Just when you thought the evidence was dramatic -- overwhelming perhaps -- that Apple's iOS offers vastly more mobile security than does Google's Android, the wall of confidence comes crumbling down.
“There is no clear winner in the iOS-Android faceoff,” proclaimed Brian Reed, CMO of BoxTone, a mobility management company.
“It depends on the moment in time,” added Reed who elaborated that, right now, time may even be on Android’s side because the newest release of the mobile OS (the so-called Ice Cream Sandwich) “is a game change around security. It enables a lot of powerful device management.”
That is a plus for Android and then there is a recent very big negative for Apple. Twice in recent weeks the much vaunted Apple App Store has been found to house bad apps. And that is a huge issue because, always, pro Apple viewpoints cited the curated App Store as a giant plus over the Wild West of the Android Marketplace where, it’s said, just about anybody can upload anything and sometimes this has meant criminals have been at work.
Except it is not as always that simple.
Witness Jailbreak, a $9.99 iPhone app that surfaced as a problem in mid-November, some weeks after it was first posted (on October 26). The app claimed compatibility with iOS through iOS 5 and said it would jailbreak all iOS devices including iPhone 4S and iPad 2. When the blogosphere blew the whistle, Apple pulled the app which did nothing of what it promised. It is not clear that the app was disguised malware; researchers think it actually was a game. But what is clear is that somehow Apple’s supposedly thorough screening let through an app that promised to do something Apple warns users not to even think about.
More worrisome is InstaStock, an app created by researcher Charlie Miller that checked stock prices, but it also was able to gather and transmit a range of user data including contacts and photos. When Miller announced this vulnerability in November -- the app had been in the Apps Store since September -- Apple responded by pulling it and also pulling Miller’s developer license. That app could have done harm but Miller never pursued that angle. He merely wanted to demonstrate an iOS flaw and, for doing that, he got banished. Nobody knows if there are other bad apps coming out of the Apps Store.
“Apple is vague about the rigor with which it inspects apps before putting them in the Apps Store,” said Dan Cornell, CTO of the Denim Group, a developer specializing in secure apps. “Apple can be very opaque.”
But what about the many reports documenting a meteoric rise in Android malware? Researchers at Juniper, for instance, recently reported that Android malware is up an eye-popping 427% just since July. Other firms come up with similar numbers. But the numbers aren’t necessarily all they seem.
Tucson-based mobile researcher Sean Greene wrote in an email: “There are more Android devices on the market than Apple, which if you are a hacker means that if you are going to let a virus loose, you want to hit the most targets possible.”
For the same reason there are vastly more threats aimed at Windows than at Apple or ChromeBook. Market leadership is like wearing a bulls eye and so it goes with Android, which has muscled out a clear cut lead in smartphone sales. It gets more malware because it is the frontrunner.
For those keeping score, a clear win for Android is that, presently, iOS prohibits third-party management tools from working on iPhone. Apple provides its own toolset but for those who want something different, there are no choices. Android, by contrast, welcomes security apps.
“Android is open to third party management tools,” said Reed, whose company, of course, is in that business. But so are many others and for the picky user with specific security desires, there probably are third-party apps that deliver.
Probably the biggest issue is, despite Apple’s built in platform security such as data encryption on password protected devices, there seem always to be ways around the security, said Cornell. For instance, if an iPhone’s data is encrypted, it is simple to jailbreak it, then use standard tools to decrypt the data on the jailbroken phone.
“Folks are good at finding ways around platform restrictions,” sighed Cornell.
Bottom line? Much as iOS seems to be the stronger security offering, for some users in some companies Android may be exactly the comfort level required. “Both platforms have security issues,” said Reed. “It depends on knowing what you are willing to live with.”