Android and iPhone OS (iOS) have been at loggerheads for quite some time now. This is a take on which has a better security model to protect its users. I thought of writing it up because there have been a lot of discussions around me lately about which platform is more secure and I keep repeating the same points over and over at every one of them, so thought that in future I’ll just point them to this page 
Disclaimer:
A. I don’t guarantee this post to be absolutely correct as I’m no security researcher or expert but I do have some interest in this field and I’ve been a developer for some time now on different architectures and OSs especially at OS/driver level and that too in the mobile devices field, so I “might” actually be right about a few things here and there..
B. I’m an android user myself but not of the fanboy variety. I’ll be happy to switch camps any day I get something that appeals to me better. I have love and hate points for almost all platforms available but I’m using android because “for me” it’s love points slightly outnumber the hate points.
OK, on with the points then. Here is the table that I created for this showing points I considered and which side wins each. Don’t start flaming me though just by seeing the table I will be discussing the points as well below it.
I will be discussing the points as well below it.| Android | iPhone | |
|---|---|---|
| Distribution Medium Security | ||
| Approval Process | NA | NA |
| Phishing | Lose | Win |
| Local Security | ||
| Permissions | Win | Lose |
| Environment/Sandbox | Tie | Tie |
| Open vs Close | Slight Win | Lose |
| App Development Model | Slight Win | Lose |
| Damage Control | Tie | Tie |
| Summary | ? | ? |
1. Distribution Medium Security: Apple vets every application that is put on the app store while Google’s Market Place is unrestricted. How does this affect you security wise?
a. Approval Process: The biggest myth is that the vetting process is what will save you from malware on app store. IT WON’T. The Apple app approval process isn’t defined anywhere but in general it just states that it checks for apps to do what they say they will do. But they don’t check the source code of the apps and static analysis of binaries can only take you so far (Heck, they have even been inept at catching a whole lot of apps that were using their disallowed private apis which can be found easily using simple tools) . So, anyone actually wanting to write a malware can do it trivially by making the malicious code to run after the app has been approved. The trigger could be time based or could even be done over the web remotely. The app could even have encrypted payloads or download new pieces of code over the web and run them. So, we can safely say that approval process is something that can’t make things secure for you that way.
Result: No one wins
b. Phishing: This is where App store can protect you if someone put an app claiming to be from someone that it isn’t. e.g. Someone could make an app that claims to be from “Bank of America”. In apple’s case, I’m 99.99% sure that the app won’t pass the screening but in Android’s case, there won’t be any hassles for it to reach the marketplace. It could be pulled soon after as google learns about it but still even one person’s damage here is much more than what would have happend on iPhone.
Result: iPhone wins
2. Local Security: What about the security in the OS itself once an app is on your phone? This is an important question because 1.) As I noted above, Apple’s app screening process isn’t robust enough to catch malware 2.) People can bypass the official distribution medium easily. Android allows to install apps from other sources on most phones by just enabling an option and a huge number of people jailbreak their iPhones and get/use this capability.
a. Permissions: On Android, an app has to explicitly declare what capabilities/data of the phone it wants to access/use and the user has to explicitly give it those permissions before it is allowed to install, irrespective of from where/how this app is being installed. So, it works even if you are installing the app from your SD card and even if you have rooted your phone. On iPhone, there is no such mechanism of restricting apps. All apps are equal and can access a lot of resources unhindered without the user knowing. So, while installing a single player only game on android you can immediately be suspicious if the app is asking for internet connection or access to your contacts data but on iPhone you will not come to know about this.
Result: Android wins
b. Environment: On both platforms, the apps run in their own sandboxes with unique uuids
Result: Tie
3. Open vs Closed: Most of the Android code is open source while for iOS, only darwin kernel and some other things like webkit etc are open source. Now, this in itself doesn’t gurantee to make Android secure but its code does get a lot of scrutiny from open source community as well as lot of other big name companies with commercial interests in Android which allows it to find and fix more bugs and loopholes than iPhone can.
Result: Slight win for Android
4. App development model: Most apps for Android are written in java while those in iPhone are written in C/Objective-C. While I’m myself a big time C lover (Majority of my coding is in C/CPP) but it is indeed a very unforgiving language where you need to be very careful with what you write and has much greater chances of exploits, .e.g, Buffer overflows, as compared to java (Interestingly, all the jailbreaks for iPhone OS have been done using such exploits and have been made available day 0/day 1 mostly.)
Result: Slight win for Android
5. Damage Control: What if an app actually got through everything on any of these platforms and started spreading? Both of these platforms have kill switches in the hands of Google/Apple which they can use to remove such malicious apps from the users’ phones remotely.
Result: Tie
Summary: Well, there is no clear winner. Apple is quite good when it comes to protecting you from phishing (though that advantage goes away if you jailbreak and use alternative means to install apps) and Android has a real sound local security system (though it also has the flaw that users might not always understand why an app is requesting a certain critical permission and install it anyways). So, take your pick and let me know what you picked 
and please do tell me if I’m wrong in any of my points or missed out on something that needs to be compared.
and please do tell me if I’m wrong in any of my points or missed out on something that needs to be compared.
Its also important to point out there is work ongoing that incorporates selinux into android. Id have to disagree with the phishing ruling though as I see neither having the advantage here. Just because its corporate approved and “sanitized” says nothing about scum ware inclusion.
@D: Thanks for the comment. I didn’t include the SELinux things because I wanted to concentrate on the things that are currently present because it won’t be fare to share something in future for android because we don’t really know what is going on in the iPhone camp for the future.
About the phishing part, I mentioned iPhone as having the edge here because the Apple approval process is better in this regard of personal contracts, so big level phishing, e.g., me impersonating a big name bank, would be very difficult through app store but Android has already faced this some time back around december/jan..
Any thoughts on file encryption? As mobile devices become more and more powerful with even more storage, we end up carrying our lives on it making it a very bad thing if stolen or lost.
@Mahou: I had considered encryption but none of the two platforms do any file level encryption natively. They do however allow apps to store their data in encrypted databases, which is again a tie.
Maybe a better expression for “at loggerheads” would be “at odds”.
[...] . 原文出處:Android vs iPhone: Security Models 【吃食】趴趴走* [...]
would appreciate if you could update this article in the future to reflect new changes, which should be well worth a bookmark of this page. I also agree that you can add an item with something like “native encryption”
Also want to say it would be better to show the more detail on each item instead of using win/lose. Sometimes there isn’t such thing as win or lose situation. It’s just how each company views an issue. For instance, some people believe open source isn’t more secure than close source.
Thanks for the info on SELinux. this feature is a big plus for me.
I do prefer android a bit more so far except that kill switch ‘feature’ which always makes me feel big brother is watching.
@Jam: Yes, I do plan to keep updating this article. In fact, I already have some updates based on more info I found through comments here, some other forums where this post is being discussed and also while discussing this among my friends..
And about win/lose, yeah I know it is not the way to go about it.. That’s why I made the table which shows this summarily but also tried to explain the points below..Though I admit the explanations could use some more details which I’ll be adding in a couple of days.
Thanks for your suggestions. Please do check back in a couple of days.
Not only the iPhone but many different mobile devices can represent threats to security in an organisation. Not all mini-netbooks and smartphones are suitable for work – in the quest for a mobile office the need for mobility has to meet security and efficiency requirements in order to be safely adopted in business.
https://plannetplc.wordpress.com/2010/06/22/quest-for-a-portable-office/
Just want to say that I like the article and the other one “Android Froyo and Nexus One: Everything we know”. Well done. Waiting for your promised updates.
Perhaps the most important attack vector for malware is social engineering, i.e. tricking the user into harming themselves. Would appreciate a realistic comparison of this for these platforms.
[...] one was indeed correct (e.g. The Russian Trojan app). We also know that Android has a very good security model but even then, the rest of the reports also makes one think and focus on why an apps requires the [...]
[...] one was indeed correct (e.g. The Russian Trojan app). We also know that Android has a very good security model but even then, the rest of the reports also makes one think and focus on why an apps requires the [...]
[...] http://tech.shantanugoel.com/2010/06/26/android-vs-iphone-security-models.html [...]
[...] Android vs iPhone: Security Models [...]
[...] this may not be the case and the iOS versus Android operating system security issue is an often hotly debated topic on the [...]