Configure Mobile OS Security Flashcards
lesson 18A (24 cards)
Configuring screen lock options in iOS (left) and Android (right).
Google Play store has a Play Protect feature that is enabled by default.
Endpoint management software such as Microsoft Intune can be used to approve or prohibit apps.
In iOS, the data protection encryption option is enabled when a passcode is configured (left, at
bottom)
Using Google’s default remote backup service.
You can use the Google’s Find Device app to locate an Android device and remotely lock or wipe it
(or send the current holder a polite message to please return it ASAP).
Philips Hue smart lighting management app. management app connects to the hub (a Hue Bridge) via Wi-Fi.
Screen locks
protect mobile devices from unauthorized access, preventing attackers from stealing cached passwords, confidential files, and message history that could aid social engineering attacks.
screen lock ensures
device security by requiring an unlock gesture after inactivity or a power button press. While a simple swipe allows unauthenticated access, personal devices should be protected with an authentication method like a PIN, password, pattern, or biometric verification.
Screen locks prevent
unauthorized access by requiring authentication methods like a PIN, password, fingerprint, or facial recognition, securing mobile devices against threats.
Mobile security software protects
devices against malware, phishing, and exploits, using patches, antivirus, anti-malware apps, and firewalls. Keeping OS and app updates current is essential, with iOS updates delivered via Settings > General > Software Update and Android updates managed by vendors through Settings > System > Advanced > System updates.
Antivirus apps
filter content, block phishing sites, and monitor app permissions, while firewalls manage network activity by controlling connections to ports or IP addresses. “No-root” firewalls create a VPN to regulate app access without requiring root privileges.
Enterprise Mobility Management (EMM)
ensures secure mobile device usage in corporate environments through deployment models like BYOD, COBO, COPE, and CYOD. Mobile Device Management (MDM) enforces security policies, restricting app use, managing updates, and controlling built-in functions. Organizations tailor security profiles based on employee roles and site requirements, applying both technical restrictions and soft measures like training to enhance data protection.
BYOD
model allows employees to use personal devices for work but requires security oversight to mitigate risks like unauthorized access and data exposure.
COBO (Corporate Owned, Business Only) model
ensures strict security by providing company-owned devices that are exclusively used for work-related tasks, preventing personal use and reducing data exposure risks.
COPE (Corporate Owned, Personally Enabled) model
provides employees with company-owned devices, allowing limited personal use while enforcing security policies to maintain corporate control and data protection.
CYOD (Choose Your Own Device) model
allows employees to select a device from an approved list, balancing personal preference with company security requirements while maintaining corporate control over configurations and policies.
Mobile data security
helps prevent unauthorized access to sensitive information when a device is lost or stolen. Device encryption protects stored data, with iOS using multi-layer encryption and Android offering file-level encryption by default since Android 10. In iOS, Data Protection encryption is enabled when a passcode lock is set, safeguarding email and app data.
Remote backup applications
ensure mobile devices retain critical data by syncing with cloud services like iCloud (iOS), Google Sync (Android), and OneDrive (Microsoft). Users can also opt for third-party providers such as Dropbox or backup directly to a PC, with iOS supporting backups via macOS or iTunes on Windows. MDM software can further automate backups for corporate-managed devices.
Locator apps
use GPS and IPS to track lost or stolen mobile devices, with built-in find-my-phone features available on Android and iOS. These apps can remotely lock the device, display recovery messages, disable wallets, prevent passcode changes, and block network settings from being altered.
remote wipe
If a device is unrecoverable, a remote wipe can erase all data, returning it to factory settings. For corporate devices enrolled in MDM, an enterprise wipe can remove business accounts and files while preserving personal apps and data.
Internet of Things (IoT) security
focuses on protecting connected devices—such as home automation systems, smart appliances, and vehicles—from cyber threats. These devices communicate using networked sensors and software, making them potential targets for unauthorized access, data breaches, and malware attacks. Securing IoT requires strong encryption, regular software updates, and strict access controls to prevent vulnerabilities.
Home Automation Systems
Home automation systems use smart hubs, wireless mesh networking, and IoT-enabled devices to allow remote control of household functions while ensuring seamless communication between connected appliances.
IoT security risks
stem from weak default settings, inadequate patching, and unauthorized device deployments, requiring regular audits and employee training to mitigate vulnerabilities.
