CS3S663 Module name: Mobile Systems and Applications

Module code: CS3S663

Module name: Mobile Systems and Applications

Assessment title:

Languages and Environments in Mobile Development

Date: 22/01/2023

Introduction

Nowadays, mobile devices are in almost everyone's life, shaping the ecosystem of our daily digital experiences, from the bustling streets of London to the pristine rainforests of Africa. Operating systems are key to the functioning of mobile devices, most notably iOS and Android, both of which were released in 2007 and beat out one-time competitors Nokia, Microsoft, and Blackberry [1]. Today, the choice of operating system for mobile device manufacturers is close to unity, with Google's Android and Apple's iOS almost exclusively in use, while others such as Other operating systems, such as Harmony OS, now have a negligible market share. The main purpose of this paper is to discuss and evaluate the differences between operating systems and native development environments used to create applications on the platform, including community support and developer resources, application distribution and security testing, security issues, development environments and language support, as well as some case studies. Xamarin is chosen as the Cross-platform language for further comparison.

iOS is Apple's proprietary mobile operating system for its mobile devices. Until the advent of the Swift programming language, iOS used Objective-C as the programming language to develop its software [2].  Android is an open-source mobile operating system based on the Linux kernel along with other open-source software, and its applications are written utilizing SDKs, usually using Java as the programming language [3]. Xamarin is a cross-platform development software, by using a shared codebase written in C#, developers can write iOS, Android, and Windows apps using a native user interface and share the code across plains through Xamarin [5], which was acquired by Microsoft in 2016 is now bundled as an open-source IDE for .NET [6].

Developer Resources

In the ever-evolving field of mobile app development, the strength and accessibility of community support and developer resources play a key role in shaping the efficiency and creativity of app creation. There are many ways to get some help nowadays, the most official and frequently updated ones are Swift UI Tutorial from Apple and Android Studio Guidelines from Google, apart from third-party platforms like Stack Overflow, GeeksforGeeks etc. In general, these resources are very easy to obtain, but also very effective and usually can quickly solve the problem, the official tutorial gives developers some foundation, but with their familiarity with the language and the use of the depth of the increase, often encountered not envisaged bugs, and these bugs are often not even mentioned in the official tutorials. Developers can often solve the problem by using third-party tutorials, as confirmed by Tiarks and Maalej's research. By looking at different tutorials and guidelines, they found that the iOS community publishes the highest number of images in their tutorials, with an average of 14 images per tutorial [4].

App Distribution

After the developer has completed the initial production of the program, the next step for the software is to distribute it. Distribution usually refers to the process of making the developed software or application available to end users, which usually involves packaging, testing, Internal distribution and the final distribution.

Beta testing is the most important step before the software is confirmed on the shelves, effective testing scenarios can improve the quality of the application and can also improve user satisfaction and trust in the software. Android has Google Play Console for testing and Apple uses TestFlight for testing. After completing the test distribution, if everything goes well, the developer can formally put the application of software on the App Store, now there are two mainstream distribution platforms, Android's Google Play Store and Apple's App Store, in some countries there are some other Android software store exists, such as the United States of America's Amazon App store and China's Yingyongbao.

Android distribution platforms and Apple distribution platforms have very different policies and procedures that can directly affect the time to market, quality and user reach of the software. Compared to Android, which uses an automated review process and occasional manual review, Apple uses a strict manual review process throughout, which can ensure the quality and security of the app to a certain extent, but often results in longer approval times than Android. Apple restricts alternative distribution channels and generally does not allow users to download software directly. Generally, untrusted software downloaded directly will expire within a few weeks, whereas Android is very flexible in this regard, allowing alternative app shops and direct APK downloads. These alternative app shops are adapted to the policies of different countries to fit the market.

