Enterprise Readiness of Mobile Platforms (Android, Blackberry, iOS, and Windows Phone security rankings)

[Jeffrey Walton <noloader () gmail com>]

http://www.trendmicro.com/cloud-content/us/pdfs/business/reports/rpt_enterprise_readiness_consumerization_mobile_platforms.pdf

The criteria and scoring begin at page 16. I suppose the skewed
criteria and scoring makes the difference between iOS and Windows
Phone reporting.

Item 1.20, “KeyChain” – iOS scored 5.0, WP scored 0. Windows uses the
Data Protection API (DPAPI), which is the equivalent. Linux/Android
has *not* warmed up to the fact that userland needs help in storing
secrets.

Item 2.10, “Centralized app signing” – iOS scored 2.5, WP scored 0. WP
does use code signing tied to a root. When my company signed up for a
Windows Phone developer account, I had to provide the Articles of
Incorporation before my keys were issued.

I’m not sure what to make of 10.10 “Richness of the API” – WP scored
0, but uses a reduced set of the .Net runtime and Silverlight for the
Windowing. iOS, which scored 2.5 does the same. Ditto for Android with
its reduced Java implementation.

And 12.10, “Federal Information Processing Standard” is laughable.
Apple does not have *anything* that is FIPS validated for iOS (two
platforms are ‘in process” IIRC). At least Microsoft has actually
delivered past validations for Windows Mobile.

I also don't see a "language comparison," when Android and Windows
Phone use managed languages and iOS uses Objective C (NSZombieEnabled
anyone?).
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.