“iPhones don’t get viruses” is a belief that many iPhone users have held for far too long and many hackers have exploited to their advantage. Over the last couple of years this perception has been shattered with many Governments and large corporations shifting their devices back to Android. In 2015 the XcodeGhost malware was identified in hundreds of apps in the App Store that could collect device data and be saved to command and control servers by attackers. It was spread by Chinese developers using a disguised version of Apple’s Xcode app developing software and specifically targeted devices running iOS. This goes to show that while Apple control the software and hardware of its devices they are still vulnerable to sophisticated attacks. Just last month the source code for the iOS boot loader, iBoot, was purportedly leaked. iBoot is a fundamental component of iOS’s secure boot chain, a crucial part of the process that happens when the phone is switched on. This vulnerability could be accessed by hackers seeking to gain access to Apple phones further evidencing that Apple’s once ‘impenetrable’ armour is showing its cracks.
There is a common misconception that Google’s Android because of its open-source design is not secure. While Apple’s iOS is viewed as the gold standard in terms of mobile OS security because of the stringent vetting apps go through to make it onto the App Store. This perception is both naïve and dangerous, as it has been shown on multiple occasions that iOS is just as vulnerable and conversely that Android may be safer than you think. As cyber-attacks become stronger and more frequent businesses need to shift their focus onto building a solution that can withstand these attacks rather than trying to prevent them.
Diving deeper into the statistics will reveal how Google is truly committed to making their OS as secure as possible. In 2016 they reported more mobile vulnerabilities (316) than Apple (290) for the first time in their history. While this may sound like a bad thing, you must consider that there are far more devices on Android than iOS and that vulnerabilities reported are vulnerabilities they were working on addressing. In other words Google have not sat on their laurels, they have proactively worked to address the vulnerabilities in their OS and it shows. In 2017 Google reported 2 billion monthly active users while in the same year Apple had only just reached 1 billion in total iPhone sales. Attackers simply target Android because there is a higher chance of hitting the jackpot. From September 2015 monthly security patches have been released to plug any holes in the OS. This is to get ahead of any flaws in the systems created by malicious code in apps and unsecured pages in the browser that aim to access data on a device.
Fundamental to the Android vs iOS debate is the reality that no mobile device is truly safe. It is not enough to rely on manufacturers to keep devices and (more importantly with the introduction of GDPR) data safe. Companies have a responsibility to ensure their our mobile security and there are many solutions that can be employed to minimise downtime, log who accessing data and put you in control of your data. These solutions like Enterprise Mobility Management and encryption services are only deployable on open source phones though. Hence the down fall of iOS as a business mobile operating system.
As such contrary to popular belief among many iOS loving consumers Android’s open-source design may actually be why you should consider it as a necessity for business phones. Put simply it allows for greater control over devices and data than iOS. The open source nature of Android allows IT departments to deploy device management software on their devices, something that is very difficult to implement on iOS devices. This allows IT departments to closely monitor data by seeing who accesses any piece of data and what they do with it. On the other hand Apple stringently restricts access to iOS source code severely limiting the third-party device management capabilities. While this has long been hailed as a reason their devices are secure it also means IT departments are handing control over device and data security to Apple without fully knowing who has access to it or if it is truly secure.
Samsung have taken this opportunity into their stride with the development of Knox building next level defence and security software straight into devices offering ‘next-level encryption’ out of the box. When you pair these devices with powerful Enterprise Mobility Management (EMM) solutions such as SOTI it can create a robust environment where data - not just the device - is secured and encrypted. This level of security is unavailable on iOS due to Apple having dictatorial control over its software. Utilising EMM software gives a company visibility of who is accessing specific data articles on which devices and keeps audit logs allowing IT departments to monitor threats before they escalate. In a business environment across a fleet of mobile and smart devices this level of control over devices is fundamental as the standard of data protection shifts rapidly in 2018.
With GDPR fast approaching businesses will need to be absolutely certain where data is stored and who is accessing it as the repercussions for data leakage are astronomical. With iOS you are not afforded the opportunity to take responsibility of your own data, instead you are forced leave it in the hands of Apple who have questionable motives. With Android you have the freedom to add whatever measures you see fit to uphold the integrity of your device and data by the means of device management software. The fierce debate around who is winning the race to market leader, Android vs iOS, will continue to rage in the consumer market. However for IT departments looking to protect not only the fleet of company devices but the network infrastructure as a whole and most importantly data itself in a business context, Android seems to have firmly pulled ahead.