Security and Privacy|Android & iOS

 

181610113651androidvsios

Security:- Android’s applications are isolated from the rest of the system’s resources, unless a user specifically grants an application access to other features. This makes the system less vulnerable to bugs, but developer confusion means that many apps ask for unnecessary permissions. The most widespread malware on Android is one where text messages are sent to premium rate numbers without the Knowledge of the user, and the sending of personal information to unauthorized third parties. As it is the more popular Smartphone operating system, it is more likely to be the focus of attacks.

Malware writers are less likely to write apps for iOS, due to Apple’s review of all the apps and verification of the identity of app publishers. However, if an iOS device is jailbroken and apps installed from outside Apple’s store, it can be vulnerable to attacks and malware. Both iOS and Android are also vulnerable to bugs e.g. phones crashing when playing a specific video which is a type of software bug that has affected both iOS and Android devices.

In the real world, the security of an Android or iOS device is only as good as the software updates that have been applied to it. This is where iOS shines because of the fragmented nature of the Android ecosystem. Apple releases software updates and makes them available to all iOS devices at the same time. On Android, Google releases software updates and security patches to Nexus devices. Devices from other manufacturers lag behind because the manufacturer must take these security updates from Google and apply them to their own devices “in the wild”. Virtually all manufacturers do a poor job at this. Most don’t release patches to devices older than 12-18 months. Even when they do, these security updates are rolled out months after Nexus devices receive them.

That Android devices are less secure is also evidenced by this bounty program; a company that obtains security exploits from hackers and sells them to governments has a bounty on 0-day (i.e., previously unknown) exploits for iOS ($1.5 million), Android ($200,000) and Flash ($80,000). The amounts of the bounties are a rough proxy for how easy it is to exploit these platforms in practice.

So a security-conscious individual or company should use either iOS or Nexus devices.

Privacy :- Both iOS and Android are “vulnerable” to a certain kind of privacy leak: an app installed on either platform can get a list of all other apps installed on the same device. This means your calculator app can find out that you use Tinder and relay that information back to its publisher, who is then free to use this info in whatever way they choose.

Beyond the list of apps, when it comes to protecting users’ private information, iOS wins. Until Android Marshmallow was released in 2015, when installing apps on Android, the user was presented with all the permissions that the app is requesting. This was an all-or-nothing proposition. The user could choose to accept the app’s request for permissions or not install the app at all. App developers take advantage of this “feature” and request a lot of user information. For example, Pandora’s mobile app on Android requests permissions for your Google identity, contacts, calendar, photos, media, files and even call information.

Pandora’s app on iOS gets no such permissions. After it is installed and opened by the user, an iOS app may request additional permissions like location and access to Contacts. But the user can reject these permission requests. Even after approving the permission requests, iOS users can quickly glance at which apps have access to their Contacts and location data, and turn off access for apps with which they no longer want to share this data.

Android M (or Marshmallow) allowed a new permissions regime where apps could request permissions as needed. However, a majority of Android apps still take the approach of requesting permissions upfront. While it is possible to manage app permissions on Android at a more granular level, this option is buried deep in the settings.

 

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s