Originally Posted by Brainless
Can't believe my eyes. How can you get this conclusion that iOS is more secure than Android ?
Er, by what is going (or not going on) in the real world?
Anyone who is the least bit honest with themselves can see the stark contrast of active malware on Android vs. iOS.
DED is screwing the reality as always.
So because DED wrote an article about malware on Android, there really isn't malware or underlying architectural issues on Android?
Wow - Google should pay DED to write more articles on Android to provide it malware protection. That would be much easier than trying to establish a minimum baseline for configuration and security management - stuffing the proverbial genie back into the bottle.
Wow. I hope DED charges them appropriately for these magical powers that you seem to be attributing to him.
The original paper said that there are holes in the permission model as some third party software is written so badly that it exposes its privileged services to third party. Yes this is serious, and Google acknowledges this, and it will get addressed. Still the permission system is solid.
"Sure it can be bypassed - but it's still solid!"
A solid bucket with holes in it still leaks. It may be great to stand on, but not carry water.
Seriously, did you even read what you wrote?
In comparison, iOS doesn't have any such model. Any application in AppStore can access virtually any service. The only "security" is that Apple is testing apps if they are not calling any private API or call functions it probably shouldn't call. [...]The permission mechanism in Android (even with some third party created holes) is still better than no mechanism at all.
Until the complexity of that mechanism causes most users to simply ignore it - much like UAC in Windows. From http://securitywatch.pcmag.com/apple...curity-models:
Originally Posted by PCMag
And Android presents these permissions in a list at install time for the application. It's easy to get frustrated at the list and just allow it. iOS permissions are sometimes at install time, sometimes at the time of access.
So, from a purely technical perspective you are correct. Android offers more choices and control. The problem is, more can be less as has been aptly demonstrated by UAC on windows, and the level of malware infection on Android. Whether geeks want to admit it or not, consumer devices are created for consumers to use - and thus the human factor is as much or more of a factor than the purely technical issues.
Apples system is set up to be a balance between user controls on the phone (four choices vs. tens of choices) and curation via a single App store vs. "open" and complex. The proof of the effectiveness in the real world vs. theoretical exercises is what we can see happening. We see hundreds of thousands of infected Android phones vs. no known active exploits of iOS devices other than theoretical demonstrations affecting a very limited number of users.
Both companies remove rogue applications from their markets, once they discover any problems, Android is no different from iOS there.
Sure it is - which market? If Google's was the only one, your assertion of equivilancy might have some merit. But it's easy to use market's other than googles, or sideload apps directly. So there is NO advantage for Android - it's purely an Apple advantage.
Yes, it is possible to publish blatant malware in Android Market
Or worse, a non-google store or direct loaded app...
which might get filtered by AppStore screening
Which WILL get filtered by Apple - not just a matter of if, but when.
And with Apple's registration process, malware writers have limited vectors to re-enter the App store after detection. They may get in once or twice, but the cost to keep re-entering goes up rather quickly. Malware on iOS simply doesn't scale past one or two inevitable detections, which is also a significant deterrent to "funny business" in the first place.
but Android still has the permission system
That only works if not ignored...
Looks like a draw at best to me.
From a purely technical standpoint when you are simply comparing technical details of the OS's alone, maybe. But when you look at the entire ecosystem there is no comparison.
The problem with iOS apps calling private API is well documented, including Apple's reaction (denial of the problem, and removing the person who pointed them to this from the iOS Development Program).
That's not a denial of the problem - denying people writing malevolent code is
Believe it or not, there really aren't that many people doing bad things out there. The steps you have to go through to obtain an iOS developer account are pretty substantial to malware writers; there are real costs in establishing a credit card and going through the registration process. Once detected, being kicked out means you have to start that all over again.
There are no such restrictions with Android. If your a criminal looking for a no-overhead way to scam people, which platform is naturally more attractive?
Apple's registration process and exclusivity of their single store is a pretty awesome security feature, even if from a purely technical standpoint it's an indirect one. It's like the geeks that dismiss Kevin Mitnick as not being a real hacker since he wasn't particularly technically skilled, but was instead brilliant at manipulating people (soft skills) - they completely miss the point that he was very successful
. I'd say the human element is just as important, if not the most important element since these devices are created to be used by humans. Whether you dismiss Mitnick or not, he was effective. Same thing here.
iOS is no more secure than Android.
That's where you are completely wrong - as is demonstrated by real, actual and active malware on Android vs. iOS.
Both have pretty solid base (BSD vs Linux)
Yawn. Get past the purely technical analysis - since it's far from a purely technical problem.
and both are facing privacy problems
Really? Please detail iOS privacy problems. Apple is by far and away the most privacy focused technology company on the planet. The real issue with the 30%/subscription model isn't the 30% but the fact that whether or not a publisher gets all the gory details about subscribers is up to the consumer
. Unlike with Android, I'm Apple's direct customer. My interests are thus their interests. Google is just as interested in my detailed information as the magazine/news subscription driven guys since their entire revenue model is structured around advertising and my detailed demographic information is what let's them sell me as a particular category of eyeball. My interests are not Google's interests.
Your claims against Apple are pretty serious - thankfully they are also completly bogus unless you can prove otherwise.
in high level API and both are not totally bullet-proof.
No technology is completely bulletproof. Thanks for the motherhood and apple pie statement.
Thanks for also emphasizing the importance of more than a purely technical approach. That's why Apple has a multi-layered approach that includes curation, controlled access, and the ability to revoke rouge applications after the fact completely independent of the end user. Tech ideologues might have problems with any of that - and good for them. As a consumer, each of those are desirable features that contribute to the demonstrated
stability and reliability of iOS. You can choose Android, I will choose iOS.