Apple's iOS unaffected by malware as Android exploits surge 76% - Page 2

What you say is true even on regular news sites. CNN or any regular news service only has to report some ground breaking thing Apple has achieved ... Which is actually news worthy in of itself, only to be blasted by androids and PC geeks. Talk about being insecure?

Given the popularity of iOS, it seems unlikely that obscurity explains it. I think that the curation process, as you say, is the real explanation.

There are good aspects to Apple's insistence that if you want to buy software for iOS, you gotta buy it from them.

Another factor WRT Android is that the anti-malware industry is still young for the platform. I think that eventually, seamless background processes will be developed that will lessen the prevalence of malware on Android. I think the current situation is to be fully expected, but that in time, the problem will lessen so that knowledgeable users will have little to no real problems, much like today's Windows boxes.

Not sure what this analyst is thinking, but how is malware going to infect the iTunes store? I don't see the correlation between OSX and app from the web and iOS with an app from the app store. As posted earlier a major outbreak in OSX has been an "when, not if" condition since the beginning. So again, I don't see how that reflects on iOS at all.

Uh, wasn't the tmobile g1 released at the end of 2008? And it was the first android phone to hit the market. Were you using a beta version of android?

Android IS open, and really open to malware.

Tick tock tick tock.

Matter of time until thieves start stealing loads of data from folks.

It'll make malware on a PC look like shoplifting.

For the same reasons some Red Sox fans like to dis the Yankees, and for the same reasons that some Christians like to harp on the evil of other sects of Christians, and some political folks like to demonize people with different leanings.

It's a black/white, hooray for our side, good/evil, "we're better", "I'm a winner" thing for the insecure among us.

Market share is a very important factor.

But it is not the only factor. The world is seldom black and white. Multi-factor analysis is becoming increasingly important, given that the complexity of our world is increasing at an exponential rate. If you look at only one factor, you are looking at only one tree and missing the forest.

In fact you can go to any mobile centric web site and read Android fan's posts raging against Apple and iOS. Every time an article shows up about the success of iOS devices the Fandroids crawl out of the woodwork in droves. It's you who needs the constant reassurance. Why else would a Fandroid like yourself join an Apple centric forum for the express purpose of trashing Apple at every opportunity?

I only hate android because the fandroids are obnoxious activists with some serious mommy and daddy issues that will buy anything but apple just because.

I really don't hate the OS, it's like hating someone because they are inadequate. I mean the thing looks and feels like it's been hacked together.... Feels like LINUX FFS! I consider it a project more or less.

Now if I can get a touchpad I may consider putting Android on it so it has a lifeline, but i'd never use it for anything that matters.... I don't hate it! IT SUCKS!

Brave New World might work better.

Seriously?

Or maybe it is Apple has thirty years of experience designing operating systems and is far more familiar with keeping security in mind. Google didn't build Android from the ground up. Security measures are an after thought.

My iPhone doesn't live in a 'walled garden'... it just doesn't sleep around.

I can see it now - first your show chaos and turmoil, pain and suffering, think medieval images of hell, then pan over to peace and light and joy, etc, think images of Heaven, then pull back to a sign that says Welcome to the Garden, then pull back a little farther and the sign is in the back of an Apple Store, then come down and zoom in as customer is handed their new iPhone and waved on towards the "pearly" gates.

You thought that you were asking a rhetorical question and that a negative answer was obvious on the face of it, but...

There is an Android fan (and Apple hater) in my office that does EXACTLY that. A few times a week, he stops by my office to needle me about some perceived flaw or inconvenience in the Apple model, especially with regard to the iOS walled garden. I just listen and then finish my day.

Sure, that's only one example, but we see it on AI as well. People do, in fact, jump right on over here to this Apple forum and discuss how much Apple sucks. Some of those are just drive-by bashers that enjoy tweaking other people's noses just for kicks, but others are quite fervent in their anti-Apple religion. So do I really believe that anyone on Android fan sites spends time discussing how much iOS sucks? Yes. I really believe that some do. Not everybody, mind you, and certainly not a huge fraction of the time. But some of this behavior must be there too. It is a cultural phenomenon for any successful company to have its legion of haters that take their fight to any and every forum.

When it came to Mac OS X's lower rate of exploits in the wild, some of these haters turned the table on Apple and suggested that this was only a result of security through obscurity (as the poster above mentioned). Their mantra: the lack of viruses on Mac OS X is only proof of how small the market share is, for what self-respecting virus writer would even waste his time trying to hurt such a small group of people? And you know what? There may have been a small bit of truth to that, although Microsoft made its security bed a long time ago when it decided that applications would run with full privileges. They managed to put their finger in that dike over the last decade, but new leaks spring up at a spectacular rate, and their reputation has been sealed. Meanwhile, the Mac OS plods on with its lower (but rapidly increasing) market share.

