RSA 2013: iOS safer than Android due to open app model, patching delays
iOS devices continue to be a more secure option, but that hasn't hurt Android's popularity among consumers, according to mobile experts.
Thanks to Apple's tightly controlled mobile "ecosystem," threats are not as prevalent on its devices as on Google's Android, which promotes a freely exposed code model that gives users the opportunity to download applications outside of its official marketplace. However, according to Collin Mulliner, postdoctoral researcher with the SECLAB at Northeastern University in Boston, that's what makes the platform "not as safe as iOS."
Android devices do not remotely update, which allows for cyber criminals to take advantage of vulnerabilities if users don't reboot, Mulliner said.
"The problem with Android is that most people have old versions on their phone," Mulliner said during a mobile security panel discussion Thursday at RSA Conference in San Francisco. "One of the most important things in software security today is the ability to remotely update."
According to the "McAfee Threats Report," Android malware nearly doubled from the second quarter of 2012 to the third. Many of these threats are attributed to third-party markets that are responsible for the spread of malicious apps. But that hasn't hindered the platform's use among consumers.
Although Windows and Blackberry recently released new devices, Charlie Miller, security engineer at Twitter, said iOS and Android will always be the preferred choice.
"We're so embedded in these two big players," Miller said.
Although iOS is the more secure mobile platform, Dino Dai Zovi, co-founder and chief technology officer at Trail of Bits, said Android's malleable structure is what entices users. Ultimately, he said each platform's unique attributes play off of one another, spurring more advancements in mobile technology.
"That bipolar dichotomy will be beneficial for both platforms," Zovi said. "The Android model allows for more innovation, but the question there is if the [risks associated] with security will be too much."
Down the road, Mulliner said he hopes that Android's openness will ultimately lead to its enterprise-grade security.