Mobile Platform Security Lab

Android & iOS Security | CEH v12 Module
0 / 70 XP
← Back to Vault

Platform Comparison: Android vs iOS

Android
  • Foundation: Linux-based kernel
  • Nature: Open-source (AOSP)
  • Market: Most widely used mobile OS
  • Customization: High (manufacturer skins)
  • App Distribution: Google Play + sideloading
  • Security Model: Permission-based sandboxing
  • Root Access: Rooting (various tools)
  • Development: Android Studio, Java/Kotlin
iOS
  • Foundation: Darwin (Unix-based)
  • Nature: Closed-source, proprietary
  • Market: Second largest, premium segment
  • Customization: Limited (Apple ecosystem)
  • App Distribution: App Store only (strict review)
  • Security Model: Strict sandbox + hardware security
  • Root Access: Jailbreaking (exploit-based)
  • Development: Xcode, Swift/Objective-C

Rooting vs Jailbreaking

Android Rooting
iOS Jailbreaking
Decision Tree
What is Rooting?
Rooting grants administrative (superuser) access to the Android operating system, allowing users to modify system files, install custom ROMs, and bypass manufacturer restrictions.
Advantages
  • Bypass carrier/manufacturer controls
  • Install apps on SD card (adoptable storage)
  • Enable Wi-Fi tethering (hotspot bypass)
  • Remove bloatware and system apps
  • Install custom ROMs (LineageOS, etc.)
  • Advanced backup capabilities
  • Overclock/underclock CPU
  • Deep system customization
Disadvantages
  • Voids manufacturer warranty
  • Increased malware vulnerability
  • Risk of bricking device
  • Banking apps may not work (SafetyNet)
  • OTA updates break root
  • Security bypass risks
  • Potential instability
  • Loss of device encryption

Popular Rooting Tools

KingoRoot PC & Mobile
One-click rooting solution supporting thousands of Android devices. Easy-to-use interface for beginners.
Windows APK
KingRoot Mobile
Android-only rooting app. Direct installation without PC required. Wide device compatibility.
APK Quick
Towelroot Exploit
Kernel exploit-based rooting. Works on older devices vulnerable to futex exploit.
Legacy Quick
One Click Root Commercial
Paid service offering guaranteed rooting with customer support and warranty protection.
Paid Support
USB Debugging Mode: Required for most rooting methods. Enable via Developer Options (tap Build Number 7 times). Never leave enabled on production devices - security risk!
What is Jailbreaking?
Jailbreaking exploits iOS vulnerabilities to remove Apple's software restrictions, allowing installation of unauthorized apps, tweaks, and system modifications through Cydia or other alternative app stores.

Jailbreak Types

Tethered Legacy
Requires computer connection each boot. Device won't start without jailbreak tool assistance.
High Risk Inconvenient
Semi-Tethered Common
Device boots normally but jailbreak features require re-activation after reboot.
Moderate Stable
Untethered Rare
Permanent jailbreak survives reboots. Most desirable but hardest to achieve.
Best Rare
Semi-Untethered Modern
Device boots normally, re-jailbreak via on-device app. Most common modern approach.
Popular Convenient
iOS Security Architecture: Apple's security includes Secure Boot Chain, Secure Enclave, Face ID/Touch ID integration, and hardware-backed encryption. Jailbreaking compromises these layers and may expose sensitive data.
Sandbox Model: iOS uses mandatory access control (sandbox) to isolate apps. Each app runs in its own container with limited system access. Jailbreaking breaks this isolation, allowing apps to interact with system files and other apps.

Should You Root/Jailbreak Your Device?

Is this your primary/work device?
Yes
No
NOT RECOMMENDED

Rooting/jailbreaking your primary device significantly increases security risks. You may lose access to banking apps, work email, and critical security updates. Warranty will be voided. Use a secondary device for security research instead.

Do you understand the technical risks and can troubleshoot if something breaks?
Yes
No
NOT RECOMMENDED

Without technical expertise, you risk permanently bricking your device. Recovery requires deep knowledge of bootloaders, recovery modes, and system partitions. Recommend learning in controlled environments first.