Now that the Mac OS is heading down the same road that iOS traveled (i.e. with the App Store walled garden approach) its security will improve. The flip side is that getting weird and flexible apps for your machines will be harder. And my office-mate will continue to bash. That's fine. I'll enjoy the simplicity and security, and he can enjoy his hobby.

Thompson

as an owner of every gen of iphone, and an ipad 2 and mac minis and mac books and such, Visa and Amex dont think im an apple hater but it is absolutely a walled garden or gated community if you will...I forget who said this but the best describtion is that the web and internet in general (think wide open) is like a big city, lots of interesting things happening and artsy districts, great indy music scene, night life, farmers markets and such, with downsides like crime. iOS apps are the suburbs, low crime, cookie cutter houses and neighborhood committies that make you explain to your nosey neighbors why you want to paint your house a color other than beige, but its clean predictable and "nice" if you are into that sort of thing..

Perhaps its my libertarian side but Andriod is looking better all the time - I dont like being told that my home screen must be a grid of icons because Steve likes it that way.

IMO, the two OS's are equally secure, so it's not any issue of Android or iOS itself. It's in the way Apple curates it's app market compared to the too open nature of Android app availability.

With Android there's no one official entity taking responsibility on an app by app basis to see if they're what they claim to be. Even tho Apple may not thoroughly examine each and every app before it gets approved, they do at least give them a once-over to see if they comply with Apple's basic terms and check for obvious problems. That's more than Google does with the Android Market, where they rely more on user reports to identify apps that may have ulterior motives.

As an old adage goes .... Humans kind of suck when you think about, except you and me of course and even your a bit ....

I'm sure you are correct. Apple should run ads saying "Come work and play in our beautiful, safe walled garden". I know I'd rather be on the inside, safe and secure.

You know what's funny? I'm also capable of wiping my bottom, and have unfortunately had the unpleasant experience of having to wipe other people's bottoms on occasion, both literally (as in my children when they were infants) and figuratively (as in other adults who can't wipe their own when it comes to computers... even Windows users!) There are a lot of people out there who need their bottoms wiped, and I can tell you for sure that a significant fraction of Android users fall in that category as well, given that it has successfully been mass-marketed and not just confined to geeks anymore.

Oh yeah, I forgot to get to the funny part: I may be fully capable of wiping my own bottom, and that's cool, but I'm big enough, sensitive enough, and attractive enough to get it wiped for me now and then. It feels nice not to have to bother.

Thompson

Different strokes for different folks. I'm glad for you.

The post above comparing Android and iOS to city living vs. a gated community is pretty accurate, IMO. Both types of situations appeal to different sorts of people.

Me, after living in an upscale 'burb for over 20 years, at the insistence of my ex-, I'm moving back into the city. And I'm very excited to be doing so.

good post.

besides the article doesn't seem to mention where the malware is located. given that a majority of android devices allow sideloading I'm sure most of those apps aren't market hosted.

It isn't Androids fault if idiots install apps without either reading the permissions or checking the source.

Except for the fact that the lion's share of the population fits exactly that description. Android isn't just for geeks anymore. They've crossed over to the land of people that can't (or don't bother) wiping their own bottoms (to use an earlier poster's analogy). So when hoards of people end up walking around with feces in their Android underpants, you will learn the difference between being at fault and being a facilitator through negligence.

Thompson

Interesting you say that, because the security available on Google's online accounts system (for accessing GMail, Calendar and Android Market etc) is far, far beyond anything Apple has offered.

I will never switch away from GMail unless an alternative provider offers the same 2 step authentication methods. It's amazing that Apple charges an annual fee for its email service, yet the only protection offered to users is a password. Not secure at all.

I hope you realize that observation goes both ways, but considering your posting history, I'm afraid you sincerely believe that iOS fanboys are somehow worse, or that there are many more of them.



^ this

While I don't think the percentage of fandroids is higher among all Android users, relative to iOS fanboys, I can wholeheartedly agree that Android fanboys are a million times more annoying. I'm more or less indifferent to Android as a whole, even though I don't like the philosophy behind it, but I've been around on forums of many, many different kinds of technology (not just electronics by the way) to conclude that fandroids take the cake for being obnoxious. It's actually pretty sad and pitiful, and it taints my opinion about Android as a platform. To me, it seems you have to be a total jackass to really like Android, even though I know that's not true. Fandroids are not helping the platform.

