Before buying your own smartphone, what criteria do you use for choosing the right phone? Does it include having a wider screen and higher resolution? Does it include having the fastest processor on the market? Or what about battery power that lasts for more than a day? Most consumers focus their gaze on the phone’s specs but neglect to consider a very crucial and important criterion: security features.
In the battle of the best phones on the market, let’s now compare the security features of both Apple and Android devices which most consumers have overlooked.
Let’s first tackle those security features where both mobile operating systems are on par with each other. Both iOS and Android have traditional access control. It is a method where users access the device to unlock the phone through such means as typing a password, following a pattern, and sliding to unlock.
Both platforms also provide permission-based access control. This security feature asks permission from the user before an app uses sensitive data or file from the phone. Applications also cannot directly access the phone’s hardware. Both OSes have layers of intermediary software that controls applications from directly connecting to your phone.
You also won’t need to worry about web-based attacks. Both iOS and Android are already armed and ready to ward off foreign invaders.
Both mobile platforms have designated markets where you can download apps. For iOS, one has only the Apple App Store, while Android has plenty of sources to choose from, aside from the official Android Market.
Both iOS and Android also differ in how their apps are validated and published on their databases. Apple’s App Store has a complicated and strict process before an app becomes available on the market. Developers are required to submit a binary package to Apple’s team of engineers for approval. This requires a long time before it is made available on the App Store. When approved and made available in the App Store, the app still risks the possibility of removal from the App Store when the app or its developer behaves inappropriately.
On the other hand, you can download apps to your Android phone through the Android Market and a number of third-party sources on the web. The Android Market also has a limited security process and allows nearly all applications to be downloaded by its consumers. The loose security process can be an entry point for developers of viruses or malware for Android phones.
Security and privacy on both Android and iOS have not been thoroughly tested. There have already been cases of unauthorized access to sensitive data under both platforms.
Both iOS and Android use permission-based access control, but the two platforms differ in implementing it.
In the case of Android, you are shown a list of what data or hardware will be accessed by the app before you actually download and install the app. If you grant the app permission, the app will be downloaded and installed on your mobile device. In the case of iOS, you will need to install the app first. The permission-based access control only kicks in whenever you use the app and the app requires access to your phone’s data or hardware. If you refuse, the app will not be able to function properly.
iOS also includes geolocation and auto erase features. Geolocation allows you to locate your device in case it gets lost. The auto erase feature allows you to remotely erase your mobile phone’s data. This feature can be handy in situations when your phone gets stolen and you want to prevent anyone from accessing the data on your phone. The auto erase feature also sets your phone to “self-destruct” its own data if the PIN is incorrectly supplied 10 times.
Some manufacturers of Android handsets offer similar features on their own devices. HTC, for instance, offers users of some HTC phones the ability to locate the devices (geolocation), remotely ring the device (handy if you misplace your phone), remotely lock the phone and display a custom message, or remotely erase all phone data.
Both Android and iOS have security weaknesses–or at least some of these weaknesses are perceived to be security weaknesses by some.
In the case of Android, there is no uniform or predictable pattern for updating handsets to the latest firmware, which usually brings security and bug fixes in addition to new features. Though, there is a workaround–rooting and installing a custom ROM–which are also the usual ways for Android users to get rid of manufacturer- or carrier-enforced software (also called bloatware, which most users don’t really need). Rooting and custom ROMs are also the most popular ways for users to update their Android devices to the latest version of Android, even if handset manufacturers have not provided one.
In the case of iOS, one grave example of a security weakness is the SSL MITM security flaw existing in devices prior to iOS 4.3.5. Hackers have taken advantage of this vulnerability that exists in millions of Apple devices. Several iOS devices cannot be upgraded to iOS 4.3.5 or higher, so the security flaw is pretty much still existing. This case is similar to Android handset makers’ problem with upgrading their respective devices to the latest Android versions. iPhone users can also choose to jailbreak (similar to rooting) their iPhones, although such procedure often opens up more security holes, the most famous of which was the security issue in the iPhone PDF parser that allowed malicious code to be executed from within a PDF file.
Both iOS and Android have both security strengths and weaknesses. But, you can do your share in mitigating the backlash of their security weaknesses. You can do the following:
Veracode has a nice, hi-resolution infographic summing up this mobile security comparison. Check it out from here.
What other security measures are you practicing on your mobile phone? Which operating system makes you feel safer and more secure–Android or iOS?