Data Collection Face Off: iPhone vs. Android

Jul 24, 2024 9:40:53 AM / by Ryan Short

Mobile devices like cell phones and tablets are a potential treasure trove of evidence. But conducting data collection and digital forensics from these devices may prove challenging, and the two most popular platforms in the world, Apple and Android, offer divergent challenges.

The first step is understanding what data is potentially available to be collected. Short message data from sources like texts, Teams, Slack, and encrypted apps largely reside in one of two locations: the device on which the message was sent or received, and/or in the cloud.

Next steps are often determined by the type of device in play: Apple or Android.

The Secured Gates of the iPhone

In many ways, Apple devices like iPhones and iPads are easier to collect from because Apple is a closed development system; hardware and operating system development is centralized from corporate headquarters, releases are global, and documentation is relatively easy and reliable.

This “walled garden” approach from Apple presents a more controlled environment. We often find collection via iTunes or iCloud backups a relatively straightforward process because you can collect data from the iCloud account and from the sync data source (that, for example, allows the text thread you participated on from your iPhone to appear on your iPad).

However, this ease of use comes with limitations:

  • Limited Direct Access: Forensic tools typically require Apple's proprietary software and hardware, potentially restricting access to specific data points.

  • Data Availability: Not all data stored on an iPhone gets backed up to iCloud or iTunes. Crucial evidence like app-specific data or communication logs might be missed.

  • Encryption Complications: Similar to Android, strong encryption can significantly hinder data acquisition, especially on newer iPhone models.


The Open Access Android

Android's open-source nature offers a degree of flexibility and this can make collecting from Android phones more challenging because of the variety of hardware and operating systems. “Open source” means anyone can modify them (i.e. change how data is stored on a device). This can complicate collections efforts, leading to more troubleshooting or gaps in collections.

On unencrypted devices, we can leverage tools that directly access the file system, potentially extracting a wider range of data, but also greater hurdles like:

  • Fragmentation: The Android ecosystem is a diverse landscape of manufacturers and software versions. Collection methods may need to be tailored to specific device models, increasing complexity.

  • Encryption: A growing number of Android devices utilize full-disk encryption by default. Without a decryption key (which can be difficult to obtain), valuable data may remain inaccessible.

  • Data Fragmentation: Android stores data differently than iOS. Deleted information might be scattered across the device, making comprehensive recovery a challenge.

Common Challenges for Both Devices

Technology and policy changes mean what was true yesterday may not be true today. For example, text messages that were deleted from iPhones used to be available in the custodian’s iCloud account for many months; today, messages deleted from an iPhone are deleted from the iCloud account within thirty days, underscoring the need to move quickly to preserve data.

Fortunately, as data sources proliferate, software and services providers are developing new methods of collecting, culling, and reviewing data to ease your headaches and help you quickly find the messages that matter.

The Takeaway: Planning and Experience are Key

Understanding the specific challenges of Android and iPhone data collection empowers lawyers to make informed decisions. Partnering with experienced eDiscovery providers who possess the tools and know-how to navigate these complexities of digital forensics is essential.

By anticipating the obstacles, you can ensure a smoother mobile forensics journey and secure the critical evidence you need.

Want more on short message data? Download our guide, "Mastering Short Message Data: A Guide to Data Collection and Review" today!

 

Short Message Data guide

 

Tags: Data Collection, Forensics, eDiscovery, Digital Forensics

Ryan Short

Written by Ryan Short

Ryan joined Proteus in 2020. He is an MBA and a Certified eDiscovery Specialist with over a decade of experience in publicly traded, PE-backed, and bootstrapped entities focused on technology-enabled services. Ryan lives in Indianapolis with his wife and their 5 children under the age of 9. Consequently, his wife won't let him buy a dog.