Google shut down all its websites in China in 2010, after that a series of alternative app stores such as Yingyongbao sprung up, and while these shops provide convenience for users, they also provide opportunities for malicious apps that steal user information. Wang and his team confirmed this by analysing the trustworthiness level of the Android App Store and suggesting that this phenomenon is changing because of the development of the mobile market and the improvement of the Android system [7]. Apple's approach to region limitation is very simple: it uses account numbers to distinguish the regions of the app store. Different accounts can log in to different regions to download apps that are only provided on the specific app store. It has strict limitation, which require the user to provide a bank card number, address etc. to ensure the user is a citizen in the region.

Security Concerns

Mobile device security is increasingly becoming the focus of the public and technical community, especially in iOS and Android, the two mobile operating systems that dominate the market, their different security policies directly affect the security and privacy protection of user data. Ahmad and his team in their research made some definitions of security requirements for mobile operating systems, they believe that the security of an operating system should consider the major requirements of Sandboxing, Application Isolation, Encryption, Data Storage Format, and Built-in Antivirus [8].

Application Sandbox is the process of restricting the functionality of code that can be executed due to certain rights or declarative all-county, these rights are not dynamic but are assigned when the application is created and each application has a unique ID (UID). Novac et al. considers Sandbox as an important layer of protection for the operating system, which prevents applications from accessing the system [10]. Apple defines an application sandbox as a set of fine-grained controls, which is used to restrict applications from accessing information such as files, hardware, networks, etc. Apple has also created a special model for sandboxing applications, which is more reliable and secure than sandboxing and reduces public access [11]. And in Android, because Android is based on Linux, so similarly, its sandbox is also a Linux-based kernel platform. android sandbox is very powerful [9]. It has a similar strategy as iOS on sandboxing, but Android has permissions decided directly by the application instead of allowing the user to access the system files in the root directory as iOS does [11] so Android is more vulnerable to threats and loss of personal information in comparison.

Application Isolation ensures that no changes can be made to other software while one software is running [12]. In iOS, the application works in a sandbox and cannot abuse other applications, third-party applications are completely controlled by iOS and have little impact on the system, but Apple still allows access to devise ID, Wi-Fi, etc., but for software that wants to access information such as emails, text messages, etc., it can only be done with the authorisation of the user. android uses the same isolation technique, where each program is isolated from the system kernel thus ensuring that there are no vulnerabilities [13]. However, if some special permissions are given, some malware can start some software in the background or even tamper with the data.

Encryption is one of the most effective methods to secure data and provides extra protection in case of mobile phone theft, it converts data into encrypted code, unencrypted data is known as plaintext and encrypted data is known as ciphertext [15]. Versions of Android after 4.0 use an encryption API which is based on disk encryption, where the user must use a PIN or password to read encrypted files in Android [14]. Apple introduced hardware encryption within the iPhone 3GS and allowed for the remote wiping of data by deleting the encryption key from the device. Compared to Android, iOS has a more robust device protection API and Android developers did not utilise encryption in their design.

Data can be stored on both internal and external memory. Android allows data to be stored on memory like an SD card, but this method is not secure by default and all programs can read files to that storage which spreads malware directly to the storage [17]. Compared to iOS, it is less secure as iOS doesn't allow for external storage, the only thing that is allowed is internal storage, all operations and access need to be authorised and the APIs mentioned above can also provide additional protection. Whether Android or iOS, when storing sensitive data, should try to store it in the internal memory to ensure data security [16].

The most common malware affecting system security today are spyware, viruses, backdoors and Trojans [18]. Virus is a type of software that contains malicious code. Spyware bypasses the user and collects information about the user without their knowledge. Backdoor is a type of malware that can evade system authentication, it can access databases and files, but its installation generally requires administrator privileges, so it often occurs on Rooted Android and jailbroken Apple devices. Trojans are also known as Trojan horses, and as its name suggests, they describe some normal functions, but these functions are malicious. Therefore, an inbuilt antivirus is very important. However, due to the previously mentioned less stringent review process and flexible software installation methods of Android, Android software has a greater chance of being attacked by malware, before Android installs software, it asks the user for permission to download the program from an untrusted network, and if it doesn't give permission, it can't proceed with the installation of the software other than Google Play, and once the user allows the sub-operation, it will give a great opportunity for external malware to take advantage of. Therefore, Android may need to install additional anti-virus software to ensure the security of the system. iOS is much better in this aspect because iOS almost does not allow users to install non-App Store software, even if the user wants to download from the web page, it will usually go directly to the App Store. and due to Apple's strict manual review mechanism, the user will almost not have any may encounter malware unless the device is jailbroken. This almost perverted control is exchanged for a safer and more unified system, while Android provides a freer environment where users can do what they want. [12] Some information about programming software for Android and iOS platforms is also mentioned below.

