Written: January 10, 2017
Android is the world’s dominant operating system, running on significantly more devices than any other smartphone or PC operating system, and with several times the market share of Apple’s iOS in smartphones. And yet it has struggled throughout its history with both the reality and the perception of poor security relative to iOS in particular.
The most obvious reason is Android’s deliberate openness – whereas Apple’s iOS is tightly controlled from the App Store to default applications to browsers to content purchasing, Android is the Wild West in comparison. That’s a key part of the value proposition, and it’s served Google and its OEMs very well. But it also allows the installation of malicious apps and other vulnerabilities which iOS for the most part simply doesn’t suffer from.
On top of that, the loose nature of the ecosystem means that whatever is in the latest versions of Android from a security perspective, only a tiny minority of the installed base actually runs it at any given time. The rest of the base, meanwhile, has often remained open to threats which target older versions of Android and the vulnerabilities they offer. Google has reduced this threat somewhat over time with a parallel set of security updates which are fast-tracked by OEMs and carriers, but they still don’t reach all devices quickly.
Lastly, some vulnerabilities result from the fact that OEMs and Android aren’t as tightly integrated or the resulting devices as locked down as iOS from a security perspective. Fingerprint technology on the iPhone uses a secure enclave with encrypted data that makes it all but impossible to crack, especially when running the latest software on recent hardware. Android devices, however, have been looser when it comes to such elements, and that looseness has been exploited.
For all the legitimate criticism of Android as a less secure operating system, it has got better over time, and iOS isn’t exactly invulnerable either. The latter doesn’t suffer from the same vulnerabilities and the security problem on iOS is marginal in comparison, so there shouldn’t be any false equivalence here, but it’s a matter of degree rather than a binary yes/no situation. All told, however, iOS remains the more secure operating system by some way, and that’s likely to continue to be the case.