Printed from http://www.electronista.com

Symantec: Android and iOS more secure than PCs, iOS better

updated 06:25 pm EDT, Tue June 28, 2011

Symantec says Android slipping vs iOS on security

Symantec in a study Tuesday (below) gave Android and iOS an advantage over computers in security but gave Apple the edge. Both the Apple and Google mobile platforms are more secure than on many computers, especially Windows, since they prevent "drive-by" app installs and often can't get as many privileges. The presences of app signatures on either adds a layer of security that desktop platforms don't always have.

The two platforms are nonetheless wildly different in practical security, the antivirus developer says. Apple's model is noticeably superior since it runs a "rigorous" screening of security threats in apps. While complaints have been made regarding the flexibilities and freedoms for iOS apps, the requirement that every app must be digitally signed also prevents instances of apps that are either stolen and modified or else are inadvertently infected. Apps are inherently sandboxed, and much of the information either is or can be hardware-encrypted using a tough 256-bit algorithm, the study finds.

Of the four incidents of intrusive iOS code Symantec uses as examples, only two are actual malware and only ever affect jailbroken devices, where Apple's security layers are stripped off. The security software developer acknowledged that it might be very difficult, though not impossible, to compromise iOS through the app model.

"In this regard, Apple has been effective," Symantec says. "Thus far, we haven't seen actual malware targeting non-jailbroken iOS devices."

Android is facing a considerably bleaker situation, Symantec warns. Google makes sure apps are sandboxed and can keep browser attacks largely limited to the web app itself. The company's deliberately looser app certification process, permissions for non-Market apps, and vague permission systems, however, are all contributing to a rapidly growing malware problem.

Google is increasingly allowing malware in signed apps, and unsigned apps don't face any blocks, according to Symantec. The permission system is proving to be fruitless since many either ignore the warnings of what access an app needs or don't understand their meanings to start with.

Device fragmentation also remains a problem. Because custom implementations can prevent updates for months or sometimes prevent them altogether, only a fraction of devices are running Android 2.3 and are fully patched up against the exploits Google so far defends against. Only Android 3 has hardware data encryption, too, leaving all 2.x devices open to data being intercepted with the right exploit.

All examples of Android malware given by Symantec are real, in-the-field attacks that have done damage to stock, non-rooted devices and in some cases have been on Android Market until they were pulled, even just recently.

Either platform still has vulnerabilities. None does an effective job of guarding against phishing or other scams, and either is still open to attack from someone who has physical access. They in some cases give access to calendars, contacts, and other information without explicitly informing the user. They can also be conduits to PCs in a workplace, such as if an infected phone is synced without being monitored or pushing rogue code through the cloud. Corporate customers get a "mixed bag" where security is at once tighter and yet sometimes more of a risk.

The report still ends up defeating calls from Kaspersky's CTO to open up iOS. Kaspersky and Symantec alike would stand to profit from selling security software on iOS but, to date, can't prove that the platform needs the code. Google's choices lead to more variety and capability in apps but have created the vulnerabilities that would require antivirus apps.




Share





Symantec Mobile Device Security Study



By Electronista Staff
toggle

Comments

  1. slapppy

    Fresh-Faced Recruit

    Joined: Mar 2008

    +9

    iOS is much better

    You would have to be an idiot to deploy Android for your business. Specially banking, securities, government.....

  1. aristotles

    Grizzled Veteran

    Joined: Jul 2004

    +3

    This shows the difference between Kaspersky and Sy

    I would never Kaspersky after the recent comments and complaints about the locked down nature of iOS by their CTO. I have heard that Symantec products can be problematic as well but they seem to be less slimy than Kaspersky.

  1. sofakingjewish

    Fresh-Faced Recruit

    Joined: Jul 2011

    -1

    andriod is not enterprise ready

    wonder if a year from now how webos will be in enterprise?

Login Here

Not a member of the MacNN forums? Register now for free.

toggle

Network Headlines

toggle

Most Popular

Sponsor

Recent Reviews

Dell AD211 Bluetooth speaker

For all of the high-priced, over-engineered Bluetooth speakers in the electronics market, there is still room for mass-market solution ...

VisionTek 128GB USB Pocket SSD

USB flash drives dealt the death blow to both the floppy and Zip drives. While still faster than either of the old removable media, sp ...

Kodak PixPro SL10 Smart Lens Camera

Smartphone imagery still widely varies. Large Megapixel counts don't make for a good image, and the optics in some devices are lacking ...

Sponsor

toggle

Most Commented

 
toggle

Popular News