Android vs iOS: Which is more secure?

Android and iOS represent the lion's share of the mobile operating system market, and while there's inherent risk with the use of any mobile device in the enterprise, Android presents a much bigger target for malware attacks and, in turn, corporate security issues.

With the massive growth of Android-powered devices in businesses over the past couple of years, companies need a strategy to minimize any risk the platform may pose, according to industry research firm J. Gold Associates.

"The point is because Android is basically open source, anyone can look at what's in Android. You can't do that with iOS," said Jack Gold, principal analyst with J. Gold Associates. "If you're LG, for example, and you put out a phone with modification to the OS, and you didn't do a good job with it, there's a potential vulnerability. And, in this day and age, someone will find it."

Even if a developer makes a small modification to an app running on Android, it can create a security hole, Gold said.

"Even if you modify the look and feel of a messaging app, you may not know you've added a vulnerability," he said. "That's the problem with open code, you never know until you've tested it."

Conversely, Apple's iOS is much more restrictive with what developers can do and  Apple doesn't release its source code. That means, generally, that iPhones [and iPads] are harder to jailbreak than Android phones, Gold said, "because Apple puts all kinds of restrictions on them and they'll check you every now and then. And, if they find a phone is jailbroken, they'll shut you down.

"And, because Apple controls the hardware and the software, they have the ability to impose tighter security," Gold added.

In some ways, Android has also suffered from its success.

Android and iOS now account for 94% of the mobile operating system market worldwide, according to Forrester Research's just-released "Mobile, Smartphone, And Tablet Forecast, 2017 To 2022." Android is the dominant platform for smartphones, capturing 73% of the market with more than 1.8 billion subscribers in 2016, according to Forrester.

Android is expected to maintain the lead this year, according to Forrester, with 74% market share, followed by Apple with 21% and Windows Phone with just 4%.

"The truth is, when Android gets attacked, it tends to be more vulnerable because there are more devises out there and more people also hear about it," Gold said. "Android also has a problem in that the latest version of Android OS is generally a small portion of the base of devices in the marketplace. So, when upgrades are issued, not everyone gets them. Whereas, when Apple upgrades, everyone gets it."

Additionally, as enterprises develop more of their own custom applications -- many of them mobile apps as part of a mobile-first strategy -- in-house developers are increasingly at risk of unwittingly using open-source code rife with vulnerabilities.

Applications today are rarely coded from scratch, particularly when software is created outside a company's development and operations units. Developers typically go to online libraries for open-source components -- chunks of code that act as building blocks -- to assemble custom mobile apps. Not only can chunks of code be modified, but they can natively contain vulnerabilities.

Mobile threat detections double

According to Symantec's Internet Security Threat Report issued in April, overall threat detections on mobile devices doubled last year, resulting in 18.4 million mobile malware detections. Similar threats were seen in 2015, according to Symantec, with 5% of all devices being targeted for infection in each of the past two years.

According to Symantec, from 2014 through 2016 the level of iOS vulnerabilities remained fairly flat. And while new Android malware families dropped significantly, from 46 in 2014, to 18 in 2015 and just 4 in 2016, the OS remains the main focus for mobile attacks, Symantec noted.

The overall volume of malicious Android apps increased significantly in 2016, growing by 105%, but that was still smaller than in 2015, when the number of malicious apps increased by 152%.

Mobile malicious threats are grouped into "families," and "variants." Malware families are a collection of threats from the same or similar attack groups. In 2014, there were 277 malware families overall. That grew to 295 families in 2015 and 299 in 2016. So while the number of new families grew more slowly, the overall number of threats remained sizable.

Tagged: Android 4, IOS 6, Gadgets 8, Smartphones 3, Internet Security 1