Cellphones have seen one of the most dramatic technological growths of any hardware in recent history. From simple portable phones a few decades ago, they’ve become fully-fledged computers with their own OS and applications used daily by most people worldwide.
Smartphones have become such a fixture of life, and hackers and scammers have been working to exploit these devices for personal gain. With over 3.2 billion smartphone users worldwide, it’s not hard to see why it has become a hotbed for all types of cyber threats, from malware to phishing.
At this point, it’s fair to say that the mobile market is firmly divided between two main operating systems: Apple’s iOS and Google’s Android. Over the years, both companies have made several improvements in both their hardware and software to keep their users as safe as possible.
However, the onus is still mainly on users to be aware and prepared to counter most cyber threats.
This article will explain what an operating system is, review iOS and Android’s various security features, their vulnerabilities, and the types of threats they face, and, of course, offer some mobile security best practices.
What is an operating system?
Source: TechTarget
An operating system (OS) is a fundamental software program that intermediates computer hardware and user applications.
It handles tasks like managing files, running programs, and taking user input. It also controls allocating resources like memory and processing power, ensuring everything is used efficiently.
But perhaps most importantly, the OS is vital in keeping your device secure. It sets up access controls to protect your data and ensures that only authorized users can access it. It also handles things like encryption to keep your information safe when transmitted.
Overall, the operating system is the behind-the-scenes hero that keeps your device running and your data secure.
Security Features
The overarching theme for all the comparisons in this article will be centralized vs. decentralized. Apple famously maintains a firm grip on its OS, devices, and app store.
On the other hand, Google licenses its OS to numerous hardware companies, even allowing them to customize it, and is far more lenient regarding what apps can do on Android phones.
While Apple’s philosophy can lead to a boring and constraining experience, it certainly leads to a safer one. Users always know what to expect, and since all apps must respect a common design philosophy, it’s easier to train people on the signs of a hack or scam.
All iPhones also have similar hardware, meaning all users can have the same expectations regarding chip security. However, this also means that one simple vulnerability will affect every iOS user simultaneously.
It can be challenging to gauge the security levels of Android at times simply because they potentially have very different experiences, especially hardware.
For example, users can count on a secure device when they buy a flagship Samsung phone or Google’s own Pixel line, but smaller device makers could easily cheap out on the hardware and lead to problems down the road.
Additionally, Android apps have virtually no restrictions on the type of data they can ask of users. This often isn’t an issue since the OS lets you pick and choose the permissions you provide, but it certainly adds an extra layer of attention required from the user.
Vulnerabilities
Apple long had a reputation for being less prone to hacks, but those days have come and gone. When this misconception emerged, it was simply because Apple’s desktop computer had such a small market share that it wasn’t as appealing to hackers to write malicious code for them when they could affect many more Windows machines.
Apple has a fairly good reputation hardware-wise, and they mostly keep their systems locked down. Even the NFC chip is locked and can only be used through their proprietary Apple Pay protocol. Their main vulnerability comes from apps.
While the App Store has famously stringent rules of operation, certain apps with code flaws have slipped through.
Google’s main vulnerabilities come from the complete decentralization of its operations. Since they license their OS to multiple hardware makers, it inevitably ends up on cheap phones with below-par security features.
Google Play is a much more permissive marketplace and has allowed several apps that were simply straight-up malware to be hosted on its servers over the years.
OS Updates
The way the two companies disseminate updates to their OS is also diametrically opposed. Apple performs regular updates on iOS and launches a brand-new version every 2 to 3 years.
Once it is released, every iPhone gets it at the same time, except in certain countries where Apple has deals with cellphone providers to launch it when they approve.
Android not only receives fewer updates, but certain users may also be behind several versions depending on the hardware maker of their phone.
Samsung phones, for example, feature a heavily customized version of Android and often don’t get the newest Android update until its features are ensured to be compatible with the latest version.
The Scope of Mobile Security Threats
Source: StealthLabs
As phones became more and more like computers, the threats we faced on our desktops for years started to appear on smartphones. However, they have evolved to trick unsuspecting users. While they share the same name, most cyber threats are executed very differently on mobile.
