[David Strom's Web Informant] Is iOS more secure than Android
david at strom.com
Thu Aug 10 10:37:52 EDT 2017
Web Informant, August 10, 2017: Is iOS more secure than Android?
I was giving a speech last week, talking about mobile device security
and one member of my audience asked me this question. I gave the typical IT
answer, "it depends," and then realized I needed a little bit more of an
explanation. Hence this post.
Yes, in general, Android is less secure than All The iThings, but there are
circumstances where Apple has its issues too. A recent article in ITworld
lays out the specifics. There are six major points to evaluate:
1. *How old is your device's OS?* The problem with both worlds is when
their owners stick with older OS versions and don't upgrade. As
vulnerabilities are discovered, Google and Apple come out with updates and
patches -- the trick is in actually installing them. Let's look at the
behavior of users between the two worlds: The most up-to-date Android
version, Nougat, has less than 1% market share. On the other hand, more
than 90% of iOS users have moved to iOS v10
<https://data.apteligent.com/ios/>. Now, maybe in your household or
corporation you have different profiles. But as long as you use the most
recent OS and keep it updated, right now both are pretty solid.
2. *Who are the hackers targeting for their malware?* Security
researchers have seen a notable increase in malware targeting all mobile
devices lately (see the timeline above), but it seems there are more
Android-based exploits. It is hard to really say, because there isn't any
consistent way to count. And a new effort into targeting CEO "whale"
phishing attacks or specific companies for infection isn't really helping:
if a criminal is trying to worm their way into your company, all the
statistics and trends in the universe don't really matter. I've seen
reports of infections that "only" resulted in a few dozen devices being
compromised, yet because they were all from one enterprise, the business
impact was huge.
3. *Where do the infected apps come from?* Historically, Google Play
certainly has seen more infected apps than the iTunes Store. Some of these
Android apps (such as Judy and FalseGuide) have infected millions of
devices. Apple has had its share of troubled apps, but typically they are
more quickly discovered and removed from circulation.
4. *Doesn't Apple do a better job of screening their apps*? That used to
be the case, but isn't any longer and the two companies are at parity now.
Google has the Protect service that automatically scans your device to
detect malware, for example. Still, all it takes is one bad app and your
network security is toast.
5. *Who else uses your phone*? If you share your phone with your kids
and they download their own apps, well, you know where I am going here. The
best strategy is not to let your kids download anything to your corporate
devices. Or even your personal ones.
6. *What about my MDM*, should't that protect me from malicious apps?
Well, having a corporate mobile device management solution is better than
not having one. These kinds of tools can implement app whitelisting and
segregating work and personal apps and data. But an MDM won't handle all
security issues, such as preventing someone from using your phone to
escalate privileges, detecting data exfiltrations and running a botnet from
inside your corporate network. Again, a single phished email and your phone
can become compromised.
Is Android or iOS inherently more secure? As you can see, it really
depends. Yes, you can construct corner cases where one or the other poses
more of a threat. Just remember, security is a journey, not a destination.
Comments always welcome here: http://blog.strom.com/wp/?p=6097
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the WebInformant