Wednesday, October 3, 2012

iOS vs. Android security comparison

I've been pretty harsh the last week or so to Apple, and so I thought I'd step back and look at the broader picture.  Which has better security, iOS or Android?  There are a few different aspects of security that I'll go through, in rough order of importance.

Security Patching

Apple is straight forward: they release a security update, and your phone or iTunes downloads it.  It's straight from the factory to you, which is the Right Way to do things.  Apple seems to release iOS security fixes every 3 months or so which is a little slow for my taste, but is probably OK for now.

Android has a much more convoluted patch release process.  Google creates the patch, but rather than sending it to you, they give it to the handset manufacturer (Samsung, HTC, Motorola, etc).  The manufacturer packages it up (maybe with some other stuff) and releases it to the carrier (AT&T, Verizon, etc).  Some day, it may even show up in your phone.  This is clearly Broken.

It's even worse, because there's a fair amount of churn in the Android device market, with vendors entering and exiting all the time.  There are quite a few "orphan" Android phones that are non-upgradeable, with exploitable security flaws.

Advantage: Apple (by a lot).

Malware

Apple uses a "Walled Garden" app distribution model, meaning that app developers have to submit their app to Apple for testing and vetting.  Apple runs code scanners on apps to try to determine if the app is dangerous or malicious, and while there's only so much that code scanners will tell you, they're making an effort.  A number of developers complain about the "fascist" model of the iTunes app store, but the result is that there's not very much iOS malware.

Android uses a very different "Open Garden" approach.  Anyone can create an app, and get it up in the Android Marketplace.  Little (or maybe no) vetting is done, and so the Android Marketplace is filled with malware apps.  While it's very hard to get reliable counts, the minimum is several thousand malware apps available for download.  Android Security ProTip: the Android "Legend of Zelda" app is malware.

Advantage: Apple (by a lot)

App Sandbox

A sandbox is a restrictive execution environment that only allows a program to take particular actions.  Both iOS and Android have roughly comparable capabilities here.  Apple's is, as you'd expect, easier to understand.  Android's is - again, as you'd expect - more granular and flexible.  I don't see very much difference.

Note that if you jailbreak your device, you blow away the sandbox entirely - everything runs as root (with elevated privilege, meaning the programs can do anything without restriction.  From a security point of view, this is very bad juju.  It applies equally to iOS and Android.

Advantage: none.  It's a tie.

I'll do some more thinking, and put up another post if there's more, but overall, Apple seems to have a pretty big advantage in security.

3 comments:

Rick C said...

"Note that if you jailbreak your device, you blow away the sandbox entirely - everything runs as root (with elevated privilege, meaning the programs can do anything without restriction. From a security point of view, this is very bad juju. It applies equally to iOS and Android."

I've got the output of a ps listing that would tend to disagree with you. Otherwise there'd be no point in superuser utilities.

Jake (formerly Riposte3) said...

"Note that if you jailbreak your device, you blow away the sandbox entirely - everything runs as root (with elevated privilege, meaning the programs can do anything without restriction. From a security point of view, this is very bad juju. It applies equally to iOS and Android.
"


I can't speak for iOS, but in Android any app that requests root privileges causes the user to be prompted for approval*. The user then has the option to approve or deny that request, and I believe there is an option to make that approval permanent or one-time-only. Thus mitigating the risks and leaving a decent basis for risk/benefit balancing.

In my case, the benefit of having Titanium Backup available (and the ability to transfer all my app data from my old phone to my new one) was well worth the risks introduced by rooting.

* At least with the most popular root packages. There may be some out there that don't, but I doubt it, and if there is one and you use it, you have a heck of a lot more to worry about than what your apps are accessing.

Jake (formerly Riposte3) said...

Also, Google has been running code scanners on the Marketplace since at least February, so they've caught up with Apple on that point.

There may be "several thousand malware apps available for download" (depending on how you define "malware"), but my understanding is that most of those are not available through Google - most of them are on third-party unofficial markets. Of course, you have to specifically allow installation of apps from third-party sources through a selection in the settings menu.