEAS AT FIRST GLANCEBUT INSTEAD MAKE NO SENSE
‘SCREEN CAPTURE, CAMERA, VIDEO PERMISSIONS’ SEPARATED (BlackBerry old)
‘SCREEN CAPTURE, CAMERA, VIDEO PERMISSIONS’ MERGED INTO ONE UNIT (BlackBerry new)
SCREEN CAPTURE
IS ALLOWED VIA HARDWARE BUTTONS ONLY
NO EMULATION OF HARDWARE BUTTONS AS IT WAS IN OLD BLACKBERRY DEVICES
LOCKS WHEN WORK PERIMITER HAS BECOME TO PREVENT SCREEN-CAPTURE LOGGERS
OFFICIALLYANNOUNCED SANDBOX
MALWAREIS STILL A PERSONAL APPLICATION SUBTYPE IN TERMS OF (IN-)SECURITY
SANDBOXPROTECTSONLYAPPDATA, WHILE USER DATA STORED IN SHARED FOLDERS
INABILITY OF BACKUP MAKE DEVELOPERS TO STORE DATA IN SHARED FOLDERS
ISSUES : USELESS SOLUTIONS
USERFULL IDEAS AT FIRST GLANCEBUT INSTEAD MAKE NO SENSE
DENIAL OF SERVICE
REPLACING/REMOVING FILES
DOS’ingEVENTs, GUI INTERCEPT
INFORMATION DISCLOSURE
CLIPBOARD, SCREEN CAPTURE
GUI INTERCEPT
SHARED FOLDERS
DUMPING .COD/.BAR/APK… FILES
MITM (INTERCEPTION / SPOOFING)
MESSAGES
GUI INTERCEPT, THIRD PARTY APPs
FAKE WINDOW/CLICKJACKING
GENERAL PERMISSIONS
INSTEAD OF SPECIFIC SUB-PERMISSIONS
A FEW NOTIFICATION/EVENT LOGs FOR
USER
BUILT PER APPLICATION INSTEAD OF APP
SCREENs
CONCLUSION
PRIVILEGED GENERAL PERMISSIONSOWN APPs, NATIVE & 3
RD
PARTY APPs FEATURES
REPLACING/REMOVING FILES
DOS’ingEVENTs, GUI INTERCEPT
INFORMATION DISCLOSURE
CLIPBOARD, SCREEN CAPTURE
GUI INTERCEPT
SHARED FOLDERS
DUMPING .COD/.BAR/APK… FILES
MITM (INTERCEPTION / SPOOFING)
MESSAGES
GUI INTERCEPT, THIRD PARTY APPs
FAKE WINDOW/CLICKJACKING
GENERAL PERMISSIONS
INSTEAD OF SPECIFIC SUB-PERMISSIONS
A FEW NOTIFICATION/EVENT LOGs FOR
USER
BUILT PER APPLICATION INSTEAD OF APP
SCREENs
CONCLUSION
PRIVILEGED GENERAL PERMISSIONSOWN APPs, NATIVE & 3
RD
PARTY APPs FEATURES
Q & A
Categories
TechnologyDownload
Download Slideshow Get the original presentation fileQuick Actions
Statistics
- Views 13
- Slides 52
- Age 502 days
Related Slideshows
11
8-top-ai-courses-for-customer-support-representatives-in-2025.pptx
JeroenErne2
48 views
10
7-essential-ai-courses-for-call-center-supervisors-in-2025.pptx
JeroenErne2
47 views
13
25-essential-ai-courses-for-user-support-specialists-in-2025.pptx
JeroenErne2
37 views
11
8-essential-ai-courses-for-insurance-customer-service-representatives-in-2025.pptx
JeroenErne2
34 views
21
Know for Certain
DaveSinNM
22 views
17
PPT OPD LES 3ertt4t4tqqqe23e3e3rq2qq232.pptx
novasedanayoga46
26 views