Skip to content ↓ | Skip to navigation ↓

Blondes vs brunettes, Kirk or Picard, and the Oxford comma… these are some of the most burning issues that people just can’t agree on.

And another is whether iPhones are better than Android phones. Both sides have their fervent fans and supporters, and are capable of making convincing arguments to back their point of view.

But now a new study (registration required) argues that when it comes to one aspect of security at least, iOS is trailing behind its Android rival.

That’s an interesting finding because, in my personal experience, many corporations are more comfortable supporting workers using iPhones and iPads than one of the many Android devices out there. In fact, I don’t think I’ve ever come across a firm which says they have an Android-only policy, whereas I have encountered companies who insist upon their users using an iPhone if they want to connect a smartphone to the network or access corporate information.

The study by Checkmarx and AppSec Labs specifically looked at the security of hundreds of the most popular apps found in the respective platforms’ app stores, testing them for security risks and vulnerabilities.

It is a common myth that the iOS development platform is more secure than the Android equivalent for several legitimate reasons:

  • iOS has more restrictive controls over what developers can do and tight application sandboxing.
  • iOS Applications are fully vetted before being released to customers – preventing malware from
    entering the Apple App Store.

Yet, in the field of pure application security where vulnerabilities are built in the code or into the application logic the story is quite different.

I’m pleased that Checkmarx and AppSec Labs looked at the security of the applications rather than just the operating systems, as I’ve often felt *the* big security issue on smartphones are the apps. An app can be poorly coded and might store information insecurely, exhibit weaknesses in its encryption algorithms, send your username and password insecurely in plaintext to a server, or could be designed to scoop up your personal information in order to make it easier for third-party companies to target you with advertising.

Even if an app is coded competently, that’s no guarantee that any data it shares with its manufacturer is handled competently or isn’t shared with corporate partners who are more careless.

And, according to the report, 40 percent of the iOS apps tested were found to have vulnerabilities rated as “critical” or “high severity.” Android apps fared marginally better at a still disappointing 36 percent.

iOS apps vs Android apps

Yes, Apple is doing a better job than Google at vetting apps for malicious code before they are allowed into their official app store, and it appears that iPhone and iPad users are much more likely to be running an up-to-date version of their operating system than their often abandoned Android-loving cousins. And there’s no argument that there is a thriving culture of undesirable Android adware and malware that simply doesn’t exist in large numbers for iOS.

But that’s not the whole picture when it comes to security. You also have to consider the safety of the apps themselves.

The message seems clear – smartphone developers need to raise their game and write code which respects users’ security and privacy. Apps need to be tested more thoroughly to confirm that they do not have flaws, rather than rushed out of the door.

Security and privacy cannot be an afterthought, it needs to be built in from the start – and apps can’t rest on their laurels, delegating responsibility for safety to those who police the app store.

Do you have an opinion on whether Android or iOS devices pose a bigger security risk? Leave a comment below with your thoughts.

 

Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.

Title image courtesy of ShutterStock

Tripwire CCM Express Free Trial
  • richard harrison

    What about windows?

    • Gen. Chang

      Sorry,but windows phones are not important enough to spend the time and resources to develop malware for. But,Xiaomi did make a windows phone for the Chinese market,so maybe someone will take interest,eventually )-:

  • Gen. Chang

    Hi,

    But sorry to rain on your parade. The stagefright 2.0 mp3/mp4 vulns were not fixed until 5.1.1 os,and of course 6.0 marshmallow. Unless you forgot the second .1 you still need to be careful. 5.1 did fix the initial stagefright,mms vuln,and they,Google fixed a slew of other critical vulnerabilities.

    • Mark Jacobs

      You’re right – it is only at 5.1 so it isn’t as secure as I’d like. Perhaps it’s time to uninstall that banking app off of it!

  • hasit

    I use Iphone but I know Apple is shit at security, it has almost double of the vulnerabilities compared to the Android and also when it comes to newer Windows OS against Mac OS as well.
    Its just false belief that Apple is more secure, but truth is Apple is shit and you could refer to any of the high level security research websites and also read published papers on research of vulnerabilities in Apple it will always hit the first place than any other OS and tools.