Kenneth van Wyk: The good and bad of Android and iOS
Both Google's and Apple's mobile platforms have security drawbacks and advantages. Is there a clear winner?
Computerworld - A lot of people ask me which mobile platform is the most secure. They would probably like a definitive answer, but unfortunately, things aren't so black and white. There's plenty of good in the worst platform, and plenty of bad in the best. If you have a few minutes, though, I can tell you the best and worst things about the two market leaders today, Android and iOS. But you might end up feeling like one of those undecided voters who, with less than a week before the election, can't choose between the Republican and Democratic presidential candidates.
The Good and Bad of Android
Both platforms separate apps from one another in a sandbox, but my preference is for Android's approach. Is the Android approach more secure than Apple's? The jury is still out on that question. No, my preference relies entirely on my being an old Unix hand, and the Android approach is one that any Unix or Linux geek can understand and work with. With Android, each app has a unique UID and GID (user and group IDs), as in a traditional Unix-style model. This uses the tried-and-proven Unix-style discretionary file-access controls to allow an app to get to its own files and not affect others.
When you couple that sandboxing with the application manifests that Android uses, you have a pretty elegant sandbox model. Each Android app has a manifest in which it declares the privileges it needs. At installation time, the user decides whether to allow or disallow these privileges.
That's the good news for Android. Now let's consider the bad news.
That same sandbox model has some pretty bad user interface issues. For one thing, there's no "line-item veto." Users have to accept or reject all or nothing when installing an app. And they do that after they've gone to the app market and decided to install the app, possibly after paying for it. Once they've gotten to that point, how many users are going to reject the privileges? Not many, I'd wager.
And that's not my biggest Android gripe. The worst thing is Android's market fragmentation. When you buy an Android device, it's up to your product vendor to support future Android updates. When Apple releases a new version of its iOS, every iPhone, iPad and iPod Touch user has the option right away of installing it. Not so with Android. When Google releases a new version of Android -- something it does with startling regularity -- your product vendor has to then port that release for your product. Most of them take their sweet time, or don't bother with it at all.
More by Kenneth van Wyk
- Kenneth van Wyk: Apple's big fail
- Kenneth van Wyk: After Snowden
- Kenneth van Wyk: Target breach underscores how backward U.S. payment tech is
- Kenneth van Wyk: Enjoy your trip, but protect the data you take with you
- Kenneth van Wyk: Lingering faults with security by default
- Kenneth van Wyk: High hopes for iPhone's Touch ID
- Kenneth van Wyk: Why mobile apps beat Web apps for privacy
- Bug bounties: Bad dog! Have a treat!
- How to avoid Big Brother's gaze
- The true root causes of software security failures
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- Mobile Policy Checklist Here's what to consider when putting together a mobile policy designed to support a highly productive workforce.
- Securing BYOD Mobile computing is becoming so ubiquitous that people no longer bat an eye seeing someone working two devices simultaneously. Individuals and organizations are...
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts