Apple iOS, Google Android Security Features Analyzed by Symantec
Even though both Apple's iOS and Google's Android smartphone operating systems are pretty secure, they are still susceptible to multiple types of attacks, Symantec said.
Android and iOS were designed with mobile security in mind and are superior to traditional desktop operating systems, Symantec researchers wrote in a whitepaper released June 28. However, the security features aren't sufficient to meet enterprises requirements, the paper concluded.
The 23-page whitepaper, "A Window Into Mobile Device Security," examined Web-based and network cyber-attacks, social engineering, data integrity and malware on both mobile operating systems.
Apple had better access control, application provenance and encryption in iOS, while Google was better at application isolation, Khoi Nguyen, group product manager in the enterprise mobility group at Symantec, told eWEEK.
"The project wasn't about determining which platform was better," Nguyen said. Symantec was more interested in examining the core security architecture to analyze strengths and potential vulnerabilities, Nguyen said.
All bets are off for users with jailbroken devices regardless of the company, said Nguyen. They are every bit as vulnerable as traditional computers and an attractive target.
Both platforms enforce access control policies via passwords, Symantec found, although the iOS offers more options for protecting data, such as an automatic data wipe after a specified number of failed password attempts.
Apple's certification and rigid control over what applications can be posted on the App Store protect users, Nguyen said. The iTunes App Store acts as a certificate authority to sign the app and is the only source for non-jailbroken iOS devices. Google's "less rigorous" system helps trigger the increase in Android malware because it is easier to get malicious apps onto the Android Market, Symantec found. Luckily for Google, most Android malware to date hasn't had a significant impact on users yet.