Similar to the debate of DC vs Marvel, the iOS vs Android debate is probably as old as time itself (if by the time we mean the time the world first saw a mobile operating system).
Because of that, any piece that talks about the merits and demerits of each of these very popular operating systems would be polemic.
After all, these mobile operating systems are brands.
And just like any two brands in the same industry, these are two of the biggest competing brands.
It is not uncommon to see fanboys of both going against each other in various forums on the internet with their comments and what not.
Of course, there is no reason that anyone should dance like puppets defending their own preferred operating system.
No matter what vision of the future Apple or Google advertises to you, in the end, it is more about making money than it is about ‘changing the world’.
In other words, no one wants to change the world unless there is a lot of money to be made in doing so.
That is beside the fact that rage posts from fanboys of both these brands allow a lot of people to make a good living via clicks and unique views.
With all of that in mind, after looking at the current human wreckage and making use of reliable data on the internet, the real questions that fans of each brand should ask themselves are these.
- Which operating system is more secure?
Is it an iPhone?
Or is it Android?
Most people think that the iPhone is more secure than Android by default, but we have more to say on that in a later section.
- Is Android and its lax approach to mobile security really enough to make sure that Android users and their data are safe?
- Is any mobile platform safe?
Despite the success that both of these brands have enjoyed, we should not assume that they are doing everything right.
In fact, they could be failing in vital ways and we may not even know about it.
Apple and its way of securing data
The vast majority of people who make use of Apple products, when talking about mobile security, feel as if there is nothing better than Apple on the planet.
You would find Apple touting that ‘feature’ as well.
Perhaps that is the reason why a lot of people feel that Apple is the clear and deserved winner in that category.
Our point of view is that, it is actually reasonably hard to make any sort of arguments against Apple when assessing mobile security.
On the face of it, it feels like if you have an Apple product, you no longer have to think about mobile security ever again.
Indeed, our research shows that Apple’s control over its iPhone devices is unprecedented.
Moreover, the overall iOS experience actually means that the majority of Apple device users receive and then install security fixes and software updates in a timely manner.
This is perhaps the most critical point.
In fact, it is the major differentiating factor between iOS and Android.
Of course, that is not the only thing Apple iOS has over all of its rivals.
Apple, with the help of some really talented and business-minded people, has managed to maintain its seemingly tight grip over the company’s mobile hardware supply chain.
You should all add to that the fact that Apple secures its users against most malware by implementing a strict vetting process on its official App Store.
As a result of that, Apple has kept a large portion of device control away from independent developers who want to make apps for the App Store.
With that said, one simply cannot ignore the fact that the actual process of vetting and keeping control away from developers is a controversial one.
Some developers have mentioned that the App Store rejects and accepts apps for reasons which are seemingly arbitrary.
However, whatever you say about the App Store and its policies, so far, everything has worked out pretty well in the sense that unlike Android, the App Store has managed to stay pretty much malware free.
Our research shows that when we are talking about security, unlike Android, Apple pretty much takes the old-school ‘whatever it takes to get the job done’ approach.
Let’s take an example to further simplify things.
Or formerly iMessages.
The Message may seem like to some as a kind of simple looking interface for the user to share text messages between computers and phones.
However, during a Black Hat conference presentation some years ago, researchers showed and rather made it obvious that iMessages wasn’t just a simple interface.
It turns out, Apple actually designed the Messages platform pretty much from the ground up to have complete end-to-end encryption.
Researchers also found out that Apple made Messages as much tamper resistant as was then possible.
Another related example is of the servers that are used for Apple Messages.
We have found that these servers require actual hardware keys in order to begin the process of spinning up.
And once the Messages servers become fully operational, the keys get destroyed.
Because of that, no one (not even the likes of Apple) can spy on Apple users.
Such a security measure also prevents people from tampering with the overall system.
We are aware of the fact that the system is overall complex.
But the thing readers need to keep in mind is that it works.
And if something is not broke, do not try to fix it.
Android and the way it likes to secure things
For pretty much the vast majority of its life, Google has made some successful arguments that the Android operating system was actually secure enough.
It is true that neither Google or Android actually caught each and every single uploaded malicious app on the Google Play Store.
