Table of contents
- What is the difference between the two operating systems in terms of information security?
- Common security concerns
- The main problem of smartphone security
- How to protect yourself from hacking
- So which is more reliable: Android or iOS?
According to the
BBC for 2021, the modern person uses his smartphone for about five hours a day. Photos, conversations, browser history, user activity and payment data – a modern smartphone literally knows everything about its owner.
In this regard, there is an increased interest in the security of personal devices and the security of the data that is stored on them. In this issue, the whole world is divided into two camps: those who are for Android, and those who are for iOS.
In this article, we will analyze the main aspects that affect the security of mobile operating systems, which one is preferable in terms of security, what threats exist, and how to protect your phone from cybercriminals.
What is the difference between the two operating systems in terms of information security?
The difference between the two systems is really significant. It's not for nothing that there are many jokes and memes about the inconvenience of switching from Android devices to iOS. First of all, it is worth mentioning the fundamental differences that are caused by the economy, that is, the business model and distribution methods that companies use.
Valery Stepanov
Head of the Competence Center for Information Security T1 Integration
Two indisputable facts: Android is much more popular than iOS in the world and the probability of detecting vulnerabilities in the Android source code is much higher. Consequently, more people are potentially at risk. This is because the main difference between iOS and Android in terms of cybersecurity is the fact that Android is an open source system. Android devices are easier to root: it includes removing restrictions set by the device manufacturer and installing unauthorized programs.
Thus, iOS is a product for one specific line of smartphones, and Android is an open OS that is used by many companies, such as Samsung, Huawei, Xiaomi and some others. Thus, a number of advantages and disadvantages of operating systems are due to the very attitude of companies to their product.
Anton Kuznetsov
Leading Information Security Engineer at R-Vision
If we talk about the difference between these operating systems, then it is worth highlighting two key differences: in the application architecture and in the control of the app store: AppStore/Google play.
In this case, Apple takes a more advantageous position: you can install only those applications that are available in the official AppStore. At the same time, all applications submitted to the AppStore undergo a thorough security check before entering the store, and their developers are subject to stricter control.
As for the architecture, iOS uses an isolated environment for running each application, which means that malicious code will not be able to leave this container and thus harm the system and its user. But there is also old code in applications that allows you to install Pegasus spyware, for example, via iMessage. It is important to understand here: that such an attack is costly and there is no point in following ordinary users, and Apple also released a special protected mode some time ago, which prevents hacking.
In turn, Android is an open source operating system. This means free access to the source code for any software developer who can change and publish their OS version. And, as a result, Android devices are more likely to detect vulnerabilities. According to numerous research reports in this area, Android devices have more malware infections than Apple devices.
If we take a closer look at the issue of app stores, then Apple's advantages in the coming years may be offset by new EU legislation that will oblige OS manufacturers to
allow the installation of applications from third-party stores. Apparently, this will happen in 2023.
The monopoly on app stores also became a serious problem for Russian users this year, as they could not download or update the apps of companies that were included in the lists of European sanctions. This gave rise to a number of interesting ads on various ad platforms. For example, on Avito, they tried to sell a phone with the Sberbank app installed for
15 million rubles.
Along with such funny cases, the demand of ordinary users for the services of people who can hack a smartphone, that is, "make a jailbreak", has also increased. A significant proportion of such offers on various sites look extremely dubious, and users are at great risk of getting malware instead of the desired application (or bundled with it).
It is also important not to forget that updates, including those related to device security, are released only for current smartphone models. In the case of the iPhone, tracking this factor is quite simple, but Android devices from different manufacturers lose support quite quickly and chaotically, since there are many companies using the Android OS.
Daria Zubritskaya
Marketing and Communications Director of the digital travel management and expense management platform Raketa
A common measure for both operating systems is update monitoring. The user should keep track of how up-to-date the installed version of the operating system and applications are. As for the Android operating system, the most important thing that a user can do is to prohibit the installation of applications from unverified sources. The user should not install applications downloaded from various sites and forums.
The main drawback of Android devices is that manufacturers do not support the device for long enough, update the operating system version to a new one, and also do not release security patches. Because of this, Android-based devices quickly become vulnerable and manufacturers do not seek to eliminate this.
