iOS vs. Android Mobile Security


Let’s say it’s time to make a new native app for your business. Do you go with iOS or do you go with Android? There are a great number of factors that go into such a decision, far too many to list in a single article, but one of the most important factors to consider is the issue of security. This is true for everyone, but especially true of apps which feature the use of sensitive personal and financial information – even as small as user location can be used maliciously in the wrong hands.

So which side is better when it comes to mobile security?

General Openness

The openness and decentralized nature of Android puts you at a higher baseline risk of security breaches right out of the gate.

iOS has a closed ecosystem with tight control over what you can do with your device, which guarantees greater security no matter how much of a hassle such a system can be. With iOS, system updates are passed directly from the manufacturer, which is also the operating system developer, to the device. Apps can only be downloaded from the App Store, which is under tight lock and key.

Unlike Apple and iOS, Google is not directly involved in the manufacture of devices that run the Android OS. This means it takes longer for Google to get security updates to its customers, since it’s up to the manufacturers to get them to customers. Google itself admitted that a ways to go in order to make sure this is happening on a consistent and timely basis. For the most part this doesn’t result in major security issues but nevertheless the possibility of error is much greater than zero.

Rooting and Jailbreaking

The deliberate circumvention of your own security protections, “jailbreaking”, became popular in the early days of the iPhone as a way for people to get the iPhone to work on their carrier of choice, circumventing carriers that had exclusive access to the device. These days it’s mostly done to let users run apps from outside the app store. When detected, Apple will attempt to override the jailbreak to restore the phone’s original settings.

Android has an equivalent of this practice, called “rooting”. Rooting voids the warranty on all phones on which it is done, and neither Google nor any device manufacturer will make automated attempts to reverse the circumvention of security.

Jailbreaking/rooting makes your phone more vulnerable in either case, but it is much more easy to do on Android than on iOS.

Proactive Security

The iPhone certainly has an edge over Android in terms of ecosystem security, one Google does do better in keeping its users safe from suspicious activity through something called “Safety Net.”, a system that operates in the background and continuously scans for suspicious activity. It also prevents certain apps, like Android Pay, from working on rooted devices, helping prevent avoid security risks rather than trying to lower them. Apple, as of this writing, doesn’t have such a system in place.

 

Overall, Apple’s closed ecosystem provides much more security up-front although this can cause security fixes to be slower to come to market due to its centralized nature. If you’re looking for more absolute guarantees about security then iOS is definitely the way to go, although in the end the two approaches lead to comparable numbers of security vulnerabilities. The decision of which one to go for is ultimately up to you.