Native/Support Languages

The growth of mobile applications has accelerated the development of platforms and tools that provide considerable convenience to developers. But at the same time, the variety of operating systems requires developers to learn various programming languages such as Swift, Java, C#, etc. and understand the interfaces to develop the same software on various platforms [20]. Pinto et al. in their paper mentioned that to solve these problems, they categorised mobile applications into the Native approach and the Cross-Platform approach [21].

Native approach is also commonly known as Native Programming Language, which is used to refer to programming languages designed for a particular system or platform. In mobile operating systems, these languages can be directly optimised and mutated for a specific operating system to improve the efficiency of operation on that platform. For iOS, the native programming languages are Swift and Objective-C, and the only development environment that corresponds to these two programming languages is XCode. Introduced by Apple in 2014, Swift incorporates features that help avoid common programming errors such as null pointer dereferencing, improved security, a very clean syntax that makes the code easy to write and read, and an interactive environment called Playgrounds that allows developers to test swift code in an interactive environment without having to compile the entire application. Objective-C appeared in the 1980s and benefits from having been around for decades, so it has a huge library and framework, a very mature ecosystem, and Objective-C acts as a superset of C, allowing C code to be used directly in Objective-C. The main programming languages of Android are Java and Kotlin, and the native development environment that corresponds to Android is Android Studio. Kotlin was introduced by JetBrains in 2011 and has been officially supported by Google for Android development since 2017. its main features are that it reduces boilerplate code, makes programs easy to read and write, and is fully interoperable with Java, which was introduced in the mid-1990s in the twentieth century. Java was launched in the mid-1990s it is because the Java Virtual Machine (JVM) to do writes once, runs anywhere (WORA) and famous, for its powerful memory management over the years a very perfect ecological, so since the birth of Android has been the most important language in the development of Android. Android Studio is probably one of the best IDEs, as it can be installed on almost all major operating systems, such as Windows, Mac OS, and Linux, which means that no matter what operating system the developer chooses, they can develop with native Android software in the classroom, with the highest degree of flexibility, while in the development of iOS software, Apple requires the user to need to have a device equipped with Mac OS, he also can be Windows, but a virtual machine or dual system must be installed to ensure that the Mac OS works (often referred to as a Hackintosh), but this is just an assumption, and although many people do this, under Apple’s software licensing agreement, Mac OS is only allowed to be loaded on Apple-branded hardware, and the Hackintosh isn't a Mackintosh, and developers who develop and profit from this method may violate of Apple's End-user Licence Agreement (EULA). In terms of practical use, both environments are customised for their respective platforms and are not superior or inferior. Both Xcode and Android Studio provide layout editors for designing UI, are compatible with their respective ecosystem services, and can be used to test performance (e.g. parameters such as CPU, RAM, network usage, etc.) between different versions of different devices within the same system. It is also possible to test adaptability across devices.