Thus, in terms of" starting positions", iOS currently offers a higher level of protection than Android. On the other hand, Android offers a lot of variability: the user can flexibly configure the security of their own device, use as protective programs from the markets, such as Kaspersky Lab antivirus, or use a variety of tools from third-party sources that they deem necessary.
Common security concerns
The most obvious problem for both operating systems is the physical security of the device. Relatively speaking, when handing over your device for screen replacement to a service located in the middle of a shopping center, almost no one thinks about what manipulations a specialist performs with it. It is quite difficult to control it without proper knowledge, so it is better to use trusted services or certified centers of the manufacturer.
Anatoly Peshkov
Co-founder and CTO of Mad Brains
It is worth remembering that:
- first, devices and operating systems are still made by people, and they make mistakes (or even deliberately leave backdoors);
- secondly, the device does not live in a vacuum, so everything we do on it somehow leaves a trace: from packets flying on the Internet to data from the phone's hardware (connection to cell towers, communication with GPS satellites, and even traces of fingers on the screen).
So the security will never be 100%, you will have to accept this. But to give up the benefits of civilization because of paranoia is not worth it. You need to sensibly assess the risks and the need to share or hide some information.
It is also important to remember that OS developers are high-level specialists, but still ordinary people. Yes, people's work is partially automated with the help of source code analyzers and other tools used by most leading manufacturers. For example, Samsung and Huawei use the
Svace analyzer developed by Russian specialists. However, no automation tools can, at the moment, neutralize the influence of the human factor, so installing the next update is always associated with certain risks.
Anton Malygin
Senior iOS Engineer at Cogni
Both iOS and Android devices have some shortcomings in terms of information security. For example:
- Both operating systems can be used by hackers if the user becomes a victim of a phishing attack or installs a malicious application.
- Both operating systems can collect user data for various purposes, such as to personalize ads or improve user experience. This data collection can cause privacy concerns, although users can usually adjust their privacy settings to limit the amount of data collected.
Both operating systems may be vulnerable to physical attacks, such as when someone tries to gain access to the device by guessing the password or using physical tools to bypass security measures.
And the third aspect, which is typical for both OS and Android, is the "love" for the legal and legitimate collection of user data in a formally impersonal format. It is legal because it is not prohibited by law, but becomes legitimate at the moment when the user accepts the nth user agreement, which contains the agreement on the processing of personal data.
Ordinary users are often surprised that it is worth talking next to a smartphone lying quietly next to them (even if it is turned off) about some planned purchase-and when entering the search engine, it will immediately offer a trip abroad, a country plot or a marketplace for the sale of household appliances. It is important to understand that even turning off the device does not guarantee that it "does not hear" you. Removing the battery can partially solve this problem, but this is not possible with all models. The second option is to purchase a folder or a case-blocker, in which you can put the device during important negotiations, but there is a high risk of stumbling upon a fake that does not meet the stated characteristics and does not fulfill its functions.
The main problem of smartphone security
If you analyze search queries related to the security of mobile operating systems and smartphones, you may encounter the following::
- is it possible to hack a phone through a call?;
- hacking via text messages.
This, on the one hand, indicates the growing attention of users to the security of their devices. On the other hand, there is a low level of understanding of what "entry points" attackers can use and how to secure your phone.
Maxim Aferov
Leading expert in mobile development, Auriga
Unfortunately, absolutely all devices, systems, and applications have vulnerabilities. I continue to believe that the main vulnerability is the poor education of the users themselves. I would put another question-who is going to defend themselves against whom? If you are a regular user and you need protection from random attacks by not very experienced hackers, then any OS in the hands of an information security-savvy user will provide such protection. If the user is of serious interest for hacking (for example, a celebrity or a major official, businessman, or politician), then any device can be hacked if resources are available. But, as a rule, such users have their own information security services, whose task is to ensure the safety of their employer.
Can I hack my phone using VPO? Yes, there are a huge number of Trojans, keyloggers and other software tools that can be " delivered to the phone and get all the data. You can also encounter VPO online, for example, after entering payment details in an online store that is infected with a skimmer.
But in the vast majority of cases, an attacker will not use operating system vulnerabilities, but user "vulnerabilities", that is, social engineering.
A high-profile example was the events of August 31, 2014, when gigabytes of personal photos of many Hollywood celebrities were "leaked". The event received not only a loud response, but also its own
page in Wikipedia. The hacker simply sent messages to gmail and iCloud accounts asking them to confirm their credentials and a link leading to a phishing site.
