Smartphone Overload: Preparing to overcome the challenges posed by an abundance of mobile operating systems
Most everyone is familiar with the top three mobile operating systems that have dominated the worldwide smartphone market for a number of years. Android, iOS and BlackBerry are household names, even as they compete among one another each quarter for market share.
This grouping might be comparable to the Windows-Apple-Linux trifecta that has gone largely unchanged since the early 1990s, when Windows rose to attain—and maintain—a 90-percent market share. However, there are some marked differences.
- Before smartphones gained widespread adoption, the Windows operating system might have been found on a few hundred PC-based platforms. By contrast, each iOS, Android and BlackBerry version might be found on any of several thousand types of smartphones and tablets.
- New PC operating systems are released every few years, whereas new mobile platform versions are released every few months. Eight “flavors” of the Android operating system, six major iOS versions, and five major BlackBerry versions exist—each with its own subsets.
- The “big three” aren’t alone. Windows Mobile/Windows Phone and Nokia’s Symbian operating system have smaller percentages of market share, but Windows Phone 8 is gaining ground. Palm OS may be seen on older devices, while Linux Ubuntu and Samsung Tizen are anticipated sometime this year. And many feature phones run on the Java-based BREW platform.
- With multiple operating systems come multiple file systems. In PCs, Windows uses only the File Allocation Table (FAT), exFAT, and New Technology File System (NTFS). A version of FAT is in use in Windows Mobile and Windows Phone devices. However, dozens of mobile file systems exist across all device families.
- Android may be the most widely installed operating system, but its Apple’s iOS driving most of the data bandwidth usage. And BlackBerry may be in steady decline, but is an important legacy device to many business and personal users.
All of this is not necessarily as complicated as it sounds. If you’re contemplating entering the field of mobile forensics, know that much of the hard work associated with file systems and data structures is now automated. With that said, “I pressed a button and got the data” is still a statement you want to avoid making in court. Here are some additional challenges to keep in mind as you start to investigate mobile devices.
Operating systems and user interfaces
Because the different operating systems run different file systems, they store information in different ways. iPhones, iPads, and other devices running iOS are generally all the same, but decoding an iOS app may not be the same as for an Android app—even if they are the same app. These types of problems are solved with physical extraction and automatic file system reconstruction, or file system extraction if the mobile forensics tool doesn’t support reconstruction.
Differences in file systems may also mean that mobile forensic tools don’t parse some files, which must therefore be carved manually. Logs and other data may be stored differently from one device to the next. For example, the user may change out the SIM card, or the device may change hands. If logs are important to a case, it will take additional effort to find them—whether forensic or legal (i.e. serving paper on one or more carriers to trace device activity).
Possibly the biggest challenge of all is that support for certain “lesser” mobile operating systems, including Windows Phone 7 and 8, is limited. Some vendors focus on support for specific operating systems, but mainly for iOS and Android. Finding forensic tools to support systems that are not one of the “Big Three” may require computer forensic experience.
Security exists on several levels within most smartphones: