Apple Vs. Android: Which Smartphone Platform Is Safer?4:00 PM EST Mon. Mar. 04, 2013
Several prominent security researchers who focus on smartphone, tablet and embedded device security recently opined on the mobile platform they believed was most secure. During a session at the 2013 RSA Conference, the researchers said security vendors need to treat mobile devices differently, rather than trying to apply common desktop security technologies to mobile. While SMS Trojans are currently the most aggressive threat, future attacks may involve Trojanized mobile apps or an assault that leverages the mobile carrier architecture itself, they said.
Tiago Assumpcao, a senior security consultant at IOActive, said he would choose Apple iOS. The company is so concerned about digital rights management (DRM) and attaching its own assets that it did a good job of implementing security with regard to its own operating system, he said. When asked which platform he would use if he had to visit a malicious website, the researcher chose the BlackBerry 10 or Windows Phone. He said both devices have low adoption rates and therefore wouldn't be the target of attacks.
Charlie Miller, a well-known security researcher who was recently hired by Twitter, didn't identify the safest platform. Miller, who is known for his research on Apple vulnerabilities, said he would give his grandmother an iPhone, not an Android device. And if he was forced to visit an attack website with a smartphone? Miller said he would use a Nokia flip phone or, as a last resort, an iPhone.
Dino Dai Zovi, co-founder and CTO of Trail of Bits, said his first choice would be an iPhone because of the security protections built into the device. It runs apps in a restrictive sandbox and limits access to the kernel, making it extremely difficult for hackers to gain complete control of the device, he said. Those protections combined with Apple's highly controlled App Store makes it the safest platform, he said.
Collin Mulliner, a postdoctoral researcher with the SECLAB at Northeastern University in Boston, defended Android devices. Mulliner, who has published security research documenting a variety of vulnerabilities in smartphones and embedded devices, is known for his work publishing the first remote code execution exploit based on the multimedia messaging service (MMS). Mulliner said Android's open platform gives users more options and the market the opportunity to build better products. Despite his affection for Android, Mulliner admitted that Apple's iOS is tightly controlled and any walled garden is always more secure, he said.