or Connect
AppleInsider › Forums › Mobile › iPhone › Apple's iOS more secure than Google's Android, says Symantec
New Posts  All Forums:Forum Nav:

Apple's iOS more secure than Google's Android, says Symantec

post #1 of 26
Thread Starter 
iOS, the mobile operating system that powers Apple's popular iPhone and iPad devices, offers more protection than its Android counterpart, the security experts at Symantec have concluded in a newly published report.

Symantec this week published "A Window Into Mobile Device Security," a 23-page document that details the security approaches employed by Apple and Google in their respective mobile operating systems. It also offers a closer look at past and possible future security holes found in the iOS and Android platforms.

In a head-to-head comparison, Symantec found that Apple's iOS is more secure than Google's Android. Specifically, iOS was characterized as having "full protection" against malware attacks, while Android was deemed to have "little protection."

iOS also has more protection than Android against resource abuse and service attacks, data loss, and data integrity attacks. Apple's platform was also found to have greater security feature implementation in the categories of access control, application provenance, and encryption.

In fact, Google's Android platform only topped iOS in one security category: isolation. There, Android received the highest marks, while iOS was said to offer "moderate protection."

In specifically discussing iOS, Symantec's report concluded that Apple's "provenance approach" acts as a strong security barrier, as every app that is to be released on the App Store goes through vetting procedures. This, according to the paper, has proved a deterrent against malware attacks, data loss attacks, data integrity attacks, and denial of service attacks."

The report characterized iOS as "well designed and thus far...has proven largely resistant to attack."



However, Symantec did find vulnerabilities within iOS, namely 200 different security holes dating back to 2007. While any vulnerability is a weakness, the bulk of issues were found to be of lower severity, which, according to the report, would allow the assailant to "take control of a single process but not permit the attacker to take administrator-level control of the device."

The study did discover security concerns that could allow entry to administrator-level control, and were therefore of the highest severity. If an attacker had administrator-level control, it would reward them with access to "virtually all data and services on the device," Symantec wrote in the report.

Synamtec's report highlights what is likely the most public example of an iOS security breach, the iPhoneOS.Ikee worm released in November 2009. But that worm only affected devices that users have willingly "jailbroken," a term used to describe a warranty-voiding process that allows users to install unauthorized software on their iPhone, and something that Apple explicitly tells its customers is a major security concern.

Also highlighted in the report is iOSs isolation model. While iOS "totally prevents traditional types of computer viruses and worms, and limits the data that spyware can access," Symantec said it does not "prevent all classes of data loss attacks, resource abuse attacks, or data integrity attacks."



Lastly, iOSs permission model can safeguard access to the devices location as well as the SMS and Phone applications. This stops the attacker from knowing where you are, being able to send SMS messages, and phoning numbers without your consent.

As for Android, Symantec found that although Google's mobile operating system is a considerable improvement over traditional desktop operating systems, it has two extreme weaknesses.

First, the provenance system in place "enables attackers to anonymously create and distribute malware," they found. In addition, its permission system "relies upon the user to make the important security decisions," and considering most of Android users are not of high technical capability, this causes problems.

During February this year, Sophos security researchers encouraged Google to cancel its over-the-air installation of apps. They urged Google because they expected it would allow the swift and quiet installation of malware to unsuspecting Android users.

Sophos warned that as soon as the "install" button was pressed on the website, the application would be installed on the device in the background, without any input from the user.

The review concluded that "mobile devices are a mixed bag when it comes to security." While they may have been built to be secure, they are made for the consumer market, which has has led to less security for more usability.
post #2 of 26
One word: Duh
post #3 of 26
I'm curious what Symantec would have viewed as defence against Social Engineering Attacks. Full fledged AI?

I can't let you install that malware Dave.
post #4 of 26
Shocker.

post #5 of 26
Nothing new... Make me laugh "back in 2007" "jailbreak"
Really?? 2011 now and for the jailbreak... geez.. not official = great risk someone is collecting your data. At least now the iPhones in US can be acquired legally unlocked.
post #6 of 26
Quote:
Originally Posted by cloudgazer View Post

I'm curious what Symantec would have viewed as defence against Social Engineering Attacks. Full fledged AI?

I can't let you install that malware Dave.

Lol. Well done, sir.
post #7 of 26
Quote:
Originally Posted by Mac.World View Post

One word: Duh

My thought exactly.

I guess the news here is that one of the antivirus guys actually admitted it.
post #8 of 26
Quote:
Originally Posted by Mac.World View Post

One word: Duh

Aww that was gonna be my post.
turtles all the way up and turtles all the way down... infinite context means infinite possibility
Reply
turtles all the way up and turtles all the way down... infinite context means infinite possibility
Reply
post #9 of 26
Quote:
Originally Posted by Blastdoor View Post

I guess the news here is that one of the antivirus guys actually admitted it.

Sure makes a change!
Some of the biggest idiots I know are security guys. Biggest bullshitters in the business.
post #10 of 26
Now that we all know the obvious result of which almost anyone could have seen coming from a mile away....let's wait for next years PWN2OWN, and see if things are any different, than this year's.
post #11 of 26
Quote:
Originally Posted by Jexus View Post

Now that we all know the obvious result of which almost anyone could have seen coming from a mile away....let's wait for next years PWN2OWN, and see if things are any different, than this year's.

