Free Newsletter

Symantec: Android and iOS differ widely on security

Both are built from the start for secure access, unlike PCs, but both have vulnerabilities for enterprise users


Published: 29 June, 2011

READ MORE: Security | Android | iOS

Security issues dog all the mobile operating systems as they become full applications platforms with their doors constantly open to the network. Android and Apple iOS have both paid close attention to security features from day one, but neither quite commands the full confidence of enterprise users, according to security specialist Symantec. And for companies looking to deploy either OS, their characteristics in this area are very different.

The vulnerabilities created by these two mobile platforms are not the same, according to the new Symantec analysis, as reported in NetworkWorld. The report, 'A window into mobile device security', was written by the company's chief architect Carey Nachenberg, who set ou to to analyze the core security architecture of iOS and Android and their potential vulnerabilities.

Both support traditional password protection, which can be controlled by administrators, though iOS scores more points in this respect by enabling remote device wiping when security is compromised.

One of the biggest differences between the two OSs is their approach to 'application provenance', or the process of certifying and vetting an app publishing it in a store. Apple is more stringent, with its famous control freakery around App Store, which is the only source for iOS software. Apple also offers corporations a signing certificate that lets them distribute iOS apps to their users internally, bypassing the App Store. By contrast, Google has no vetting of Android Market, and apps can be taken from other sites too. "In effect, Google lets you create your own signing certificate and public/private key pairs," writes Nachenberg.

Apple also seems to shine more brightly in data encryption, with built-in hardware encryption for all on-device data. However, the key is stored on the device and the data can be decrypted if someone gains physical control of the device. Apple does not use a more secure, secondary level of encryption, but the commonly used Android 2.2 and 2.3 have "no encryption at all'. There is an encryption option in Honeycomb, but it has to be activated by the user and takes an hour to run the first time.

Both platforms make use of isolation and permission-based access control, and data associated with each app always remains private to that program. However, an Android app can read the entire contents of a plug-in SD card, Nachenberg says including any sensitive corporate data that might be on it.

In the end, Android places more responsibility on the user or IT department to set policies and activate security, but for both OSs, in the immature world of mobile security, Nachenberg's final recommendation is to 'protect information, not devices. What types of information can your user gain access to£ If you limit this, it won't get onto the device in the first place."

Related Stories


  • email story Email
  • print story Print
  • digit digit
  • facebook facebook
  • Twitter Twitter
  • Linked-in Linked-In
  • Comments (0)


Add Comment
No comments yet. Be the first to add a comment!

    BYOD: Market Analysis and Forecasts

    An in-depth insight into the rise of BYOD policies within the enterprise and analysis of the impact the trend will have on IT departments,...

    Voice Command, Control and Search on Mobile Phones: Market Analysis & Forecasts

    This report provides a comprehensive insight into the growing importance of voice command, control and search on handsets, analysing...

    Data Centre Network Equipment: Market Analysis and Forecasts

    This report provides a global assessment of the data centre network equipment market. Besides assessing the key market trends, sub-markets...

    HetNet Market Summary & Forecasts: Macro Cells, Small Cells & Wi-Fi Offload

    Carriers are struggling to cope with the explosion of data traffic on their networks, and the additional deployment of LTE and legacy...

    Over-the-Top Communications: Threats & Opportunities for Mobile Operators

    This report examines the implications of widespread adoption of mobile over-the-top IP communications for mobile operators, handset...

    Portable Gaming Consoles: Market Analysis and Forecasts

    This report provides a global assessment of the PGC market. In addition to assessing the key market drivers, market barriers, vendor...

    Satellite Phones: Will Dual Mode Help the Phoenix Rise from the Ashes?

    Satellite phones have followed an arduous path since their much-hyped launch more than a decade ago. The hype was followed by an e...

    Mobile Widget Platform Market Analysis: Understanding the Business Case and ROI

    This white paper presents an analysis of the mobile widget platform market, as well as metrics supporting a mobile carrier?s busin...


You must be a registered user to post a comment. or
Username *
Email *
Comment *