1 iOS is based on Darwin (a Unix-like OS for mobile devices).

2 Apps on iOS run via the iOS Runtime (IRT).

3 iOS apps need to ask for permission before getting access to the internet.

4 Apps in iOS are sandboxed.

1 Android is based on Darwin.

2 Apps on Android run via the Android Runtime (ART).

3 Android apps need to ask for permission before getting access to the internet.

4 Apps in Android are sandboxed.

1 iOS apps are uniquely identified by their package name, both on the app store and on the device.

2 Since the DMA, only browsers using WebKit are allowed on iOS.

3 It is not possible to embed a website in an iOS app, like on Android where it is possible.

4 iOS devices don't contain special Hardware to ensure physical integrity like TRNGs.

1 If the OS cannot be verified, the system will have a constant red/orange/yellow border around it to notify the user.

2 Since Android 11 an app gets all the permissions set in its Manifest file.

3 The OS is only checked when the bootloader is locked.

4 Unless there is a bug or a backdoor it is not possible to extract fingerprint information from the fingerprint component of a mobile device.

1 -

2 The kernel reads the executables header to find out which interpreter/loader to use.

3 Capabilities are lost when the file is changed.

4 -

1 Is when you sell your bug/vulnerability to the highest bidder.

2 You can keep your identity anonymous by reporting the bug via your national CERT (i.e. CERT.at in Austria).

3 The organisation should make sure to fix the bug as soon as possible.

4 You should be able to find contact information for CVD on the organisations website.