I would compare fandroids to the kind of people you see arguing which one is better: PS3, Xbox 360 or PC. It's about at about the same level of lameness. That said, at least with consoles and PC games, you know most of the extremely rabid fanboys are 12 year olds, so I can forgive them...

The previous poster was talking specifically about Android, not Google's online services, and his statement was 100% correct. That is what the entire article and comment thread is about too. This is not a moratorium on Google's corporate practices, or anything. Just an observation that Google has little experience in developing operating systems for personal devices. The G services live on servers that are 100% in their control, so that experience doesn't exactly apply. The mantra "don't be evil" will only get you so far when you give everyone else partial control of your products.

Thompson

Just note that Android itself isn't inherently more insecure or open to malware than iOS. From a strict security standpoint, they both have issues that need addressing, and each is as secure (insecure?) as the other according to blogs and posts from various security/hacker conferences. Instead it's the difference in the the app markets that opens Android users to more potential harm from malware.

That is not true. Because Google allows developers to put their apps on the market unvetted, there have been several apps in their marketplace that are malware (and infringe on copywrite/trademarks as well). Just a few months ago, Google had to remote wipe apps from users phones and pull about 500 apps from their store due to malware. A lot of those apps were cracked apps of reputable apps so it's not just a matter of customers downloading sketchy stuff.

Well, speaking as someone who thinks Android is possibly one of the worst OS's I've ever seen and that Android users are mostly juvenile angry young men with a chip on their shoulder ... I still have to say there are some things wrong with this article.

First, when OS's that no one has ever heard of and with basically zero consumer market penetration appear as sizeable wedges on the graph, that seems to indicate that the absolute numbers we are talking about must be rather low. So while Android may have lots of malware relative to iOS, the absolutely number of problems are going to be rather low also.

Secondly, if "malware" is defined as applications that (ultimately) steal your personal info, there are really lots of apps on iOS that have done this and have been accused of this, regardless of the fact that they don't fall into the definition of malicious malware. People *have* lost personal info to apps on iOS. It's not like it's a situation where iOS is totally safe.

I think it would be more fair to say Android is full of malicious, invisible, malware whereas with iOS you just have to be careful what you click on.

Out of curiosity, what is it exactly that makes GMail 'far, far beyond anything Apple has offered' in terms of security? I have GMail myself, and as far as I know, the only thing I can think of that makes GMail trivially more secure than MobileMe, is that you have to answer a 'secret' question if you want to re-set your password. Hardly airtight, as history has prove a million times (secret questions are useless since the answers are usually extremely easy to figure out).

From my point of view MobileMe and GMail are equally secure, both have the same weakest link, which is the password. Get the password, and you're toast. Trying to guess passwords or actually hack into the system are not really worthwhile for anyone anyway, seeing how many people are so easily tricked by some trivial fishing.

Anyway, the study is biased. They should compare Androids with Cydia'd iPhones, which are most of them... and suddenly the picture is different. Or they should compare iPhones with Androids that only run Apps from the official store. Comparing Androids with unofficial stores and iPhones with no Cydia (again... very little subset) is just dishonnest.

On the other hand, I'd rather that people stop Cydia'ing and Android'ing and just buy my apps on AppStore

"There are more than 2.1 billion Java ME enabled mobile phones and PDAs,[2]"

I'm sure nobody's ever heard of Java ME...


Android does not have to be hacked to get third party apps, iOS does. A comparison should be between how they are unhacked, because whether they can get third part apps is part of the system, and should be included as a factor in the security.

You do realize it IS possible to sneak a malware onto your Objective-C app, with a piece of code that maks sure it stays inactive for a while? Say for example, until you push a certain picture to Flicker?
Even though once you activate it AND get caught, Apple will pull your app, your license and go after your ass, it's still possible just as it is on Google MarketPlace.
I'll go further: if you find an exploit in iOS, the way Cydia guys do it, and use that into your code, you could easily infect thousands of iPhones with some "free game". Tracing that back to your code would take time, if it even happens, which it won't if you are intelligent.

An example: imagine you want to get some high ranking guy at some well known company, say a big bank like Standard Chartered. Those guys have iPhones. If you do the above, you definitely could check into his email... you'd just have to use your exploit to create a small ssh server, pingback "home" to a server you'd monitor and login to his machine. Or you could send a zip of the emails to a server you control. And since you target one specific guy, Apple would probably never know, nor the guy.

