Mobile Operating System Features
Key Takeaways
- iOS is a closed Apple ecosystem with a single App Store, while Android is open-source (AOSP) and permits sideloading from outside the Play Store.
- Mobile Device Management (MDM) lets an enterprise enforce passcodes and encryption, push Wi-Fi/VPN/email profiles, manage apps, track location, and remotely lock or wipe devices.
- Screen-lock strength climbs from swipe (none) to pattern, 4-digit PIN (10,000 combos), 6-digit PIN (1,000,000), alphanumeric password, and biometrics; devices can auto-wipe after a set number of failed attempts.
- Location can come from GPS (most accurate, poor indoors), cellular triangulation, Wi-Fi positioning, or Bluetooth beacons, and access is granted per app as Always, While Using, Ask, or Never.
- Email setup hinges on ports: POP3 110/995, IMAP 143/993, SMTP 587 (STARTTLS) or 465, with IMAP syncing across devices and POP3 downloading to one device.
iOS vs. Android
| Feature | iOS (Apple) | Android (Google) |
|---|---|---|
| Source model | Closed, Apple-controlled | Open-source (AOSP) + vendor skins |
| App sources | App Store only | Play Store plus sideloading |
| Customization | Limited | Extensive (launchers, default apps, widgets) |
| Update delivery | All devices at once | Varies by maker/carrier |
| File system | APFS | ext4/F2FS (varies) |
| Encryption | On by default | On by default (Android 6.0+) |
| Backup | iCloud or Finder/iTunes | Google account or maker cloud |
The big security implication: sideloading on Android increases malware exposure, so MDM commonly blocks installs from "unknown sources."
Screen Locks & Failed-Attempt Policies
| Method | Strength | Note |
|---|---|---|
| Swipe | None | Only blocks accidental input |
| Pattern | Low–Med | Visible smudge/shoulder-surf risk |
| PIN (4-digit) | Medium | 10,000 combinations |
| PIN (6-digit) | Med–High | 1,000,000 combinations |
| Password (alphanumeric) | High | Strongest manual option |
| Fingerprint | High | Fast; fails when wet/dirty |
| Facial / IR | High | Hands-free; struggles in the dark |
Both platforms can erase the device after N failed unlocks (commonly 10), and iOS adds escalating lockout timers between wrong attempts. Enterprises push these limits through MDM.
Mobile Device Management (MDM)
MDM centrally secures and configures fleets of phones and tablets.
| Capability | What it does |
|---|---|
| Remote wipe | Erase a lost/stolen device |
| Remote lock | Lock immediately |
| Geolocation | Track device position |
| App management | Install, remove, allow/deny apps |
| Policy enforcement | Require lock, encryption, password rules |
| Configuration profiles | Push Wi-Fi, VPN, email, certificates |
| Containerization | Isolate corporate from personal data |
BYOD vs. corporate-owned
| Aspect | BYOD | Corporate-owned |
|---|---|---|
| Owner | Employee | Organization |
| Management scope | Corporate container only | Whole device |
| Wipe on offboarding | Selective (corp data) | Full device wipe |
| App control | User owns personal side | Org controls all |
The key rule: on a BYOD device you perform a selective wipe that removes only company data and leaves the employee's personal photos and apps intact.
Location Services
| Method | Accuracy | Battery | Indoors? |
|---|---|---|---|
| GPS | 3–5 m | High | No |
| Cellular triangulation | 100–300 m | Low | Partial |
| Wi-Fi positioning | 15–40 m | Low | Yes |
| Bluetooth beacons | 1–3 m | Very low | Yes |
Users grant location per app as Always, While Using, Ask Next Time, or Never; admins can restrict it via MDM. Note that turning off GPS still leaves approximate location available through cellular and Wi-Fi.
Core Device Operations
- Factory reset wipes all data/apps/settings to out-of-box state. iOS: Settings > General > Transfer or Reset iPhone > Erase All Content and Settings. Android: Settings > System > Reset > Factory data reset. Used for decommissioning, resale, or clearing stubborn issues. On iOS you must first disable Activation Lock / Find My or the device stays tied to the prior Apple ID.
- Backup/restore: iCloud (auto over Wi-Fi while charging) or encrypted local Finder/iTunes backup; Android uses Google account backup or the maker's service.
- OS updates: iOS Settings > General > Software Update; Android Settings > System > System Update. MDM may stage updates to avoid breaking enterprise apps.
Email Configuration (ports matter)
| Protocol | Plain | Secure | Behavior |
|---|---|---|---|
| POP3 | 110 | 995 | Downloads to one device, can delete from server |
| IMAP | 143 | 993 | Keeps mail on server, syncs across devices |
| SMTP | 25 | 465 / 587 (STARTTLS) | Sends outgoing mail |
| Exchange ActiveSync | — | — | Microsoft email + calendar + contacts sync |
Modern setups use OAuth 2.0 instead of storing a password in the mail client.
Worked scenario: A user reads mail on a phone and a laptop and wants new messages to appear on both. Choose IMAP, not POP3 — IMAP leaves messages on the server and synchronizes state across every device, while POP3 would pull mail down to whichever device fetched it first.
The Closed-vs-Open Security Story
Why the iOS/Android difference matters in practice is a recurring theme. Apple's closed ecosystem vets every App Store submission and ships updates to all eligible devices simultaneously, which shrinks the window where a known vulnerability stays unpatched. Android's openness is its strength and its risk: sideloading an APK from outside the Play Store bypasses Google's screening and is the most common way Android malware arrives, and update timing depends on the manufacturer and carrier, so older or budget Android phones may run months behind on security patches.
For a technician, that means the first hardening step on managed Android devices is to block installs from unknown sources, while on iOS the priority is enforcing prompt OS updates and a strong passcode.
Passcode Strength in Numbers
The exam likes concrete math on screen locks. A 4-digit PIN yields 10,000 possible codes, a 6-digit PIN yields 1,000,000, and an alphanumeric password explodes the keyspace far beyond either. That is why enterprise policy commonly mandates a 6-digit PIN at minimum or a full password, paired with an auto-wipe after a set number of failed attempts (often 10) and escalating lockout delays. Biometrics — fingerprint or IR facial recognition — are a convenience layer on top of, not a replacement for, the underlying passcode, because the device still falls back to the passcode after a reboot or several failed biometric reads.
Activation Lock and Decommissioning
A frequently missed operational detail: before a factory reset on an iPhone for resale or reassignment, you must turn off Find My / Activation Lock and sign out of the Apple ID. Skip that step and the device re-locks to the previous owner's Apple ID after the wipe, leaving the new user stranded at an activation screen. The Android equivalent is Factory Reset Protection, which demands the previously synced Google account credentials after a reset. Proper decommissioning therefore means: back up needed data, sign out of the cloud account, disable the activation/reset protection, and only then perform the factory reset.
Which MDM feature lets an administrator erase all data on a lost company phone?
Which location technology is the most accurate but works poorly indoors?
An employee with a BYOD phone leaves the company. What wipe is appropriate?
Match each email protocol to its primary function:
Match each item on the left with the correct item on the right