Google Android and Apple iOS 7 are powerful operating systems that power countless devices. The two platforms have some major differences when it comes to security and the notoriously weakest link in the chain — the user.
Android security
Based on Linux, the open source Android platform is highly secure at the operating system level. The Linux kernel provides security mechanisms such as process isolation, user-based permissions, inter-process communication, resource isolation and monitoring, and verified boot.
As a fundamentally open system, Android places a lot of trust in its users and the developer community. Users can choose to install applications at will, regardless of their origin. Before installing the application, the user is prompted with a list of all possible actions that the program may try to perform; approval is required to proceed.
In late 2013, Google released Android Device Manager, allowing users to remotely lock or wipe their device — usually because it’s been lost or stolen. This is similar to Apple’s Find My iPhone function, available since 2010.
iOS 7 security
Apple’s iOS is recognized as one of the most secure consumer operating systems. iOS 7 has several strong security features:
- * Find My iPhone allows users to locate a lost device, then lock or wipe it remotely; this feature has been available since iOS 5. Activation Lock, enabled by default, requires the user’s Apple ID and password to turn off Find My iPhone or wipe the device. Thus, it will be more difficult for thieves to profit from stolen devices.
- * iOS 7 generates random alphanumeric passwords, which makes brute-force cracking impractical.
- * iPhone 5s has a new fingerprint identity sensor, Touch ID, which eliminates the need to enter a passcode every time the user unlocks the phone.
- * iOS 7 allows users to control which apps can access the microphone, camera, and mobile data.
However, several lock screen vulnerabilities have been discovered in iOS 7; this allows attackers to access information on the phone even if it is locked.
Comparison: Android and iOS 7
The Android and iOS platforms have philosophical differences: Android is open, with freedom for users and developers, whereas Apple seeks quality and exclusivity, so the iOS platform is stricter.
Both platforms incorporate traditional security features such as passcodes, idle time locks, process and resource isolation, permissions, and protection from Web attacks. iOS also includes an auto-delete feature. This causes the phone to self-destruct if the passcode is entered incorrectly 10 times.
Both platforms are vulnerable to unauthorized access of sensitive data.
The main difference between Android and iOS 7 is how each handles app permissions. Android users deal with permissions once per app, at the time of installation. This fixed, all-or-nothing permissions model is Android’s weakness — the user is forced to decide whether to run an app based on reputation. iOS users first install the app and then are prompted whenever they need special access.
Apple’s App Store is the only source for iOS apps, which are analyzed before publication. However, Apple has been known to remove certain apps due to bad behavior. In the Android world, there are many third-party distribution channels apart from Google Play. This is a factor in the emergence of malware on the Android platform, which is the target of most malware authors. The Android platform is also fragmented, with many different versions of the operating system running on multiple devices. There is no single and uniform mechanism to update Android devices to the latest firmware, which provides security and bug fixes.
There are popular security apps, paid and free, for every platform. Since users are very concerned about security, this area of mobile app development is very active.
Both Android and iOS 7 are technically secure platforms. However, technology is truly safe only when no humans use it.