Although native environments are perfect for developers to develop in, everything is not perfect. Developers using native IDEs can only adapt the software to that particular system, they simply can't run it on systems other than the native system, for example, software developed in Xcode can't run on an Android phone. Nowadays, people often use software on different platforms, and the native development environment is stretched to the limit. Cross-platform programming languages are a great solution to this problem, as they allow software to run on almost any operating system, with no hardware limitations, and without the hassle of Windows users wanting to use Xcode. Xamarin is a typical representative of Cross- Platform programming language, which is divided into six layers, the Data Layer, Data Access Layer, Business Layer, Service Access Layer, and Application Layer [ 23]. Compared to the Android platform, which only supports XML, Xamarin also supports XAML, which makes it easier to implement the Model-View-ViewModel (MVVM) architecture because it simplifies the connection between UI components and data sources. It also allows designers to focus more on UI design and developers to focus more on back-end logic [22]. Compared to iOS native development, Xamarin has fewer hardware limitations and access to the .NET ecosystem, with diverse .NET libraries and tools for developers. For enterprises, choosing Xamarin means a reduction in costs, with bulk purchases of the same type of computer often costing less than purchases of different types of computers, and a considerable boost to the internal organisational structure of the company. Xamarin also has the very big advantage of a shared codebase, where most of the code can be shared across platforms, including collective business logic, data models and network communications, which makes it very developer-friendly.

Theoretically, it is difficult to achieve the same performance for programs developed in a Cross-platform programming language as for programs developed in a native programming language because of a series of steps such as code translation and compilation, confirmed by Huy and VanThanh's study [26]. However, in some more recent studies, it has been found that since Cross-platform programming language has more libraries, the performance of cross-platform programs has surpassed that of software developed in native languages in terms of startup speed, etc. [27].

The Stack Overflow Developer Survey 2023 shows that Flutter and React Native are the most popular cross-platform programming languages, followed by Xamarin, which is used by more people (about 2,232) than Objective-C (about 2,023) [25].

Reference List

[1] Helft, M. and Markoff, J. (2007) ‘Google Enters the Wireless World’. The New York Times 5 November. Available at: https://www.nytimes.com/2007/11/05/technology/05cnd-gphone.html?ex=1352005200&en=d7a169e184415788&ei=5088&partner=rssnyt&emc=rss (Accessed: 23 January 2024).

[2] Sinicki, A. (2019) How to install the Android SDK. Available at: https://www.androidauthority.com/how-to-install-android-sdk-software-development-kit-21137/.

[3] Anderson, T. (2023) Apple’s Objective-C ‘appears to be reaching its end of life’ - or so says JetBrains survey • DEVCLASS. Available at: https://devclass.com/2023/11/21/apples-objective-c-appears-to-be-reaching-its-end-of-life-or-so-says-jetbrains-survey/ (Accessed: 23 January 2024).

[4] Tiarks, R. and Maalej, W., 2014, May. How does a typical tutorial for mobile development look like?. In Proceedings of the 11th Working Conference on Mining Software Repositories (pp. 272-281).

[5] Jo Foley, M. (2012) Xamarin delivers tool for building native Mac OS X apps with C#. Available at: https://www.zdnet.com/article/xamarin-delivers-tool-for-building-native-mac-os-x-apps-with-c/ (Accessed: 24 January 2024).

[6] Riley, M. (2013) Xamarin 2.0 Review. Available at: https://www.drdobbs.com/tools/xamarin-20-review/240150634 (Accessed: 24 January 2024).

[7] Wang, Y., Ng, Y.Y., Zhou, H., Dong, Y. and Ji, Z., 2016, December. The Improvement of the Trustworthiness of Android App Stores in China. In 2016 23rd Asia-Pacific Software Engineering Conference (APSEC) (pp. 357-360). IEEE.

[8] Ahmad, M.S., Musa, N.E., Nadarajah, R., Hassan, R. and Othman, N.E., 2013, July. Comparison between android and iOS Operating System in terms of security. In 2013 8th International Conference on Information Technology in Asia (CITA) (pp. 1-4). IEEE.

[9] Khan, S., Yusuf, A., Haider, M., Thirunavukkarasu, K., Nand, P. and Rahmani, M.K.I., 2022, June. A Review of Android and iOS Operating System Security. In 2022 ASU International Conference in Emerging Technologies for Sustainability and Intelligent Systems (ICETSIS) (pp. 67-72). IEEE.

