IDG News Service - Apple's iOS and Google's Android smartphone platforms are more secure than traditional desktop-based operating systems, but are still susceptible to many existing categories of attacks, according toa 23-page report from security software vendor Symantec.
The good news is that Apple and Google designed their respective operating systems with security in mind. But keeping up with a constantly changing threat landscape is difficult. In the report, "A window into mobile device security," Symantec evaluated the two operating systems for how they stood up to Web-based and network-based attacks, social engineering attacks, attacks on the integrity of the device's data, and malware.
Users of both Android and iOS smartphones and tablets regularly synchronize their devices with cloud services and with their home desktop computers. This can potentially expose sensitive enterprise data to systems outside the control of the enterprise, according to Symantec.
When it comes to protecting against traditional malware, Apple's certification of applications and developers protects users, according to Symantec. On the other hand, Google's less rigorous certification mode has arguably led to today's increasing volume of Android-specific malware, the company said. Earlier this month Google had to remove yet more malware-infected apps offered in its Android Market.
Google's more open approach has been one of the reasons for its success, according to Ben Wood, director of research at CCS Insight. It has helped Google to quickly increase the number of available applications. So far, the offending apps haven't had a major affect on users, but user sentiment could change quickly if they are hit by more severe attacks, Wood said.
As has been pointed out by security experts in the past, Android's reliance upon the user to grant a set of permissions is a weak link. A majority of users are simply not technically equipped to make these security decisions. In contrast, Apple's iOS platform simply denies access, under all circumstances, to many of the device's more sensitive subsystems, according to Symantec. On Android, a malicious app simply requests the set of permissions it needs to operate, and in most cases, users happily grant these permissions.
On the plus side, Google does require that developers pay a fee and register with the company to be able to distribute their apps via the official Android App Marketplace, Symantec said.
Possible weaknesses in iOS include its encryption, according to Symantec. The majority of the data is encrypted in such a manner that it can be decrypted without the need for the user to input the device's master passcode. This means that an attacker with physical access to an iOS device can potentially read most of the device's data without knowing the passcode, Symantec said. In February, researchers in Germany showed how they could do this in six minutes on an iPhone running iOS 4.2.1, Symantec warned.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- Mobile Policy Checklist Here's what to consider when putting together a mobile policy designed to support a highly productive workforce.
- Securing BYOD Mobile computing is becoming so ubiquitous that people no longer bat an eye seeing someone working two devices simultaneously. Individuals and organizations are...
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts