Today, security company Symantec issued a white paper detailing strengths and weaknesses in the security of the two largest mobile operating systems, Apple's iOS and Google's Android. The white paper, found here, outlines the best and worse practices both companies have taken while building and upgrading their mobile platforms. Mobile operating systems were designed to be more secure than their desktop counterparts from the ground up, but it doesn't make them invulnerable.
Apple's biggest strength lies in the rigid policy enforcement of the App Store. By controlling every application that is installed on the device, Apple has made it extremely hard for malware to sneak onto users devices. And although Apple offers hardware-level encryption, the encryption key is not protected by the user's defined password leaving it vulnerable to attack. In addition, iOS apps have access to areas like the calendar and video camera without user permission which could cause some concern over privacy.
Android's more permissive method of delivering apps leaves it potentially open to more attacks. Google has been very good so far in limiting and removing malware from the market itself and so far no major security instances have occurred to threaten a large number of users. Android's process of having the user explicitly approve application permissions means that users are more aware of what the apps have access to so that they can make a more informed decision about whether or not they want to install that app. However, Froyo and Gingerbread versions of Android do not have an option for encryption but it is available as an option in Honeycomb, albeit turned off by default.
The report also touches on other areas of concern, particularly jailbroken and rooted devices. Both methods allow the devices to potentially become more vulnerable as they can install unsigned and unofficial applications and operating system modifications. And, of course, all security depends on the user. As smartphone popularity grows, less technically knowledgeable users may be at an increased risk of falling victim to security flaws. For some users, smartphones have become the device they interact with most, increasingly making them more popular as targets for malicious activity. It will be interesting to see what steps Apple and Google as well as the rest of their competitors take going forward to protect the privacy and security of their users.
Image credit: dialaphone.co.uk