Is your purpose legitimate (security research, testing, learning)?
Yes
No
RECONSIDER

Using root/jailbreak to bypass security measures, pirate apps, or cheat in games violates terms of service and may be illegal. The risks outweigh questionable benefits.

PROCEED WITH CAUTION

Before you proceed:

  • Backup all data (full device backup)
  • Research your specific device model compatibility
  • Understand how to restore to stock firmware
  • Accept warranty void
  • Keep root/jailbreak detection in mind for apps
  • Use secondary device, not primary
  • Document your learning process

Android Hacking Tools

NetCut DoS
Network monitoring and DoS tool. Can disconnect devices from WiFi networks using ARP spoofing.
ARP Spoofing WiFi
LOIC DoS
Low Orbit Ion Cannon - network stress testing tool. Floods targets with TCP/UDP/HTTP requests.
Stress Test Flood
drozer Vulnerability
Security assessment framework for Android. Discovers vulnerabilities in apps and devices.
Assessment Framework
zANTI Pentesting
Mobile penetration testing toolkit. MITM attacks, network scanning, vulnerability assessment.
MITM Scanning
DroidSheep Session Hijack
Session hijacking tool. Captures and clones web sessions on WiFi networks (educational use only).
WiFi Cookies
ADB Development
Android Debug Bridge - command-line tool for device communication, debugging, and shell access.
Shell Debug
cSploit Pentesting
Advanced network pentesting suite. Port scanning, MITM, password cracking, vulnerability assessment.
Network Suite
APKTool Reverse Eng
Reverse engineering tool for Android APK files. Decode, modify, and rebuild applications.
Decompile Analysis

Android Debug Bridge (ADB) Command Simulator

What is ADB?
Android Debug Bridge is a versatile command-line tool that lets you communicate with a device. It facilitates device actions like installing and debugging apps, provides shell access, and enables file transfers.
ADB Terminal
Android Debug Bridge Terminal - Click commands below to execute
Ready for commands...

Interactive App Permission Analyzer

Suspicious Social App

v3.2.1 • 50MB • 1M+ downloads
Risk Assessment
Enable permissions to see risk analysis...
Permission Analysis:
Toggle permissions to see how they affect the app's security risk level. Red flags include excessive permissions unrelated to app functionality.
Common Permission Abuse:
  • Camera/Microphone for non-media apps
  • Location for apps that don't need it
  • Contacts access for single-player games
  • SMS read/send for non-messaging apps
  • Storage access beyond app needs
Dangerous Permissions:
  • SYSTEM_ALERT_WINDOW (overlay attacks)
  • BIND_ACCESSIBILITY_SERVICE (keylogging)
  • RECEIVE_SMS (2FA bypass)
  • CALL_PHONE (premium rate fraud)

Mobile Attack Vectors

MOBILE DEVICE
Malicious Apps
Trojans disguised as legitimate apps, often from third-party stores
Network Attacks
MITM, rogue WiFi, session hijacking on unsecured networks
Phishing/Smishing
SMS/email attacks targeting credentials and personal info
Physical Access
Device theft, shoulder surfing, unlocked devices
Browser Exploits
Drive-by downloads, malicious websites, JavaScript attacks
Update Attacks
Fake updates, compromised OTA, supply chain attacks
Social Engineering
Manipulation to install malware or reveal sensitive data
Bluetooth/NFC
Bluejacking, bluesnarfing, NFC relay attacks

Mobile Device Management (MDM) Policy Configurator

What is MDM?
Mobile Device Management provides centralized control over enterprise mobile devices. IT administrators can enforce security policies, deploy apps, monitor compliance, and remotely manage devices to protect corporate data.
Device Security
Passcode Requirement:
Screen Lock Timeout:
Device Encryption:
Application Control
App Installation:
App Blacklisting:
Network & Connectivity
WiFi Configuration:
Bluetooth:
Data Protection
Remote Wipe:
Containerization:

Policy Summary

Mobile Security Best Practices Checklist

Knowledge Assessment Quiz