Apple ’s iOS and Google ’s Android smartphone platforms are more secure than traditional desktop - based operating systems , but are still susceptible to many existing categories of tone-beginning , according toa 23 - page paper from surety software vendor Symantec .
The good news is that Apple and Google designed their respective operating organization with security department in intellect . But stay fresh up with a constantly changing threat landscape is difficult . In the report , “ A windowpane into mobile gadget security , ” Symantec evaluate the two operating systems for how they stand up up to Web - based and internet - based plan of attack , social technology fire , flack on the wholeness of the gadget ’s datum , and malware .
substance abuser of both Android and iOS smartphones and tablets regularly synchronize their devices with cloud serving and with their family background estimator . This can potentially expose sensitive enterprise datum to scheme outside the control of the enterprise , accord to Symantec .
When it comes to protecting against traditional malware , Apple ’s credentials of applications and developer protect user , harmonize to Symantec . On the other mitt , Google ’s less strict certification mode has arguably extend to today ’s increase volume of mechanical man - specific malware , the society said . Earlier this calendar month Google had to remove yet more malware - infect apps offered in its Android Market .
Google ’s more open approach has been one of the reason for its success , grant to Ben Wood , film director of research at CCS Insight . It has aid Google to chop-chop increase the number of available covering . So far , the breach apps have n’t had a major affect on users , but drug user view could commute quickly if they are hit by more severe onset , Wood said .
As has been pointed out by surety expert in the past , Android ’s reliance upon the user to yield a set of permissions is a weak link . A majority of user are only not technically equipped to make these security decisions . In contrast , Apple ’s iOS platform simply denies access , under all circumstances , to many of the gimmick ’s more sensitive subsystems , grant to Symantec . On Android , a malicious app plainly quest the set of permissions it needs to operate , and in most cases , drug user happily grant these permissions .
On the plus side , Google does require that developer pay a fee and record with the troupe to be able to pass out their apps via the official Android App Marketplace , Symantec said .
potential weakness in iOS let in its encoding , according to Symantec . The majority of the data is write in code in such a mode that it can be decipher without the need for the user to input the equipment ’s master passcode . This means that an assaulter with strong-arm access to an iOS twist can potentially take most of the twist ’s data without know the passcode , Symantec said . In February , investigator in Germany showedhow they could do this in six minuteson an iPhone run iOS 4.2.1 , Symantec warn .
Also , attacks against specific software like the iOS entanglement internet browser , while being ego - contained and blocked from impacting other apps , can still stimulate substantial hurt to a equipment .
Android late began volunteer work up - in encryption in Android 3.0 . However , earliest version of Android , which are running on virtually all nomadic phones in the field , contain no encryption capability .
So far , security system researchers have unveil about 200 unlike vulnerabilities in various versions of iOS . But the immense absolute majority of these vulnerabilities have been of a abject severity . To date , all but four of the 18 vulnerabilities on Android have been patch by Google . One has been set in version 2.3 , but it has not been fixed for prior versions of the operating organisation . For example , the late Android . Rootcager , also live as Android . DroidDream , and Android . Bgserv menace both leverage this vulnerability to obtain executive - level control , according to Symantec .
Symantec also has a watchword of warning for substance abuser with jailbroken smartphones . They are an attractive quarry for assaulter since they are every minute as vulnerable as traditional PC , it said .
Symantec reason that iOS offers better accession control , coating provenance and encoding . Google ’s Android offer better program isolation , and the permission - ground access control class is a crosstie , consort to Symantec . Apple also offers better protection against malware onslaught , Robert William Service attacks , datum exit and data integrity attacks . Both offer full protection against vane attacks , and no protection engineering to address social engineering approach such as phishing or spam .
Security on smartphones is a growing challenge that vendors require to address , fit in to Wood . prominent - scale attacks can stop up having a damaging effect on smartphone popularity , he said .
