I have been asked a bunch of times “Which is the more secure mobile platform? Android or iOS?”. There are tons of articles on this topic found by searching on Google. Here is my two cents on the topic.
When looking at Apple iOS and Android, both take completely different approaches to security giving pros and cons to each option. Apple is extremely strict with how applications can leverage resources while Android is open source. For example, Apple devices sandbox APPs meaning they can’t interact with other APPs. Only “jail broken” phones open up the ability for applications to interact with other resources. So for those thinking its smart to jailbreak your iPhone, just be warned that you are also putting your device at risk for compromise.
Another benefit from iOS is how APPs must go through a rigorous process to be approved for the Apple Store. An example of this is when my buddy attempted to post a malicious version of TICTACTOE that also stole data to both Android and Apple stores. The Apple store blocked three different versions from being posted for sale while the Android store had it up for sale within hours. So the trust in APPs is much better for Apple (some even believe this means there will never be Apple tablet viruses, which is a false sense of security).
One con to the Apple approach is Apple isn’t bullet proof so when a vulnerability is discovered, it can be extremely damaging depending on how effective the exploit is. Once something is vulnerable, its pretty much out of the user’s hands to remediate outside of what Apple controls they can change such as passwords, shutting off specific services, etc. I recall attending Blackhat years ago the day they announced an iOS vulnerability and witnessed tons of people’s devices being exploited including my own. I tried shutting down my phone but it would power back up own its own randomly and start sending emails! Luckily Apple released a patch the following morning to end that drama.
When considering Android, yes there are more opportunities for malware since they are open source but there is a pro here as well. This flexibility also means there are more opportunities for security vendors to provide customized packages that could go beyond what is available for iOS. I’ve seen some very interesting demos for military level security applications only available for Android. Many standard software security packages start with Android and sometimes never have an iOS version due to the difficulty to work with Apple’s strict application policies. Talk to any Mobile Device Manager (MDM) vendor and they will probably have more features for Android devices. So more controls for a security savvy user means more options to enable protection.
Another pro for Android is the flexibility in hardware. I’ve seen some manufactures develop customized hardware options that are far more security than the average iPhone. You probably won’t find this level of hardware at the typical cellular store so this would be a con for the average consumer.
Conclusion
So to summarize, you get more flexibility and options with Android however that also means more risk. With Apple, you have a more secure structure for APP approval and more controls on how things interoperate giving a little less risk to be compromised. This doesn’t mean Apple is more secure however it does mean a reduction of risk considering default settings. If you are looking to invest in the most secure platform and will to pay for customizations, you will have more options with Android. If you want to leverage what is available to the average user, Apple would be a more secure option.
Note to both options: Buying either of these options and using the default settings does not make you secure. It is critical to understand what is enabled and how you use the device. For example, auto connecting to any network is a bad idea. You can research on how to harden a Apple or Android device for more details. Here are a few sources
Hardening iOS mobile devices -> HERE
Hardening Android devices -> HERE
