SideXSide: iOS Vs. Android in a Security Showdown

By Don Reisinger  |  Posted 07-19-2011

The phone-hacking scandal that's shaking the core of Rupert Murdoch's media empire leads us to ponder the security of the growing number of smartphones coming into the enterprise. Granted, as far as we know to date, the Murdoch hacks primarily involved accessing old-school voicemail on mobile phones. Nonetheless, concerns about mobile security are growing.

Google's Android operating system and Apple's iOS especially raise security concerns for enterprise CIOs. Both platforms are quickly gaining ground in the workplace as the consumerization of IT becomes a big issue for CIOs. As the iPad continues to sell like hotcakes and a growing number of Android tablets coming into the market this year, each operating system is likely to take a firm hold among your users.

Unfortunately for CIOs, hackers and cybercriminals are fully aware that corporate customers are starting to turn their attention to those operating systems. And they're constantly thinking of ways to use the growing use of mobile devices to break into a company's network and wreak havoc.

So, before you opt to connect an Android- or iOS-based device in your operation, be sure to check out the following SideXSide comparison. We take a look at the devices offered with those operating systems, the kinds of security issues currently affecting the marketplace, and the threats that have already been identified.

SideXSide: iOS Vs. Android in a Security Showdown

Features

Apple iOS

Google Android

Versions At Risk

All versions of iOS, though iOS 4 is the latest operating system and most likely to be used.

Due to Android fragmentation, there are several Android versions at risk, including Android 2.1, Android 2.2, Android 2.3, and Android 3.0.

Compatible Devices

 

Apple iPhone, Apple iPad, Apple iPod Touch

Motorola Droid X, HTC Evo 4G, Samsung Galaxy S, and every other Android-based smartphone on the market. Android tablets, including the Motorola Xoom, are also susceptible to threats.

Known Issues

As of this writing, there aren't any major issues that would affect a locked version of iOS. However, those who unlock iOS leave themselves open to several potential issues, including data loss.

Google's Android platform hasn't experienced widespread issues, but even locked versions can be attacked. Google was recently forced to remove from its Android Market applications that contained malware. Those apps had been downloaded hundreds of thousands of times before they were removed.

Risk Factors

For one, sensitive data stored on the device could be stolen, since malicious hackers are becoming increasingly likely to gain full access to phones. Beyond that, cybercriminals might be able to access corporate networks from the devices. The risks are extremely high in the event mobile devices are stolen from employees.

For one, sensitive data stored on the device could be stolen, since malicious hackers are becoming increasingly likely to gain full access to phones. Beyond that, cybercriminals might be able to access corporate networks from the devices. The risks are extremely high in the event mobile devices are stolen from employees.

Theft Concerns

Theft concerns on the iPhone or iPad are extremely high. The devices are not only highly sought-after among criminals, but due to their functionality, they contain information that companies will not want to see leak out. Security on all devices is important, but iPhone and iPad security should be especially tight when it comes to theft prevention.

Not all Android-based devices are equally desirable. Some products, like the Droid X, might appeal more to criminals looking to steal a device, than, say, the Dell Aero. Realizing that, it's important to maintain standard anti-theft protocols, but keep in mind that Apple's mobile devices are far more desirable for thieves than any other devices.

Security Options

Apple offers a slew of security features in iOS to try and keep users safe. For one, no single application can access any other, thanks to the operating system's sandboxing feature. In addition, on-device controls will allow IT staff to disable certain applications, including the App Store, to ensure employees only engage in safe activities. In addition, Apple's remote-device management option for companies is a good way to establish and enforce corporate use policies. Combine that with remote wipe, and it's clear that iOS can be a safe and secure option.

Android boasts several security features. For one, every application runs on its own "distinct system identity" to ensure the applications are fully isolated from each other. Beyond that, the system works through the use of permissions that help restrict what a particular application can and cannot do. Google's operating system requires that all Android applications are signed with a certificate. The private key to that certificate is held only by the app's developer. All that, along with remote wipe functionality should provide enterprise users with an adequate amount of security on a day-to-day basis.

Vendor Support

One of the nice things about using iOS is that the company that makes the operating system and the hardware is one and the same. If security issues do happen, there won't be any confusion as to which firm is to blame. The fact that Apple controls both hardware and software might not matter when things are going well, but when they go awry, it means quite a bit.

Google's mobile strategy has multiple hardware partners developing devices using the operating system. If a major security issue breaks out, it might be difficult for your organization to get an adequate response in a reasonable amount of time. Most hardware vendors don't run the standard Android OS, but rather modify it to suit their devices. Plus, if an issue is related to hardware, Google might not take responsibility if Android is breached on a large scale.

Malicious Activity

Currently, malicious activity on iOS isn't all that high. For the most part, cybercriminals are focusing on Symbian and Android. But iOS is expected to become a bigger target going forward than it has been so far.

Android is the second-most-popular malware target in the mobile space, according to McAfee. And most security experts agree that it is likely to become the No. 1 target.

Future-Proofing Concerns

Looking ahead, there's no telling what the future of iOS security will look like. However, malware developers will be targeting it more heavily, and you'll need to keep safety as a top concern. One surefire way to protect your company as much as possible: Do not allow users to jailbreak their iOS-based devices.

As noted, Android will be a major target for malicious hackers in the coming years. If you want to switch to Android, know that it has a bullseye on it.

Employee Choice

If you're worried about keeping employees happy, don't be surprised if they want an iPhone or iPad. If that's the case, be sure to follow all safety procedures and set sensible use policies.

Android is gaining popularity at an astounding rate. Going forward, it shouldn't surprise you if employees want to run Android-based devices. If you want to keep them happy, think seriously about locking down their Android devices as much as possible before you dole them out.

Source: CIO Insight, July 2011