• Mobile Security - Android vs. iOS: http://www.veracode.com/resources/android-ios-security
• The 2012 Accenture Consumer Electronics Products and Services Usage Report: http://www.accenture.com/SiteCollectionDocuments/PDF/Accenture_EHT_Research_2012_Consumer_Technology_Report.pdf

• Automated scanning of Android Market for potentially malicious software
• Windows Phone 8 adds inter-app communication among other
• Phonegap - how to notify Javascript when asynchronous operation is finished
• Windows Phone compared to IOS and Android (1st chapter from Manning book)

Mobile platform security links

The following links contain information relevant for mobile platform security.

Custom URL

Starting an app by opening a custom URL will fail if the app is not installed. Exampes.

• http://mobile.tutsplus.com/tutorials/iphone/ios-sdk-working-with-url-schemes
• http://www.hunlock.com/blogs/AJAX_for_n00bs
• http://stackoverflow.com/questions/374644/how-do-i-capture-response-of-form-submit
• http://malsup.com/jquery/form

Operating system, update and security

Android, generic update overview:

• Android forum - help for update, Google:
  • http://www.google.com/support/forum/p/Google+Mobile/label?lid=551c5c4cca827a18&hl=en

• http://www.theregister.co.uk/2011/11/22/android_patching_mess/
  • http://www.bit9.com/company/news-release-details.php?id=227
  • http://blog.bit9.com/bid/72676/Orphan-Android-The-Not-So-Smartphones-of-2011

• http://www.theregister.co.uk/2011/10/25/aslr_comes_to_android/

Android security:

• http://jon.oberheide.org/files/cansecwest09-android.pdf
• https://www.defcon.org/images/defcon-18/dc-18-presentations/Lineberry/DEFCON-18-Lineberry-Not-The-Permissions-You-Are-Looking-For.pdf
• http://forum.stanford.edu/events/posterslides/AddressSpaceLayoutRandomizationinAndroid.pdf ASLR

iiOS OTA update:

• http://mashable.com/2011/11/10/ios5-ota-faq/

iOS Security:

• http://images.apple.com/iphone/business/docs/iOS_Security.pdf
• http://trailofbits.files.wordpress.com/2011/08/ios-security-evaluation.pdf

Keychain / crypto

iOS keyChain

• http://media.blackhat.com/bh-us-11/DaiZovi/BH_US_11_DaiZovi_iOS_Security_WP.pdf
• http://www.youtube.com/watch?v=uVGiNAs-QbY - Video demostrating revealing iPhone 4 passwords in 6 minutes (Fraunhofer SIT). See the report sc-iphone-passwords below.
• http://sit.sit.fraunhofer.de/studies/en/sc-iphone-passwords.pdf - Shows the details from the video - seems to show that secrets in keychain stored with "some protection class different from default" can be revealed within 6 miutes. Apps using keychain with default protection are protected (brute force attack required to reveal).
• http://viaforensics.com/mobile-security/question-how-secure-is-ios-keychain.html
• http://www.readwriteweb.com/enterprise/2010/08/crack-iphone-keychains-with-ip.php
• http://blog.crackpassword.com/tag/ios-4/
• How to enable data protection on iOS4: http://useyourloaf.com/blog/2011/5/27/ios-keychain-migration-and-data-protection-part-1.html
• http://www.h-online.com/security/features/iOpener-How-safe-is-your-iPhone-data-1266713.html?page=3 - good explanation of getting keychain secrets

Android keychain:

• http://nelenkov.blogspot.com/2011/11/using-ics-keychain-api.html
• http://www.ehow.com/info_12183909_encryption-android.html - Android 2.3.4+ - natively support for device-level encryption. File based encryption locks device with user PIN
• http://www.scribd.com/doc/25036401/A-Security-Overview-in-Google-s-Android-Phone - Android Security Overview, good explanation and enhancement proposals.

iOS Data protection

• Tutorial of data encryption in iPhone4 - http://anthonyvance.com/blog/forensics/ios4_data_protection/
• http://esec-lab.sogeti.com/dotclear/public/publications/11-hitbamsterdam-iphonedataprotection.pdf
• http://securityxploded.com/demystifying-iphone-forensics-on-ios5.php - a shorter ersion of the Sogeti .pdf above.

Crypto libraries

Android

• BouncyCastle versions on Android
• http://www.java2s.com/Open-Source/Android/android-platform-external/bouncycastle/Catalogbouncycastle.htm (unknown Android version)
• http://stackoverflow.com/questions/6488658/can-i-use-latest-bouncycastle-provider-on-android
• http://code.google.com/p/android/issues/detail?id=3280
• http://www.google.com/codesearch#cZwlSNS7aEw/external/bouncycastle/src/main/java/org/bouncycastle/jce/PKCS10CertificationRequest.java&exact_package=android&q=class:PKCS10CertificationRequest&l=237

iOS

• http://developer.apple.com/library/ios/#documentation/Security/Conceptual/cryptoservices/GeneralPurposeCrypto/GeneralPurposeCrypto.html
• http://developer.apple.com/library/ios/#documentation/System/Conceptual/ManPages_iPhoneOS/man3/CCCryptor.3cc.html#//apple_ref/doc/man/3cc/CCCryptor

Application Stores

Overview

• http://en.wikipedia.org/wiki/Android_Market
• http://en.wikipedia.org/wiki/App_Store_%28iOS%29
• http://en.wikipedia.org/wiki/Ovi_%28Nokia%29

• http://allaboutwindowsphone.com/news/item/13913_Windows_Phone_Marketplace_pass.php - detailed statistics for Marketplace.

