Symantec has just released a report detailing the security analysis of Apple’s iOS and Google’s Android mobile operating systems. The report is a very intriguing and detailed read, and worth while if you want an in-depth look into the security of both platforms. They claim both are more secure than PCs, but gaps remain.
Here are the highlights of their iOS analysis:
Overall, Symantec considers iOSâ€™s security model to be well designed and thus far it has proven largely resistant
to attack. To summarize:
â€¢ iOSâ€™s encryption system provides strong protection of emails and email attachments, and enables device wipe,
but thus far has provided less protection against a physical device compromise by a determined attacker.
â€¢ iOSâ€™s provenance approach ensures that Apple vets every single publicly available app. While this vetting approach is not foolproof, and almost certainly can be circumvented by a determined attacker, it has thus far
proved a deterrent against malware attacks, data loss attacks, data integrity attacks, and denial of service
â€¢ iOSâ€™s isolation model totally prevents traditional types of computer viruses and worms, and limits the data that
spyware can access. It also limits most network-based attacks, such as buffer overflows, from taking control of
the device. However, it does not necessarily prevent all classes of data loss attacks, resource abuse attacks, or
data integrity attacks.
â€¢ iOSâ€™s permission model ensures that apps canâ€™t obtain the deviceâ€™s location, send SMS messages, or initiate
phone calls without the ownerâ€™s permission.
â€¢ None of iOSâ€™s protection technologies address social engineering attacks such as phishing or spam.
Here is a snippet of their summary analysis of Android OS:
Overall, while we believe the Android security model is a major improvement over the models used by traditional desktop and server-based operating systems, it has two major drawbacks. First, its provenance system enables attackers to anonymously create and distribute malware. Second, its permission system, while extremely powerful, ultimately relies upon the user to make important security decisions. Unfortunately, most users are not technically capable of making such decisions and this has already led to social engineering attacks. To summarize:
â€¢ Androidâ€™s provenance approach ensures that only digitally
signed applications may be installed on Android devices. However, attackers can use anonymous digital certificates to sign their threats and distribute them across the Internet without any certification by Google. Attackers can also easily â€œtrojanizeâ€ or inject malicious code into legitimate applications and then easily redistribute them across the Internet, signing them with
a new, anonymous certificate.
You can read the entire report here. As seen from the graphical comparison, iOS is ‘safer’ than Android but not without its own history of vulnerabilities. The safety of iOS is that all apps require approval by Apple to enter the App Store, ensuring no malware or ill-advised apps get approved. Android OS on the other hand, is a whole different ball game.
What’s safer? iOS or Android?