Data Execution Prevention

Stack and Heap are not executable
W^X policy enforced on code pages
Prevents code-injection attacks

Passcodes and Touch ID
– touch ID provides convenience
– passcode enables data protection
– Maximum failed attempts
– Progressive passcode timeout

Android Security Overview
Applications, Application Framework, Libraries, Android Runtime, Linux Kernel

Each application runs with its UID in its own Dalvik virtual machine
– provides CPU protection, memory protection
Applications announces permission requirement
– create a whitelist model -user grant access
ask user at install time
– Inter – component communication reference monitor checks permissions

Android
App announces permission requirement
Installation-time approval
App may have more powerful permissions

Code Signing
All apps self-signed by developers
Code signing is used for
facilitating application upgrades
code/data sharing between applications
lets apps run in the same process