It is important to understand that a high level of security for mobile devices consists of two factors:
- OS security;
- custom behavior.
If a user downloads apps without control, gives them maximum permissions, and leaves their user data on questionable sites – then you can only protect their privacy by "degrading" a modern smartphone to a push-button device that simply can't do anything more than call and send SMS.
How to protect yourself from hacking
The most important thing in the issue of personal information security is to understand two basic factors:
- personal data needs to be protected not only by the operating system, regulators or smartphone manufacturers, but also by a specific person;
- one hundred percent data protection is basically unattainable, you can only constantly reduce the risks to a minimum value.
Understanding these basic truths allows you to look at familiar tools from a new angle. For example, choose apps with a long history, check links before clicking, and use cybersecurity tools. However, there are a number of specific rules that can help protect your smartphone, regardless of the operating system.
Alexey Marinin
Senior Mobile App Developer, Independent expert
Here are 10 tips on how to protect your smartphone.
- Set a strong password for the device. A Google / Apple account, Face ID, or fingerprint will allow you to unlock your phone in public places without compromising your password.
- Set different passwords for your phone, account, and banking apps and email, so that if attackers get hold of your device password and unlock it (or snatch it out of their hands when it was unlocked), they don't get control of all your data and apps. In the apps themselves, you can configure them to log in using your fingerprint or FaceID, which saves you from having to constantly enter passwords.
- Use a password manager. You should not store such sensitive information in notes or create a universal password for all your services and applications.
- Link your device to your account so that if it is lost or stolen, you can remotely clear it. In this case, attackers will not be able to get your information.
- Update the software in a timely manner. In new firmware versions, smartphone manufacturers often fix vulnerabilities.
- Do not use outdated devices that companies no longer support. For example, Apple supports its devices for 3 to 6 years, depending on the model.
- If you have a phone running Android, you can opt out of third-party shells over the OS, and use a "clean" android. Potentially, this will significantly reduce the number of vulnerabilities.
- You can install antivirus software on Android devices, and this will also improve the device's security.
- On Android devices, I suggest that you stop downloading apps from third-party sites and alternative app stores. Using the official store offers will reduce (but not eliminate) the risk of installing malicious software
- Don't download questionable apps even from official app stores. The control system in such markets is good, but not perfect, and malware can slip through. By using a program with a large number of reviews from familiar companies, you will reduce this risk.
Separately, it is worth mentioning "VIP users", which means people whose personal data can become a target for hackers. These include politicians, pop stars, top managers of large companies, opinion leaders, and a number of other people. For this category of people, it is highly desirable not only to follow the general rules, but also to resort to consultations and services of specialized information security specialists. These can be full-time employees of the company's information security department or outsourced specialists.
So which is more reliable: Android or iOS?
Absolute reliability is not guaranteed by any system, since cybersecurity is a complex area in which the balance of software tools, user care and a number of other factors is important.
For one person, the best solution is to use a keyboard phone at all, since it works with extremely sensitive data and, at the same time, has little idea of how modern smartphones work and social engineering methods work, which is far from uncommon, for example, for older people.
Sergey Opivalov
Senior Software Engineer в Gradle Inc.
One of the disadvantages of Android devices is that they may be more vulnerable to malware and other threats due to the more open nature of the operating system. Android allows users to install apps from sources other than the official Google Play Store, which can increase the risk of downloading malicious software. In addition, Android devices may not receive updates as frequently as iOS devices, which may make them vulnerable to vulnerabilities that have already been fixed in newer versions of the operating system.
iOS devices, on the other hand, usually have more robust security features, including a secure download process and built-in encryption of data at rest. However, they may still be vulnerable to threats such as phishing attacks and malicious websites.
If we talk specifically about Android and iOS, then the operating system from Apple is more suitable for those who want to minimally delve into the security issues of their smartphone, and are ready to put up with some restrictions in user rights and device functionality.
Android devices are more suitable for those users who are willing to regularly spend personal time studying various tools and the very activity of their smartphone, and in return want to receive a potentially higher level of security than those users who want to receive security "as a service".
However, the nominal leadership of iOS in terms of security, it is likely to come to naught if regulators in different countries continue to promote the trend of unification of standards for smart devices.