You must be remembering those times when cybersecurity was mainly limited to desktops and laptops. Since then, we have traveled a long way, and now cybersecurity is more concerned about mobile apps just because smartphones represent the mainstream of computing for the vast majority of people.
Since the mobile app market is divided into two operating systems, respectively, iOS and Android, ultimately, cybersecurity revolves around the security of iOS or Android apps. Let’s ask the question point-blank, is iOS better for cybersecurity, or is it Android?
No, to hell with your expectations; there is no simple answer to this question. That’s why we need to go a little deeper into the cybersecurity threats of iOS and Android and corresponding measures.
Decoding the Threat Level: Android vs. iOS
Apple’s iOS operating system is long regarded to be more secure among these two operating systems, just because it comes as a closed system. Since Apple doesn’t give the platform’s source code to app developers, modifying the code by any user or developer outside of Apple’s core team is impossible. This is also why it is more difficult for hackers to find security vulnerabilities with iOS devices.
Android devices stand at the very opposite end. The android operating system depends on the open-source code, allowing easy tweaking with the operating system’s source code. This can lead to weak device security with tweaking of source code. On the other hand, the vulnerabilities of the operating system code remain open to hackers. This is why hackers more frequently target Android.
But iOS is not Fool Proof
In 2016, Pegasus malware hit several iPhones. As a stealthy spy software, Pegasus showed the iOS loyalists how it could take over the device-level security and access user messages, calls, and even emails. Countries with predominantly small business apps suffered from such security vulnerabilities. For example, many iPhone app developers in India experienced the burns of this ghastly security attack. On top of that, the malware could also collect critical app data, as revealed by Symantec.
Now let us come to the underlying vulnerabilities that created how this malware could penetrate and take over. The principal exposure was in the Safari WebKit, and it allowed compromising the device security as soon as a user clicks a link. After clicking the link, the information leak from the OS kernel occurs, leading to the corruption of the kernel memory and subsequent jailbreak, as Symantec revealed.
Since cybersecurity responses only get active with new measures once such attacks take place and not beforehand, in the time to come, more advanced malware threats can still take on the so-called highly secure closed operating system of iOS.
Vulnerable Passwords and Security Keys
An overwhelming number of apps belonging to the Android ecosystem rely on storing user passwords locally in the device. The passwords are either plain text words or weak encryption that can easily be cracked by hackers.
Most notably, iPhone apps suffer from the same problems of weak passwords and vulnerable use of encryption that can easily be cracked. Storing passwords locally in the device without any encryption is a persistent practice of many iOS apps in the market.
The Best Security Protection of iOS Remains Optional
Despite the vulnerabilities and security threats shared by these two platforms, it must be noted that Apple still offers the best security protection to deal with many vulnerabilities.
But the disappointing fact is that even the best security measure is kept as optional. For example, the App Transport Security (ATS) protection feature of Apple iOS makes data encryption mandatory. But as per the platform’s developer guide, apps can skip using this feature as it is optional.
Android Security is Getting Better
Since Android OS continues to be the most vulnerable and frequently targeted mobile platform, Google started taking many measures to strengthen security. Since 2015, every subsequent Android update continues to strengthen security measures making it increasingly difficult for hackers and attackers to penetrate Android phones.
According to most cybersecurity experts, in recent years, Google has taken up a truly concerted effort to improve app security compared to the early years. Google has now made it mandatory for the developers to make apps go through compatibility testing before anyone attempts to change the source code.
The third-party device manufacturer brands also helped improve the Android security measures by adding to the platform’s efforts. For instance, the Knox security app of Samsung, which relies on the latest container technology, helps by keeping the personal and business data separate along with the maintenance of different home screens and app launchers for personal and business uses.
This containerized security approach based on user roles and priorities shows the increased security measures for Android devices and Google’s contributions and third-party device manufacturers.
The Bottom Line
It is clear that both iOS and Android operating systems share many security loopholes and shortcomings, maybe in different measures. While iOS still enjoys an edge in terms of security, it is not fool-proof, and on the other hand, Android security is getting better despite its open-source codebase.
If you liked this article, please consider sharing it with your friends and leaving a comment below. Also, don’t forget to “Like” us on Facebook, “Follow Us” on Twitter and add the Apple Tech Talk channel to your Apple News app.
Juned Ghanchi is a co-founder of IndianAppDevelopers, a mobile app development company with a dedicated team of android & iPhone app developers in India and the USA. He has a decade of experience which motivates him to regularly contribute to various blogs and magazines on mobility technology topics.