Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Android vs iPhone security


  • Please log in to reply
6 replies to this topic

#1 GoshenBleeping

GoshenBleeping

  • Members
  • 264 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:31 PM

Posted 16 October 2012 - 12:20 PM

I have some questions about smartphone security, specifically the difference between the Android & iPhone platforms. My motivation is curiosity. I am not using this information to decide which phone to purchase (I use a Tracphone).

Reading several articles on various web sites, I get the impression of the following:
(1) Android is less secure than iPhone
(2) There is no known malware for iPhone

Are these statements true? Is there any hard data that documents malware for the different platforms?

Anti-malware software: There appears to be several products for the Android, but I cannot find any product for the iPhone. Is this discrepancy due to Apple's superior security technology?

Comments?

BC AdBot (Login to Remove)

 


#2 Quote

Quote

  • Banned
  • 173 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:31 PM

Posted 16 October 2012 - 01:26 PM

Hello,

I am not a Apple expert (because I think it sucks) but there is no malware for Apple, so they have no anti-malware programs. The reason is that is open source and all members who use it can fix any problems. :)

#3 computerxpds

computerxpds

    Bleepin' Comp


  • Moderator
  • 4,488 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:04:31 PM

Posted 16 October 2012 - 01:46 PM

Hello,

First thing I will say is, its a very simple concept behind the reason the IOS platform (which is the operating system of the iPhone) is more secure and virtually malware/virus free (Nothing is absolutely secure/invulnerable.. ever) is because every app on the app store has to go through a review process by apple which screens them for any breaches in security and violation of app store rules. Seconds is because IOS has a various set of security tools within the OS itself.

Now compare this to android, the google app store is open, apps do not go through a review process and thus can contain security holes or be malware in themselves. This is almost to par with why windows users are prone to viruses and malware, its easy to inject the necessary code into the ecosystem and produce something that will gain profit from stealing information from a users phone. Lets face it, if you were a developer of malicous software would you rather have 1000 people be infected and your package removed from the app store in 1 day or infect 1000000 on android and have your package remain on the store for many months? That's essentially why android has anti virus scanners and anti malware apps. Now this isn't to say that android doesn't try to be as secure as possible, because it does, most apps run sandboxed (cannot interact with files outside of its own) and are pretty safe, but there are ways around the sandbox.

Resources:
http://www.informationweek.com/security/mobile/smartphone-security-smackdown-iphone-vs/231000953

This topic may be of use to read through real quick has some more links on android,
http://www.bleepingcomputer.com/forums/topic429636.html/page__pid__2856392#entry2856392

I'm sure there will be many more replies to this from some of our experts on the subject but this is just my take and experience on it. :)

Edited by computerxpds, 16 October 2012 - 01:48 PM.

sigcomp.png 
If I have replied to a topic and you reply and I haven't gotten back to you within 48 hours (2 days) then send me a P.M.
Some important links: BC Forum Rules | Misplaced Malware Logs | BC Tutorials | BC Downloads |
Follow BleepingComputer on: Facebook! | Twitter! | Google+| Come join us on the BleepingComputer Live Chat on Discord too! |

#4 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,705 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:31 PM

Posted 17 October 2012 - 04:53 AM

Anti-malware software: There appears to be several products for the Android, but I cannot find any product for the iPhone. Is this discrepancy due to Apple's superior security technology?


No, it is because of technical limitations and business policy.

First, AV vendors can't develop AV products for iOS because they don't have access to the necessary API that would allow them to scan resources (like files) for malware.

Second, Apple doesn't want AV software for iOS. I forgot the name, but there was an AV company that developed an app that would just enumerate all the apps installed on your iPhone/iPad/iPod and warn you of apps that pose a security risk to you. Apple removed that app from the app store, claiming it it did not adhere to their policies.

Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Senior Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2019
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#5 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,705 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:31 PM

Posted 17 October 2012 - 04:55 AM

The reason is that is open source and all members who use it can fix any problems. :)


No, iOS is not open source. Android however is open source.

Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Senior Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2019
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#6 cee134

cee134

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:04:31 PM

Posted 17 October 2012 - 09:56 PM

First, yes, Apple is more secure then Android. For the reasons Computerxpds said.

2nd, it's not malware you have to watch out for as much as your phone being hijacked because you gave your permission to let that app do things like change your passwords and look at your emails. Usually people would give their permission is because they didn't read what the app was asking for.

3rd, any app can do this on any OS, but apple has more security for it's apps. Also with Windows 8, there will be more windows apps and there will be cross platform apps that steal info on all user systems (PC and mobile). So it pays to know about the company and the app, not just the amount of users who downloaded it.

#7 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,705 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:31 PM

Posted 18 October 2012 - 05:18 AM

There are certainly exploits for vulnerabilities in iOS.

Remember jailbreaking your iPhone/iPad.
That was done through an exploit for a vulnerability in the PDF viewer, that ultimately lead to a full compromise of the iOS device.
Now users of the jailbreak PDF did not consider this malware, because they sought the benefits of the jailbreak.
But you can be sure that Apple considered this malware, because they don't want jailbroken devices.
However, for PR reasons, Apple never called these jailbreaking PDFs malware in public.

I hear that on average, 5 such iOS exploits are sold on the black market per month.

Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Senior Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2019
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users