[10] Novac, O.C., Novac, M., Gordan, C., Berczes, T. and Bujdosó, G., 2017, June. Comparative study of Google Android, Apple iOS and Microsoft Windows phone mobile operating systems. In 2017 14th international conference on engineering of modern electric systems (EMES) (pp. 154-159). IEEE.

[11] Sehgal, K., Jain, A., Nagrath, P. and Kumar, A., 2019. Recent advances in networks and data security survey on various mobile operating systems. In International Conference on Innovative Computing and Communications: Proceedings of ICICC 2018, Volume 1 (pp. 181-190). Springer Singapore.

[12] Greene, D. and Shilton, K., 2018. Platform privacies: Governance, collaboration, and the different meanings of “privacy” in iOS and Android development. new media & society, 20(4), pp.1640-1657.

[13] Hussain, M., Zaidan, A.A., Zidan, B.B., Iqbal, S., Ahmed, M.M., Albahri, O.S. and Albahri, A.S., 2018. Conceptual framework for the security of mobile health applications on android platform. Telematics and Informatics, 35(5), pp.1335-1354.

[14] Aviv, A.J., Gibson, K., Mossop, E., Blaze, M. and Smith, J.M., 2010. Smudge attacks on smartphone touch screens. In 4th USENIX Workshop on Offensive Technologies (WOOT 10).

[15] Fok, K., Hwang, J., Yip, E.C.C. and Lushin, M.A., Qualcomm Inc, 2012. Providing secure inter-application communication for a mobile operating environment. U.S. Patent 8,225,093.

[16] Oh, T., Stackpole, B., Cummins, E., Gonzalez, C., Ramachandran, R. and Lim, S., 2012, June. Best security practices for android, blackberry, and iOS. In 2012 The First IEEE Workshop on Enabling Technologies for Smartphone and Internet of Things (ETSIoT) (pp. 42-47). IEEE.

[17] Kim, J.M. and Kim, J.S., 2012. Androbench: Benchmarking the storage performance of android-based mobile devices. Frontiers in Computer Education, pp.667-674.

[18] Zhou, Y. and Jiang, X., 2012, May. Dissecting android malware: Characterization and evolution. In 2012 IEEE symposium on security and privacy (pp. 95-109). IEEE.

[19] https://community.rapid7.com/community/mobilisafe/blog/2012/12/21/ inside-The-sandbox

[20] Perchat, J., Desertot, M. and Lecomte, S., 2013. Component based framework to create mobile cross-platform applications. Procedia Computer Science, 19, pp.1004-1011.

[21] Pinto, C.M. and Coutinho, C., 2018, September. From native to cross-platform hybrid development. In 2018 international conference on intelligent systems (IS) (pp. 669-676). IEEE.

[22] Vishal, K. and Kushwaha, A.S., 2018, August. Mobile Application Development Research Based on Xamarin Platform. In 2018 4th International Conference on Computing Sciences (ICCS) (pp. 115-118). IEEE.

[23] Khoury, A., Kaddaha, M.A., Saade, M., Younes, R., Outbib, R. and Lafon, P., 2023. Challenges and Solutions for Engineering Applications on Smartphones. Software, 2(3), pp.350-376.

[24] Biørn-Hansen, A., Grønli, T.M. and Ghinea, G., 2018. A survey and taxonomy of core concepts and research challenges in cross-platform mobile development. ACM Computing Surveys (CSUR), 51(5), pp.1-34.

[25] https://survey.stackoverflow.co/2023

[26] Huy, N.P. and vanThanh, D. (2012) ‘Evaluation of mobile app paradigms’. Proceedings of the 10th International Conference on Advances in Mobile Computing & Multimedia - MoMM ’12 . doi: https://doi.org/10.1145/2428955.2428968.

[27] Ville Ahti, Sami Hyrynsalmi and Olli Nevalainen (2016) ‘An Evaluation Framework for Cross-Platform Mobile App Development Tools’. Computing Machinery . doi: https://doi.org/10.1145/2983468.2983484.


发表评论

电子邮件地址不会被公开。 必填项已用*标注