iOS and Android security compared

Today, security company Symantec issued a white paper detailing strengths and weaknesses in the security of the two largest mobile operating systems, Apple's iOS and Google's Android. The white paper, found here, outlines the best and worse practices both companies have taken while building and upgrading their mobile platforms. Mobile operating systems were designed to be more secure than their desktop counterparts from the ground up, but it doesn't make them invulnerable.

Apple's biggest strength lies in the rigid policy enforcement of the App Store. By controlling every application that is installed on the device, Apple has made it extremely hard for malware to sneak onto users devices. And although Apple offers hardware-level encryption, the encryption key is not protected by the user's defined password leaving it vulnerable to attack. In addition, iOS apps have access to areas like the calendar and video camera without user permission which could cause some concern over privacy. 

Android's more permissive method of delivering apps leaves it potentially open to more attacks. Google has been very good so far in limiting and removing malware from the market itself and so far no major security instances have occurred to threaten a large number of users. Android's process of having the user explicitly approve application permissions means that users are more aware of what the apps have access to so that they can make a more informed decision about whether or not they want to install that app. However, Froyo and Gingerbread versions of Android do not have an option for encryption but it is available as an option in Honeycomb, albeit turned off by default.

The report also touches on other areas of concern, particularly jailbroken and rooted devices. Both methods allow the devices to potentially become more vulnerable as they can install unsigned and unofficial applications and operating system modifications. And, of course, all security depends on the user. As smartphone popularity grows, less technically knowledgeable users may be at an increased risk of falling victim to security flaws. For some users, smartphones have become the device they interact with most, increasingly making them more popular as targets for malicious activity. It will be interesting to see what steps Apple and Google as well as the rest of their competitors take going forward to protect the privacy and security of their users.

​Image credit: dialaphone.co.uk

Report a problem with article
Previous Story

Angry Birds now available for WP7

Next Story

BioShock Infinite is big winner in E3 2011 Game Critics Awards

11 Comments

Commenting is disabled on this article.

It seems to me that this author is fairly clueless when it comes to technology. This boils down to the age old debate: are user's smart enough to administer their own technology. The answer is maybe. Apple says no. Android says somewhat.

This author seems to suggest that android is insecure by default. Did he mention anywhere that by DEFAULT(including most rooted distributions) android does NOT allow installation from external sources (this includes the SD card as untrusted as well!)? Did he mention that applications that require writes to system partitions must ASK the sudo application for a privilege escalation?

His argument that rooted/jailbroken phones are inherently dangerous is in fact a moot point. Were I approximating, 90% of all android and iOS based devices are not rooted/jailbroken. To further examine this, we can look at the typical user that prefers to modify their hardware and software. The vast majority of all people that root/jailbreak their phone are people in a technology related position, and despite the stigma attached to the word, "hackers".

It is true, that by default, gingerbread and froyo are not encrypted distributions. However, there are now additional softwares available to anyone using a rooted distribution and something hardware compatible to the nexus one/nexus S. This software is available free from a company called Whisper Systems (whispercore). http://www.whispersys.com/whispercore.html

There are only 2 competing smart phone OS's guys; iOS and Android. If you cannot see this, you are completely blind. Market share will NOT follow blackberry, palm, or even windows mobile... their days have come and gone; get over it.

Holey said,
What about WP7? How does that fare?

How about BlackBerry or dare I say Symbian?

There's no fairness.

Research costs money and Symantec just decided to compare these two.

Be grateful they've published the results free of charge for everyone to see.

zhiVago said,

How about BlackBerry or dare I say Symbian?

There's no fairness.

Research costs money and Symantec just decided to compare these two.

Be grateful they've published the results free of charge for everyone to see.

There's no fairness ? Well there is. Both RIM and Symbian are on the death bed, and WP7 is not considered yet as an OS to pay attention to with 0.1% worldwide marketshare.

zhiVago said,

How about BlackBerry or dare I say Symbian?

There's no fairness.

Research costs money and Symantec just decided to compare these two.

Be grateful they've published the results free of charge for everyone to see.

fare not fair... as in "how does that do"

dale1v said,

fare not fair... as in "how does that do"

Excuse me officer... at least have a solid grasp of English before you step out of the shadows.