SideXSide: iOS Vs. Android in a Security Showdown

The phone-hacking scandal that’s shaking the core of Rupert
Murdoch’s media empire leads us to ponder the
security of the growing number of smartphones coming into the enterprise.
Granted, as far as we know to date, the Murdoch hacks primarily involved
accessing old-school voicemail on mobile phones. Nonetheless, concerns about
mobile security are growing.

Google’s Android operating system and Apple’s iOS especially
raise security concerns for enterprise CIOs. Both platforms are quickly gaining
ground in the workplace as the consumerization of IT becomes a big issue for CIOs.
As the iPad continues to sell like hotcakes and a growing number of Android
tablets coming into the market this year, each operating system is likely to
take a firm hold among your users.

Unfortunately for CIOs, hackers and cybercriminals are fully
aware that corporate customers are starting to turn their attention to those
operating systems. And they’re constantly thinking of ways to use the growing
use of mobile devices to break into a company’s network and wreak havoc.

So, before you opt to connect an Android- or iOS-based
device in your operation, be sure to check out the following SideXSide
comparison. We take a look at the devices offered with those operating systems,
the kinds of security issues currently affecting the marketplace, and the threats
that have already been identified.

SideXSide: iOS Vs. Android in a Security Showdown

Features

Apple iOS

Google Android

Versions At Risk

All versions of iOS, though iOS 4 is the latest operating
system and most likely to be used.

Due to Android fragmentation, there are several Android
versions at risk, including Android 2.1, Android 2.2, Android 2.3, and Android
3.0.

Compatible Devices

 

Apple iPhone, Apple iPad, Apple iPod Touch

Motorola Droid X, HTC Evo 4G, Samsung Galaxy S, and every
other Android-based smartphone on the market. Android tablets, including the
Motorola Xoom, are also susceptible to threats.

Known Issues

As of this writing, there aren’t any major issues that
would affect a locked version of iOS. However, those who unlock iOS leave
themselves open to several potential issues, including data loss.

Google’s Android platform hasn’t experienced widespread
issues, but even locked versions can be attacked. Google was recently forced to
remove from its Android Market applications that contained malware. Those apps
had been downloaded hundreds of thousands of times before they were removed.

Risk Factors

For one, sensitive data stored on the device could be
stolen, since malicious hackers are becoming increasingly likely to gain full
access to phones. Beyond that, cybercriminals might be able to access corporate
networks from the devices. The risks are extremely high in the event mobile
devices are stolen from employees.

For one, sensitive data stored on the device could be
stolen, since malicious hackers are becoming increasingly likely to gain full
access to phones. Beyond that, cybercriminals might be able to access corporate
networks from the devices. The risks are extremely high in the event mobile
devices are stolen from employees.

Theft Concerns

Theft concerns on the iPhone or iPad are extremely high.
The devices are not only highly sought-after among criminals, but due to their
functionality, they contain information that companies will not want to see
leak out. Security on all devices is important, but iPhone and iPad security
should be especially tight when it comes to theft prevention.

Not all Android-based devices are equally desirable. Some
products, like the Droid X, might appeal more to criminals looking to steal a
device, than, say, the Dell Aero. Realizing that, it’s important to maintain
standard anti-theft protocols, but keep in mind that Apple’s mobile devices are
far more desirable for thieves than any other devices.

Security Options

Apple offers a slew of security features in iOS to try
and keep users safe. For one, no single application can access any other,
thanks to the operating system’s sandboxing feature. In addition, on-device
controls will allow IT staff to disable certain applications, including the App
Store, to ensure employees only engage in safe activities. In addition, Apple’s
remote-device management option for companies is a good way to establish and
enforce corporate use policies. Combine that with remote wipe, and it’s clear
that iOS can be a safe and secure option.

Android boasts several security features. For one, every
application runs on its own “distinct system identity” to ensure the
applications are fully isolated from each other. Beyond that, the system works
through the use of permissions that help restrict what a particular application
can and cannot do. Google’s operating system requires that all Android
applications are signed with a certificate. The private key to that certificate
is held only by the app’s developer. All that, along with remote wipe functionality
should provide enterprise users with an adequate amount of security on a
day-to-day basis.

Vendor Support

One of the nice things about using iOS is that the
company that makes the operating system and the hardware is one and the same.
If security issues do happen, there won’t be any confusion as to which firm is
to blame. The fact that Apple controls both hardware and software might not
matter when things are going well, but when they go awry, it means quite a bit.

Google’s mobile strategy has multiple hardware partners
developing devices using the operating system. If a major security issue breaks out, it might be difficult
for your organization to get an adequate response in a reasonable amount of
time. Most hardware vendors don’t run the standard Android OS, but rather
modify it to suit their devices. Plus, if an issue is related to hardware,
Google might not take responsibility if Android is breached on a large scale.

Malicious Activity

Currently, malicious activity on iOS isn’t all that high.
For the most part, cybercriminals are focusing on Symbian and Android. But iOS
is expected to become a bigger target going forward than it has been so far.

Android is the second-most-popular malware target in the
mobile space, according to McAfee. And most security experts agree that it is
likely to become the No. 1 target.

Future-Proofing Concerns

Looking ahead, there’s no telling what the future of iOS
security will look like. However, malware developers will be targeting it more
heavily, and you’ll need to keep safety as a top concern. One surefire way to
protect your company as much as possible: Do not allow users to jailbreak their
iOS-based devices.

As noted, Android will be a major target for malicious
hackers in the coming years. If you want to switch to Android, know that it has
a bullseye on it.

Employee Choice

If you’re worried about keeping employees happy, don’t be
surprised if they want an iPhone or iPad. If that’s the case, be sure to follow
all safety procedures and set sensible use policies.

Android is gaining popularity at an astounding rate.
Going forward, it shouldn’t surprise you if employees want to run Android-based
devices. If you want to keep them happy, think seriously about locking down
their Android devices as much as possible before you dole them out.

Source: CIO Insight, July 2011

Latest Articles