• http://www.pcpro.co.uk/news/security/362485/microsoft-details-windows-phone-7-kill-switch

Threats / malware

• MacAffee down-to-earth analysis of security risks for mobiles - http://www.mcafee.com/us/resources/reports/rp-securing-mobile-devices.pdf
• http://download.microsoft.com/download/0/3/3/0331766E-3FC4-44E5-B1CA-2BDEB58211B8/Microsoft_Security_Intelligence_Report_volume_11_English.pdf

• http://www.securelist.com/en/analysis/204792194/ZeuS_in_the_Mobile_Facts_and_Theories - ZitMo - in details, for Symbian, Windows Mobile, Blackberry and Android.

• http://www.symantec.com/content/en/us/about/media/pdfs/symc_mobile_device_security_june2011.pdf
• http://www.symantec.com/about/news/release/article.jsp?prid=20110627_02&om_ext_cid=biz_socmed_twitter_facebook_marketwire_linkedin_2011Jun_worldwide_mobilesecuritywp - Apple’s iOS and Google’s Android Platform Cites Improved Security over PCs, but Major Gaps Remain.
• http://press.pandasecurity.com/usa/wp-content/uploads/2011/06/CNCCS-Smartphone-Malware-Full-Report-Translated-06-7-11-FINAL.pdf

Android

• http://www.symantec.com/connect/blogs/new-android-threat-gives-phone-root-canal - Ca. 50 apps from Android Market contained malware.
• http://www.androidpolice.com/2012/01/24/lookout-releases-mobile-threat-tracker-a-pretty-way-to-visualize-how-many-threats-lookout-finds-on-a-daily-basis-and-thats-about-it/
• http://www.androidpolice.com/2010/12/09/gingerbread-sdk-closes-a-tapjacking-vulnerability/

• http://blog.appuarium.com/2011/09/19/malicious-apps-found-on-google-android-market/ - "asroot" static linked ELF file tried to exploit Linux Kernel vulnerabilities (CVE-2009 -2692, CVE-2008 -0010 and CVE-2008 -0600) - apps have been removed from Market.

• http://securitywatch.pcmag.com/none/291627-android-malware-found-in-fake-angry-birds-cut-the-rope-and-more - trojan sends SMS

• http://blog.appuarium.com/2011/10/09/malware-prevalence-in-android-markets/
• http://www.sans.org/reading_room/whitepapers/pda/reverse-engineering-malware-android_33769

Windows Phone Marketplace

• http://www.afterdawn.com/news/article.cfm/2011/09/11/microsoft_pulls_avg_anti-virus_app_from_windows_phone_marketplace - sends too much private data to AVG
• http://www.wpcentral.com/psa-chrome-broswer-scam-alert-windows-phone-marketplace - Fake chrome browser app for $0.99
• http://www.wpcentral.com/fake-spotify-app-removed-marketplace - Fake spotify app for $1.99
• http://www.windows8update.com/2012/01/02/fake-spotify-app-hits-windows-phone-marketplace/

Nokia store

• http://www.developer.nokia.com/Distribute/Packaging_and_signing.xhtml
• http://articles.cnn.com/2011-05-12/tech/kill.switch_1_android-phones-nokia-s-symbian-app-store?_s=PM:TECH

Firewall and anti trojan / anti virus

Firewall

• Wikipedia: "permit or deny network transmissions based upon a set of rules"

Firewall programs from the application stores App Store / Market:

• Android: Droidwall (requires root)
• iOS: None (Lookout: Warn if on unencrypted WiFi)

Anti trojan / anti virus

Protection from malicious apps - anti-virus, block outgoing calls and SMS, and similar.

• Android: Avg, Avast, Kaspersky, Lookout, Symantec Norton
• iOS: None (Intego VirusBarrier: Mac/Windows email virus scanner running on iOS)

Android Market:

• https://market.android.com/details?id=com.antivirus&feature=more_from_developerAntivirus FreeAVG Mobilation
• https://market.android.com/details?id=com.avast.android.mobilesecurity&feature=related_appsavast! Mobile SecurityAVAST Software
• https://market.android.com/details?id=com.kms&feature=related_appsKaspersky Mobile SecurityKaspersky Lab https://market.android.com/details?id=com.lookout&feature=related_appsLookout Security & AntivirusLookout Mobile Security
• https://market.android.com/details?id=com.symantec.mobilesecurity&feature=related_appsNorton Security and AntivirusNortonMobile

Developing

• Analyzing Inter-Application Communication in Android - ComDroid tool
• http://isecpartners.com/files/iSEC_Securing_Android_Apps.pdf
• http://www.isecpartners.com/storage/docs/presentations/Secure_Development_on_iOS.pdf