Malware attacks
Mobile malware attacks happen almost exclusively through malicious apps downloaded by the user. These are far less common on Apple’s App Store and almost instantly removed when discovered, but they have certainly happened in the past.
Google Play has a much bigger malware problem, and users should be wary of downloading an app before studying the app page, the developer, and the reviews.
Social engineering
Phishing is extremely prevalent on mobile, and while it can still happen via email, the majority of attacks are done over text messages and messaging apps like Facebook's Messenger or WhatsApp. These apps are OS agnostic, so all users should be wary.
Unlike email, there are no domains or graphic design elements to double-check to detect a hacker. Users must instead study the grammar or spelling mistakes that scammers might have made in their messages and log on to their accounts separately instead of clicking links in the messages.
User Data Privacy
One of the hottest subjects in recent years, many people and companies are now concerned with the way technology companies use the data points they collect. Phone makers have made improvements to at least be more transparent about their process, but there is still a lot of work ahead.
Apple’s approach has been to lock down all user data usage. Since recent updates to iOS, apps like Facebook can’t even use iOS retargeting data for their advertising business. However, Apple might still use that data for its purposes; no information to confirm or deny this has surfaced.
Google’s main business and source of revenue is advertising. From the beginning, their differentiator was always the accuracy of their audiences and the high level of targeting they allowed. They’re able to do this simply because of the sheer amount of data they get from products like Gmail and Android. Additionally, Android allows third-party apps to collect user data with little to no restrictions.
App Store Vs Play Store
Most of the mobile cyber threats users face come from their apps. In that regard, the App Store does far more to protect its users. Apple’s marketplace is known to be strict, and every app is carefully reviewed before being added to its ecosystem.
This also means that things can be swiftly fixed in the event of a bad actor, and Apple itself is the only potential point of vulnerability.
Google’s approach is much more lenient, and it has caused major issues in the past. Despite many efforts to improve, the Play Store is still not an entirely safe platform. Many malware apps are still present, as well as various payment scams. The situation can get even worse on phones with proprietary app stores like Samsung and others.
Third-party Security Support
Both operating systems offer a slew of third-party security apps to beef up the cyber security features of your smartphone appropriately.
Apple’s security measures are intense enough that you probably won’t require extra help, such as a VPN or adblocker. However, a third-party password manager is a must. Apple has recently authorized some third-party apps like LastPass and 1Password to fill passwords directly into other apps for ultimate convenience.
Once again, Android suffers particularly from its fragmentation in this situation. The inherent security measures are probably enough on high-end flagship phones like the Google Pixel and Samsung Galaxy. However, if your users carry lower-end phones, you’ll want to equip them with a VPN and adblocker to be safe.
Best Practices For Mobile Security
Smartphones have come a long way in improving their cyber security, but the first line of defense is still an aware and careful user. Here are some tips to remain as safe as possible while on mobile:
- Use a password manager. Many apps now allow you to fill your passwords in any app without switching and drastically improve your security across the board.
- Be wary of public Wi-Fi. By nature, users are bound to want their mobile devices in unfamiliar places. Be mindful of the networks you connect to, and don't use a public one to access sensitive data like a banking site.
- Enable remote lock and data wipe. iOS and Android both have this option, which can be a lifesaver in case of a stolen or lost phone.
- Always do your updates. OS updates often feature numerous security fixes or patches against vulnerabilities. You should always do them as soon as they become available.
- Lock your phone. Whether through a passcode or biometric data, all mobile devices should be locked.
Which OS Is Best?
At the end of the day, iOS and Android are great operating systems with formidable levels of cyber security. As long as your Android phone is made by a reputable company like Google, LG, Samsung, or another household name, you shouldn’t worry about the device’s inherent security features.
As with any other cyber security concern, thinking twice about every mobile interaction is the most important thing. Remember that it could always be a malicious attempt, whether an unfamiliar app or a text message from an unknown number.
The choice of which OS will be best for you is purely a personal preference. Similarly, the level of security you will experience depends on how you use your smartphone. As long as you are aware of threats, don’t jailbreak your phone and only use reputable apps; smartphones are an amazing and safe technological tool.
Cyber Security Hub: Access Exclusive Cyber Security Content
Check out our CyberHub to learn more cyber security tips for any situation.