Mobile security is a hot issue these days as phones become increasingly more connected to the internet, social networks, and file-sharing protocol. One can argue about the resistance of certain mobile platforms but do we truly know how secure our phones are? A recent 23-page document by Symantec titled "A Window Into Mobile Device Security" details how Apple and Google handle security methods for their respective mobile platfroms: iOS and Android. The study concluded that between the two, iOS was much more secure from attack types and had more security implementation build in. Symantec's analysis even made it a point to say that iOS was characterized as "fully protected" while Android has "little protection."
While conducting this study, the researchers were looking at two components:
- How well each mobile OS performed against different attack types (e.g. Web-based and Malware attacks
- What security feature implementations were in place for both mobile OS platforms.
Below are the results:
Overall, iOS topped the Android platform in every respect except in the isolation security category. Symantec's belief is that Apple's approach to App Store screening and the inner-workings of its stock applications has made iOS extremely resilient to most attacks prevalent to mobile users. It was dually noted that the platform is well designed in this regard and thus far has proven itself worthy of such praise.
Although iOS performed well in this study, there were 200 vulnerabilities found that date back all the way to 2007. The concerns found regarded administrator-level access. From the research, Symnantec found that if someone was able to gain this administrator control, almost all the data and services on the device could be accessed and viewed. A public example of an iOS related breach was the iPhoneOS.lkee worm release of 2009. However, only jailbroken devices were affected by this worm.
Despite the high ratings and praise, Symantec reminded the readers that iOS is not off the hook; there are still places of security concern that can be fixed in order to make it even more secure and less vulnerable to attacks.
As mentioned above, Android only beat the iOS mobile platform in one area: isolation in the security category. It was found that the Android platform was a much better improvement over the traditional desktop operating system security. However, Symantec mentioned that it had two major weaknesses.
Google's system of application review and distribution gives more freedom for attackers to create and infect mobile users according to the results. Also, because Android's permission system is based upon the user making most of the important security choices and settings changes, this proved to be a problem as many mobile users are unwillingly or skilled enough to understand how to control and monitor these settings.
Symantec concluded with the fact that mobile devices are somewhat of a mixed bag in terms of security. Although security frameworks are build-in, because their platforms are marketed towards a consumer market, restraints have been more loose to ensure the best usability for any mobile user on their platform.
Source(s): Symantec, AppleInsider