In fact, if you really think hard about it, there are several cases where Google Play Store suffered some major security lapses.
Not only that, but many security researchers discovered many security vulnerabilities within the mobile operating system itself.
We, nor can anyone else, deny the fact that the openness with which Android and Google operate along with a fractured installed base (because different Android users have different versions of the same Android operating system) has put a lost of Android’s customers at a tangible risk.
However, you will likely see Google representatives assuredly pointing out that out of a couple of billion of Android users, only a small minority would ever have the chance of encountering something which we would all consider as malicious.
The number they would often tell you is close to one percent and sometimes even less.
With that said, if you do not hate math, you would not have to work very hard to find out that one percent of one or two billion is like a lot of people.
More like, 10 million or 20 million a lot of people.
But one should give credit where credit is due.
Google has learned from its past mistakes and has changed the company’s overall position on issues such as privacy and security.
Recent updates that the company has rolled out for the Android mobile operating system have actually placed more limitations on the kind of information that apps are able to gather on the Android operating system.
In fact, our research shows that the company has actually ditched its older permission model of all or nothing.
Now, Google has gone in the way of Apple as far as its approach to permissions is concerned.
Under the new approach, Android users have the option of agreeing to enable given app access to their smartphone device’s camera while not giving the app access to their smartphone device’s contacts list.
Apart from that, we have also come to know that Google has managed to move to a policy of rolling out more security updates and patches and then pushing them to a more number of devices using the Android mobile operating system.
More fixes obviously mean more security for Android users.
All that aside, perhaps the most important change that has come from Google is something that has not made many headlines.
Our research shows that Google has actually moved a lot of its resources to taking care of security deep within its Android mobile operating system.
It has done the same for Google Play Services as well.
The advantage of that is Google owns the Google Play Store.
And because of that, it can update irrespective of which version of the company’s Android mobile operating system the user is running on the smartphone device at a given moment.
As a matter of fact, that also allows for applications such as Safety Net and others that allow Google to watch out for different types of malware on different mobile devices and even that kind of malware that hackers used to sideload from various different outside the official Google Play Store.
We have also come to know that from that point onwards, Google has actually not only put in more resources and expanded the security features that exist in its Android mobile operating system but has also worked hard to make its Android smartphone devices into more like security devices.
What do we mean by that?
Well, we mean that Google has increased the number of ways in which a user could use his/her Android smartphone device.
Now, Android users can use their Android-running devices as working two-factor FIDO2 authentication mobile devices.
In the process of doing so, Google is now providing pretty much one of the most flexible and best 2-factor authentication options to each and every Android user.
Now, for users who always wanted to make use of FIDO2, all they have to do now is spend anywhere from $20 to $50 in order to purchase a security hardware key from providers such as Google and/or Yubico and they are done.
That is cool.
Things that both Android and iOS get wrong.
We have already mentioned the fact that the total number of malware infections for both platforms is relatively low.
Remember, only one percent of the total Android users throughout the world would ever encounter something that can be classed as malicious.
Moreover, the other more important thing is that whatever these unlucky 1 percent got on their devices never really made it to the rest of the 99 percent of Android users.
Now, according to statistics from 2015, the vast majority of people who did get malicious infections and all the other nasty stuff, were actually making use of Android devices that were low-budget.
Additionally, the vast majority of users making use of these low-cost Android devices were living in developing countries.
That is said to say the least.
BEcause all the big risks that are involved with using an Android device and iOS device eventually get pushed rather disproportionately to those people who have the least means to actually weather an attack or scam.
That is not to say that Google hasn’t done its part.
The company, as mentioned before, has made pushes to clean up applications on Google Play Store as well as Android itself.
But the thing is, the current model still requires a decent amount of buy-in from the developer.
What we want from Google is to somehow convince different developers to start doing things a bit differently.
Moreover, they should encourage developers to make use of newer, safer and better tools which the company itself provides.
Now, on that note, Google did introduce a kind of sticks and carrots system to force app developers to get on board with the company.
However, the policy did not exactly result in positive results.
The problem gets further compounded because of the previously mentioned fractured condition of Android.
What we mean to say is that, there are currently three different Android versions on Android devices that have close to 20 percent of the total Android installed base.