A few weeks ago, Cydia demonstrated how this was false by using a PDF vulnerability to jailbreak iPhones. If, instead of jailbreaking, the code had had a nefarious payload, hundreds of thousands of iPhones could have fallen prey to it. Maybe they do, actually, who knows. If I owned a network of millions of comprimised iPhones, I would not brag about it, would you?

Your "factor of security" is actually a false sense of security. At least those guys who use Android know they have to be cautious what they click on. Us on iPhone tend to think we are safe. Cydia proved we were wrong.

That's definitely true, but the fact remains that this way of spreading malware is not what cybercriminals are after. It's no use having to open new developer accounts (which cost money) and write new Trojans for your payload (which takes time), just to have an attack vector that will only work until someone finds out and you have to start all over again. Trying to sneak malware into the app store might be an interesting tactic for industrial espionage and such, but the typical CC number fishing, placing calls or sending text messages or large-scale harvesting of private information, it wouldn't work nearly as well on iOS.

Also, the checks Apple performs on iOS applications are supposed to be a little more extensive than just some user testing. An API scan is performed to see what kind of API's are used in the application, and if it turns out your fart app is using the API's to send text messages or place calls, or uses private API's to get outside its sandbox, the review process is supposed to find out and you will have to explain why your application behaves like that. I know mistakes are made in the review process every now and then, but even with those, it's still a lot better than no app reviews at all.

I agree. And I would further note that this came about by a natural evolution based on reality and experience, which has yet to smack Google square in the face.

Apple has reached two conclusions regarding viruses/malware/etc:

(1) you can't plug every potential exploit in a computer operating system, but you should do the best you can to react or even anticipate anyway (everybody gets this, I think) and

(2) the best way to protect a computer operating system from stuff you couldn't anticipate (or fix) is by controlling the input methods (data and apps) rather than giving the user free reign to dump anything they find out there onto their computers

This is a realistic approach. Google is still flirting with the idealistic approach, which is to say that they really don't want to take step (2). But those companies who have long experience with taking a computer operating system mainstream (and by that, I mean approaching a hundred million casual users, as opposed to tech savvy folks) will tell you that eventually you need to at least consider this step. Rumors suggest that Microsoft is leaning towards an "App Store" type solution for future versions of Windows for the same reason. Long overdue, on that front.

The "purists" out there must be cringing at my message here, but take solace: folks who really dislike the walled garden of step (2) you can simply jailbreak your iPhone without any legal consequence other than taking responsibility for the results. It is a simple process that only requires you take an active step that is not unlike the kind of stuff you apparently want to do anyway. By protecting the phone at the factory but not preventing its jailbreak, Apple forces you to take responsibility for when & if the feces hits the air circulation unit. I think it is the correct solution for a mass market device. Everybody can still do what they want, so those folks that hate step (2) can still get an iPhone that doesn't do that. This covers virtually everybody's tastes, as far as I can tell. If you want the garden, just take it. If you don't, then do what you do.

Thompson

There's plenty of schoolyard attacks from both sides...

http://www.psychologyhelp.com/thnk86.htm

I'm growing weary from hearing stories from family members who cycle from euphoria to anger over their Android-based phones. There's enough shite in the world, and we're knee-deep in abusive ad hominem attacks. To get away from this Android-iOS insanity, spend some time over on Portland's Rants and Raves...

We're also at a breaking point of misinformation. How many people bother trying to sift through the opinion and rating reviews from so-called "consumers"?

Less is more. Is it sunny out? Get out there!

iCrap, iSheep, iToy, Crapple, iStupid users, iShit and a dozen other self serving denigrations to users of iOS products are used over and over.

Um, yes. In comments for another article on malware here I posted that I don't think iOS is inherently safer and used the flashlight app that had the ability to tether that was pulled from the app store as an example. My comment was in response to someone who said that the malicious apps were probably from sideloading and that malware probably wasn't found in Google's marketplace which is simply not true.

I personally think that it is not only the vetting that Apple does with its apps but also the fact that a developer has to pay $99 and is much more "trackable" if his/her app is found to be malicious.

While it's true that third party apps and the way the app market runs are the primary problem on Android you are overstating things here when you argue absolutely equivalency. iOS, like OS-X is indeed inherently more secure, and by intentional design, than Android is.

76% versus zero is not something that you can just wave your hand at and say "they are both the same." They really aren't.

For just one example, the decision by Android's designers to let the users manage their own security makes Android less secure by design. That's a bad design choice that has far reaching effects. These effects can't really be countered until that part of the design is changed.