Oh I'm sure there are still a few holes left in safari, but then I'm also sure that iPhones are more likely to be updated than Android phones - since the OS doesn't have to get filtered down to users in the same way.
post #12 of 26
With so many vulnerabilities on the servers that mobile devices connect to, why bother attacking individual phones? The list of security breaches in just the last 6 months has been incredible. Until companies do a better job of protecting their customers data, hackers will focus on the servers. Lots of data to be stolen all in one place.

But mobile devices certainly will be targets for attacks, but it will probably be by small groups of low-skilled thieves who now do things like steal credit cards, buy stolen credit card numbers off the Internet or write hot checks. As more individuals start carrying around all the personal information on their mobile device, including access to personal bank and financial accounts, they will be attacked. That is where the Apple controlled eco-system will help. It is harder for someone to slip in hidden code which might provide a backdoor to a hacker. With Android there will be more malware and rootkits created that criminals who could not code a line of software will be able to download and use to craft tools to attempt to steal info off mobile devices. Expect to see a lot more man-in-the-middle attacks where hackers attempt to fool mobile devices and their owners. That goth kid at the corner table at Starbucks could be using his Android wi-fi hotspot capabilities to spoof the free wi-fi network - so your phone connects to his phone and he captures all your wi-fi traffic while you surf the web.
post #13 of 26
Quote:
Originally Posted by Apple ][ View Post

Shocker.


Is that a picture of Andy wearing a condom?
post #14 of 26
Surely this is security through obscurity since Android-based devices are activated more than iOS-based devicesĀ”
Dick Applebaum on whether the iPad is a personal computer: "BTW, I am posting this from my iPad pc while sitting on the throne... personal enough for you?"
Reply
Dick Applebaum on whether the iPad is a personal computer: "BTW, I am posting this from my iPad pc while sitting on the throne... personal enough for you?"
Reply
post #15 of 26
Quote:
Originally Posted by msimpson View Post

With so many vulnerabilities on the servers that mobile devices connect to, why bother attacking individual phones? The list of security breaches in just the last 6 months has been incredible. Until companies do a better job of protecting their customers data, hackers will focus on the servers. Lots of data to be stolen all in one place.

Imagine a botnet of 100 million mobile devices.
post #16 of 26
Symantec did not come out and say "iOS is more secure than Android." They compared the two OSs on a set of specific aspects, like malware protection and data integrity.

Symantec affirmed that the "curated App Store" works in protecting against malware. But Symantec mentioned that encryption is a weakness in iOS.

Here's a link to a story on MacWorld:

http://www.macworld.com/article/1608..._security.html.

To say that "iOS is more secure than Android" is oversimplifying things and taking them completely out of context. There are many aspects to security.
post #17 of 26
deleted
post #18 of 26
deleted
post #19 of 26
Quote:
Originally Posted by MacRulez View Post

Do you think it'll differ much from the one last March?

To be fair..didn't the Chrome hackers not show up for this years Competition?
post #20 of 26
In other news, water is wet......
post #21 of 26
Quote:
Here's how the International Business Times summed it up in a way that more accurately reflects the report as a whole:

Seriously you think that was better? A paragraph and a half FUD piece, also with no link to the original article? And with none of the data from the article? If anything their take on it seems to favor Apple over Google in this area
post #22 of 26
Quote:
Originally Posted by MacRulez View Post

Interestingly (though perhaps not surprisingly), AI didn't include a link to the report itself, though it's readily available if you search for Symantec's press release:
http://www.symantec.com/about/news/r...bilesecuritywp

That's not the report, that's the press release this is the report

AI actually dove into the report and pulled out the visuals for the iOS vs Android overview (page 17), which is kinda what I would want them to do.
post #23 of 26
deleted
post #24 of 26
Quote:
Originally Posted by cloudgazer View Post

That's not the report, that's the press release this is the report

AI actually dove into the report and pulled out the visuals for the iOS vs Android overview (page 17), which is kinda what I would want them to do.

I'm glad when websites go out of their way to try and pull useful information out of a report, but I also expect them to at least link back to it (ie a "Source" link) Sourcing content is the rule rather than the exception when it comes to news blogs, specifically in technology. I still don't understand why AI doesn't do this.

Even with sites I trust, I want to see the source link. Not only is it good form (and professional), but it adds a lot of credibility to their posts.
post #25 of 26
Quote:
Originally Posted by Menno View Post

I'm glad when websites go out of their way to try and pull useful information out of a report, but I also expect them to at least link back to it (ie a "Source" link) Sourcing content is the rule rather than the exception when it comes to news blogs, specifically in technology. I still don't understand why AI doesn't do this.

Even with sites I trust, I want to see the source link. Not only is it good form (and professional), but it adds a lot of credibility to their posts.

Maybe they don't link out to increase their Google page rank
post #26 of 26
I thought this article should be posted here for a more balanced viewpoint. While the writer here on AI did mention that iOS has 200 security holes, they left out the part about Android only having been found to have 4 remaining. That's a pretty big difference that I would expect to have been mentioned since the article title implied a comparison. Anyway, Apple's biggest advantage seems to be from the way it controls the content of the App Store. Have a read if you care to branch out:

http://www.phonearena.com/news/Study...our-PC_id19943
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: iPhone
AppleInsider › Forums › Mobile › iPhone › Apple's iOS more secure than Google's Android, says Symantec