There are also other tinier Android version splinters along with the main three.
As far as the end user is concerned, this means that there are a ton of them who still never get the latest improvements Google has to offer in terms of operating system updates.
Developers know this.
And they can hence continue with their ways and target such a fractured install base with their old-model apps.
Of course, that does not mean everything is well and good at Apple.
Apple itself has had to deal with the consequences of the company’s strict control policies.
Moreover, these policies have also hurt users.
Because Apple makes use of incremental updates in order to provide security improvements to its users, it means that Apple users will have to wait a long time before their Apple devices such as the iPhone and others are able to act as a working FIDO2 2FA authentication devices.
In fact, currently, we are not even sure if that will ever happen.
It is true that even if you wanted to, you cannot use your YubiKey NFC 5 with any of your iPhone devices.
The reason for that is simple:
iPhone still does not have any support for FIDO2 over NFC.
Compared to Android, Apple has shown a lack of interest and hence speed in bringing more features for password manager integration.
And because Apple will not adopt fast enough, it only makes it much more difficult for Apple users to do the best things that they can possibly do in order to keep all of their information safe and sound.
Surprisingly enough, that is not the greatest sin Apple has on its record of deeds when it comes to security.
We have already mentioned that Apple has a ‘whatever it takes to get the job done’ kind of strategy when it comes to security.
Sadly, that strategy comes at a reasonably high price.
That price, is the price of the handset that the company puts out almost every year.
Our research shows that the most economical iPhone device that people can get from Apple is the iPhone 7.
And it costs around $449.
Not exactly cheap.
Though you can bring that price down further by making use of all those trade-in discounts.
In fact, there are even payment plans available for people which go as low as $18.99 per month.
That is not a lot of money at all.
On the other hand, the good quality and new Android smartphone devices are easily available to everyone for pretty much as low as $220.
You do not need us to do any math to know that Apple devices clearly charge the higher price.
And it is not like Apple does not know this.
It has smart people working in the background, so the company is bound to know that it charges more money to users than Android does.
Of course, Apple wants people to know that if they are not sufficiently rich, then they do not really need to get an Apple device for Apple security.
In other words, if the ton of consumers find that an iOS device is outside of their budget or price range then Apple is not really interested in giving them any protection.
These reasons still have not touched upon the fact that the biggest online cyber threats to both Android and iOS users are not security holes in the operating systems of their devices.
The biggest threats are,
- Online fraud
These cyber threats usually come in all shapes and sizes.
- Phishing emails
- SMS scams
In that respect, we also should mention that both platforms have taken the required steps to go ahead and tackle such cyber challenges head-on.
However, end users still need to make a mental note of the fact that while phishing and spam do not sound as hot as ‘state of the art government-crafted online malware’, these are in fact the only real threats that mobile users should worry about.
Things iOS and Android can do better
We do not want to put ourselves in a situation where we tell users which platform provides better security or which one is better.
But we genuinely have this belief that there is actually a huge gap between the approaches that Google and Apple take to solve the problem of mobile security.
In short, both these big technology companies have varied business models and goals.
That is probably the reason why they have addressed issues related to mobile security in their own ways and look at them with their own lenses.
Between all of this, there is a dirty secret though.
That dirty secret is that both Google and Apple have so far managed to succeed at issues related to mobile security.
Of course, in order to truly appreciate that you have no other choice but to look at this from their respective lenses and hence business models.
On the one hand, we have Google.
The company has no other choice but to maintain an uneasy and rather massive alliance of software and hardware developers.
It has to do that if it wants to remain, by far, the most popular operating system on this green planet that humans are hell-bent on destroying.
Google gets things wrong.
But it still goes ahead as long as the overall relationship between different players is not affected.
Then there is Apple.
Apple considers its reputation over everything else.
There is no doubt about the fact that people do feel more secure when they are making use of an iPhone device.
Moreover, they also feel easy in spending a lot of money with and on iPhone devices.
Apple likes to move deliberately and slowly.
Because of that, it usually gets things right the very first time.
But that comes with the problem of Apple staying behind others when it is time to adopt newer mobile technologies.
Of course, you are free to forget about the operating system that you are using and make use of a VPN to protect your data.