As mobile connected devices become more popular, it’s putting more importance on the need for mobile security. That’s why Symantec (s symc) recently undertook a lengthy analysis of Apple’s iOS (s aapl) and Google Android (s goog), comparing the two operating systems to each other and to desktop platforms in terms of vulnerability to security threats.
Mobile is more secure, unless you go outside the playground
Symantec says that mobile devices definitely do offer improved security over their PC counterparts. But unsurprisingly, given that Symantec sells mobile security solutions for enterprise, the firm also found that “major gaps remain” in the overall mobile security picture, especially when it comes to securing enterprise assets. Still, even given the company’s bias in this matter, the results of its comparison between iOS and Android reveal two very different approaches to safeguarding mobile users.
In the 23-page report, Symantec outlines how iOS specifically offers “strong protection against traditional malware,” due mostly to Apple’s app approval process and the way the company vets iOS app developers to identify and eliminate attackers. Google, on the other hand, doesn’t employ this kind of screening procedure, which Symantec agues has “led to today’s increasing volume of Android-specific malware.”
Jailbroken iOS devices, however, represent a system just as vulnerable to attack as home PCs, Symantec cautions. Of course, that just means that if you use a jailbroken iPhone, you should be extra careful about your browsing habits and about what software you download and install on your device. In mobile, as in traditional home computing, the most effective barrier against malicious attacks is always the user.
IOS vs. Android
Overall, Symantec finds that Apple is best at resisting malware attacks, resource abuse/service attacks, data loss and data integrity attacks. Android and iOS are on equal footing in only one category, when it comes to their ability to resist web-based attacks. Google fares better when the two are compared in terms of the implementation of specific security features, beating iOS in its ability to isolate processes. But iOS is still better at access control, application provenance (where data comes from and how it moves between databases) and encryption.
IOS has had far more vulnerabilities identified by researchers than Android, however. According to Symantec, the number is around 200; only 18 have been identified for Android, and all but 4 have been patched by Google. Google took an average of 8 days to patch vulnerabilities while Apple took 12. But in Apple’s case, the vast majority of problems were of very low severity. Symantec notes that even with high-severity breaches, iOS exploits appear mainly to be targeted by users for the purpose of jailbreaking devices and not for malicious attacks.
In the end, Symantec is less critical of iOS security than it is of Android. But the firm also lauds both as improvements over the PC model, and as long as users exercise due diligence about what goes on their device, where it comes from and what it can have access to, there should be little cause for concern on either iOS or Android smartphones and tablets.