March 01, 2013

RSA 2013: iOS safer than Android due to open app model, patching delays

iOS devices continue to be a more secure option, but that hasn't hurt Android's popularity among consumers, according to mobile experts.

Thanks to Apple's tightly controlled mobile "ecosystem," threats are not as prevalent on its devices as on Google's Android, which promotes a freely exposed code model that gives users the opportunity to download applications outside of its official marketplace. However, according to Collin Mulliner, postdoctoral researcher with the SECLAB at Northeastern University in Boston, that's what makes the platform "not as safe as iOS."

Android devices do not remotely update, which allows for cyber criminals to take advantage of vulnerabilities if users don't reboot, Mulliner said.

"The problem with Android is that most people have old versions on their phone," Mulliner said during a mobile security panel discussion Thursday at RSA Conference in San Francisco. "One of the most important things in software security today is the ability to remotely update."

According to the "McAfee Threats Report," Android malware nearly doubled from the second quarter of 2012 to the third. Many of these threats are attributed to third-party markets that are responsible for the spread of malicious apps. But that hasn't hindered the platform's use among consumers.

Although Windows and Blackberry recently released new devices, Charlie Miller, security engineer at Twitter, said iOS and Android will always be the preferred choice.

"We're so embedded in these two big players," Miller said.

Although iOS is the more secure mobile platform, Dino Dai Zovi, co-founder and chief technology officer at Trail of Bits, said Android's malleable structure is what entices users. Ultimately, he said each platform's unique attributes play off of one another, spurring more advancements in mobile technology.

"That bipolar dichotomy will be beneficial for both platforms," Zovi said. "The Android model allows for more innovation, but the question there is if the [risks associated] with security will be too much."

Down the road, Mulliner said he hopes that Android's openness will ultimately lead to its enterprise-grade security.

Related Articles
Related Topics

Sign up to our newsletters

More in RSA 2013 News

RSA 2013: Manipulation, then password theft, is the modus operandi of advanced ...

A session on spear phishing dissected a slew of attacks used against organizations.

RSA 2013: CISOs make security - and business - sense of new ...

CISOs shared ways IT security professionals can attain the corporate support they need to implement evolving technologies into their security programs.

RSA 2013: Foreign cyber spies setting eyes on U.S. solar energy industry

Researchers at AlienVault are tracking the moves of a highly skilled espionage group, likely nation-state backed and operating out of China, that has hit two U.S. manufacturers of solar panels.