Page 622 - (ISC)² CISSP Certified Information Systems Security Professional Official Study Guide
P. 622
level access to the device’s low-level configuration settings. Rooting
increases a device’s security risk, because all running code inherits
root privileges.
Improvements are made to Android security as new updates are
released. Users can adjust numerous configuration settings to
reduce vulnerabilities and risks. Also, users may be able to install
apps that add additional security features to the platform.
iOS
iOS is the mobile device OS from Apple that is available on the
iPhone, iPad, and Apple TV. iOS isn’t licensed for use on any non-
Apple hardware. Thus, Apple is in full control of the features and
capabilities of iOS. However, iOS is not an example of a static
environment, because users can install any of over two million
apps from the Apple App Store. Also, it’s often possible to jailbreak
iOS (breaking Apple’s security and access restrictions), allowing
users to install apps from third parties and gain greater control
over low-level settings. Jailbreaking an iOS device reduces its
security and exposes the device to potential compromise. Users can
adjust device settings to increase an iOS device’s security and
install many apps that can add security features.
Device Security
Device security is the range of potential security options or features
that may be available for a mobile device. Not all portable electronic
devices (PEDs) have good security features. But even if devices have
security features, they’re of no value unless they’re enabled and
properly configured. Be sure to consider the security options of a new
device before you make a purchase decision.
Full Device Encryption
Some mobile devices, including portable computers, tablets, and
mobile phones, may offer device encryption. If most or all the storage
