Blog
What is Passwork?
By Iliya Garakh, CTO in Security

How secure are iOS and Android, really?

According to a survey conducted in February 2021, 46% of participants stated that on average, they spent five to six hours on their phone on a daily basis.

That means for almost half of you, a quarter of your life’s security will be dictated by your choice of mobile platform. However, how safe are these popular phone platforms? Because mobile devices have grown to be so important and pervasive in people's lives, they have piqued the interest of criminal hackers looking to steal your personal information.

The technology itself is always advancing, and that’s why we’re not looking to compare specific Android or iOS versions today, but rather the core principles and philosophy behind Apple and ‘the rest’ — which importantly, have consequences in terms of privacy and security.

Let’s start with the most common threat.

App Control

Usually, when it comes to installing an app, there is only one common method to do it — via a specific Store — for example, Google Play or the AppStore. On both platforms, the uploaded application will next go through an app review procedure to verify that it is not dangerous and does not breach any developer policies.

These rules are designed to guarantee that the app's content is suitable, that it doesn't copy other applications or people, that it follows monetization standards, and that it meets the minimum functionality criteria (it should not crash all the time, and it should respect the user experience, for instance).

The problem is that employees tasked with determining whether applications meet particular requirements may be unaware of what the app actually does with personal data. The number of Android and iOS applications (as well as their creators) is constantly growing, and as a consequence, corporations have had to recruit more reviewers in recent years.

And we all know what happens when a firm adds thousands of people all at once: the learning management system becomes difficult to scale, and not all employees are effectively onboarded.

As far as we can tell, the greatest difference in approach is that Apple has actual people checking each app 100 percent of the time, while Google attempts to automate this process as much as possible — and it consistently causes difficulties for them.

According to a report issued in November 2020 by the NortonLifeLock Research Group, between 10% and 24% of 34 million apps scattered over 12 million Android devices might be classified as harmful or possibly undesired apps, depending on your classifications.

Of those applications, 67% were installed from the Google Play Store. The researchers mention that:

"The Play market is the main app distribution vector responsible for 87% of all installs and 67% of unwanted installs”

So, if you’re a person that loads tons of apps while searching for “the perfect one” — consider deleting the underdogs — the fewer apps you have on your phone, the better.

Permission control and telemetry

The most serious danger to your mobile security comes from apps that request too many access permissions and subsequently leak your information.

While the app store is mostly responsible for filtering out malware riffraff that affects a disproportionate number of Android users, iPhone users are not immune to assaults.

And what we mean is that while most iOS users believe they are secure, they are not. First and foremost, when an app gains access to, say, 'All photos,' few users realize that the app may load all of your images in the background, use machine learning to find NSFW content, and discreetly submit it all to a server. Moreover, you won't get the cool camera access dot appearing if the app does that.

Furthermore, even if you disable all of the app's permissions, the app may still gather and monitor a range of data. Every app can monitor 29 highly detailed data points about your iPhone, according to an examination by researchers at privacy software firm Lockdown and The Washington Post, including your IP address, free storage, your current volume level (to 3 decimal points), and even your battery status (to 15 decimal points).

But what about Android?

Well, we have bad news for its consumers as well: according to a study undertaken by Douglas Leith of Trinity College Dublin, Google gathers more than twenty times the amount of data from a typical Android device than Apple does from an iPhone.

This observation remains true even when a user has specifically opted out of telemetry collection. Every 4.5 minutes, both Android and iOS devices send data to Google and Apple's servers, and there's nothing you can do about it as a user.

According to these researchers, smartphones with default privacy settings communicate information such as the IMEI, SIM serial number, phone number, hardware serial number, location, cookies, local IP address, neighboring Wi-Fi MAC addresses, and even the advertising ID.

Both companies, by the way, disagree with the results, claiming that they just expose what is required to keep phones functioning properly.

Updates

Keeping your phone's operating system up to date is the simplest approach to keeping it safe. Updates aid in the mitigation of software vulnerabilities, which are a kind of security flaw detected in an operating system. Hackers make use of this flaw by building code that targets a particular vulnerability, which is often packaged as malware. Simply visiting a website, reading a compromised email, or playing malicious media might infect your smartphone. This is what occurred when the bank credentials of 300,000 Android users were exposed by regular applications on the Google Play store.

When it comes to transmitting upgrades to your palm, Apple still has the manufacturing infrastructure, carrier network contracts, and underlying programming in place to make it happen quickly and painlessly. While some consumers continue to complain about iOS' famed lack of customization, Apple's well-policed walled garden has also ensured that iPhone users are essentially impervious to viruses without even realizing it.

Google, on the other hand, still can’t fix the Android update problem.

Because each Android smartphone has its own hardware, when Google pushes an update, it may take up to a year for other smartphone makers to upgrade their devices, and that's only if they intend to do so. Other Android phones, apart from the Google Pixel series, seldom get all upgrades for an extended period of time — and there are various reasons for this. The first factor to evaluate is the number of models available from each manufacturer. Apple only adds around four iPhones to its portfolio per year, so the total number of iOS devices it needs to support is quite modest when compared to that of android — which is why the 7-year-old iPhone 6s is still getting the latest upgrades in 2022.

Conclusion

The most significant distinction between iOS and Android in terms of security and safety is their ideology. Because iOS is a closed ecosystem, it is entirely under Apple's control when it comes to security. The reason is that, as far as we know, Apple does not gain profit from advertisements (apart from program advertisements in the AppStore), hence it is not interested in gathering and selling your data to third parties.

Google, on the other hand, earns the majority of its revenue from advertisements, which implies that its success is dependent on its ability to target its adverts as precisely as possible. Even though Android is a free and open-source operating system, the Google Play Services that gather data are not.

In the end, Android has a lower degree of security out of the box, but custom Android versions may give a high level of protection.

A self-hosted password manager for your business

Passwork provides an advantage of effective teamwork with corporate passwords in a totally safe environment

Learn more