Are Some Mobile Operating Systems Less Secure Than Others?
Examining Recent Findings
Which mobile operating system provides the best level of security in the enterprise? Is it Android or is it iOS? Let’s examine the potential flaws in both of these operating systems, as well as strategies to boost security posture.
Android Has Numerous Vulnerabilities
The general consensus in the mobility community is that Android devices contain more inherent security and privacy vulnerabilities. These security risks are enough to make mobility leaders think twice about issuing Android devices for employees.
The problems behind the security issues on Android devices stem from multiple areas. Google spends less time reviewing new apps when compared to Apple, which is an issue due to the rise of malicious mobile apps. Biometrics is also an issue, because some Android devices’ facial recognition software can be tricked to open with just a photo of a face. iOS devices’ facial recognition software requires the real face, not a photo.
Android is the most popular operating system in the world, which means that it has a target on its back that hackers like to exploit. Its devices are also known to collect and sell data more often than Apple, and it has fewer software updates. For these reasons, privacy of data is a big concern.
“When it comes to privacy, Android is still the second choice,” Jessica Ortega, a website security analyst at SiteLock told MarketWatch back in 2018. “Android’s requirement that data on mobile devices be transmitted to Google servers and used for targeted advertising and building a user profile, makes Android the more customizable, but less private mobile operating system.”
Not So Fast, iOS
Despite the reputation that Android devices have more security flaws than iOS, new research suggests that iOS can also be a difficult operating system to secure. iOS applications from third parties could easily contain malware and viruses.
There is also a new breed of iOS attacks called “trustjacking,” which results in hackers attacking the device through WiFi (or perhaps even a remote hacking). Discovered by researchers in 2018, this occurs when users plug the iOS device into another computer, and are asked whether or not to trust the computer.
In 2019, a report from IDC highlighted the negative perception with Android device security, and why iOS devices can present security risks. IDC found no correlation between device operating systems and frequency of mobile security events, with roughly 35%-40% of both and “Android-majority” and “iOS-majority” organizations experiencing security incidents. Although the report was sponsored by Android, it did highlight facts such as the frequency of potentially harmful apps from Google Play decreasing from .04% to .01%.
The Bottom Line
Regardless of the operating system, any mobile device could present security risks for an enterprise. To mitigate liability, enterprises should focus on enhancing mobile device policies and leverage technologies that prevent attacks.
First, the right policies, especially as they relate to devices capabilities and privacy, is a good start to enhancing mobile security. There should be policies in place that prohibit downloading mobile applications from third parties (especially for corporate-owned personally-enabled devices). Employees should be required to use strong passwords, and the use of public WiFi should be forbidden. Enterprises must continuously educate employees about these policies.
The right tools can also ensure a good security posture on mobile devices. Solutions, including enterprise mobility management (EMM), can provide a good defense against attacks. Adding encryption and biometric capabilities to devices can also be beneficial.
Download our exclusive report 11 Best Practices To Improve Mobile Device Security to learn more strategies from leading mobility experts.