A new report from Marble Security reveals that while Android has significant security issues due to malware-ridden third-party application stores and the ecosystem’s software fragmentation, iOS isn’t that much safer for use in an enterprise environment.
According to the company, both mobile operating systems pose risks to the enterprise, for different reasons.
“Some people believe that iOS is a more secure operating system than Android. This report maintains that neither iOS nor Android is inherently more secure than the other,” the report reads. “That said, Apple controls app distribution and OS version control in a more secure way, which creates a more secure operating environment than Android. However, the risks to enterprises allowing employees to bring in their own devices, whether iOS or Android-based, are not that dissimilar.”
The company cited an OpenSignal.com report that counted 11,868 different types of Android devices running different Android versions, with some of them having “security vulnerabilities, old patch levels, insecure configurations, or unsecured apps installed from the factory.” The wide variety of Android devices and third-party Android app stores, and the open nature of Android, are all factors that make it easier for hackers to create apps with malicious intentions for Google’s platform, such as the bitcoin-mining apps that were found in the Google Play Store recently.
However, iOS device users can also install apps that have not been vetted by Apple, after jailbreaking their devices. The company has also detailed a silent kind of iOS jailbreak app that manages to hide the jailbroken status of the device, which would allow attackers to take advantage of a device. Furthermore, attackers can target iOS and Android devices through similar means, including SMS or through Wi-Fi hotspots.
“It is our view that within three months of the release of new iOS or Android versions that there is no difference in the risk of jailbreak or rooting, and that tools to prevent detection are similar on both platforms,” Marble Security wrote.
The company found that both platforms are equally exposed to phishing, spear-phishing, SMS-phishing and App-phishing and to SSL vulnerabilities, revealing that the hackers who managed to hold iOS devices for ransom in Australia first phished data from iPhones and iPads.
Furthermore, iOS devices can be targeted through websites. “This attack strategy requires a user to visit a web page on their iPhone or iPad. If that user installs a hostile configuration profile, then the enterprise is at risk for intercepted traffic, fake app installation, sophisticated phishing, and APTs,” the report said.
The study further revealed that the app categories with the most variable risk behavior for enterprise are social networking and productivity apps on Android, and games and news apps on iOS. The company has apparently analyzed more than 1.2 million apps on both Android and iOS for the study, which can be accessed in full by following the source link below.