Android versus iOS: Which is more secure?


Android has developed a reputation for being an insecure mobile platform. Is this reputation deserved? Yes and no.

Google Play (aka Android Market) is known for not closely vetting its apps for malware, and there are many unofficial Android stores where apps, often dodgy ones, can be purchased cheaply. The latest example is the recent discovery of 200 applications on Google Play containing vulnerable code that could be used to trick users into disclosing confidential information.

Security analysts see Apple (NASDAQ: AAPL) as doing a better job of weeding out apps with malware before they get to the App Store, while Google (NASDAQ: GOOG) is seen as reacting after the malware has already been discovered.

Despite Android's reputation as a malware magnet, subscriber numbers continue to climb. According to the latest figures from Gartner, Android has a 64.1 percent market share, up from a 43.4 percent at the same time last year. This compares with iOS, which has a 18.8 percent market share, about the same market share as this time last year.

If Android is so insecure, why does its popularity continue to grow? Certainly price and a variety of handset options, and applications, are no doubt attractive to buyers.

Either Android's reputation for malware does not discourage users from buying one, or the user experience with Android in terms of security does not correspond to its reputation.

At the same time, Apple's once stellar reputation for strong security has been shaken by events, such as the massive Flashback malware infection of Macs earlier this year and the Find & Call malware discovered on the App Store in July. In addition, Apple recently plugged four critical security holes in iOS 6 after fixing over 200 security holes in the previous version of iOS.

Kaspersky Lab founder Eugene Kaspersky has warned that iOS devices could increasingly come under malware attack because Apple does not allow companies to develop endpoint security for iOS due to the closed nature of its software development kit.

While Apple's security reputation has been tarnished, Google has taken a number of steps to shore up Android's security flaws. In February, it unveiled Bouncer, an automated app scanning service to rout out malware on Google Play.

Bouncer performs a set of analyses of Android applications, whether new or already on the market, as well as developer accounts. Other Android security features implemented by Google include sandboxing, which places a wall between applications and other software on the device; a permissions system, which enables users to manage the permissions granted applications; and remote malware removal.

This is not to say that everything is just fine with Android's security or that iOS devices are sieves just waiting for malware to infect them. But Android's reputation for being a malware cesspool might not be wholly deserved. - Fred