I know its ironic as an aspiring cybersecurity expert typing this out on my iPad saying that Android might become more secure than iOS, but apparently my headlines aren’t catchy enough. Here we go.
1. Android is more flexible than iOS
Because Android has the ability for developers to implement the parts that mean the most to them they are the most flexible devices. Just think about how many smart devices use Android as their operating system. They can turn on and off practically whatever they want. Just a quick search for “most secure phone of 2020, and you will find the Bittium smart phone on the top of the list. Guess what. It runs Android.
2. 0 Day Bugs are more prevalent on iOS
Apparently Google’s Android team has been strengthening Android’s security and making it more difficult for hackers to find and exploit 0 Day exploits. Based on a tweet from a well known security expert and Zerodium, a site that pays for exploits on certain platforms, they are not paying out for 0 day bugs on iOS 13. Hopefully iOS 14 is more secure but time will tell.
3. Paid bounties are more for Android
If you don’t know anything about the way bugs are fixed in many operating systems, it is a relatively long and complicated process, with lots of vectors to submit. Bug bounties are the most popular for security submissions, since companies want to get them patched ASAP. An exploit is bad for business and bad PR, especially if it leads to a high profile breach. Recently Apple and Android switched places for the most paid for a security exploit. With Apple reducing payouts for bugs, and more 0 day bugs showing up in Apple, pure economics kick in and it becomes more economical to sell the 0 day exploit than to submit to Apple or bug bounty collectors. As mentioned in point 2, Zerodium started paying 2.5 million for a “full chain (Zero-Click) with persistence” 0-day exploit. That’s 25% more than Apple at 2 million. In this case, more money is better, because they are harder to find.
4. Open Source Vs. Closed Source
While Android is open sourced, Apple is closed source. While being closed source is more common in the software development world, being open sourced has its benefits, where security vulnerabilities can generally be found and patches implemented quicker than closed source development. Or if a developer that uses Android as their base OS finds a security bug can implement a fix faster if they think a threat would impact their user base over another threat. All iOS bugs have to be fixed through Apple, and a developer and user have to trust that Apple will keep their information safe.
5. More Users
Typically the more users you have the more bugs, including security bugs, are found and reported, because of the larger market share. Apple, while it has a huge user base, only has 13% of all devices on the market, while Android has a whopping 87% market share. While its not the be all and end all, it certainly can make a difference in finding and fixing vulnerabilities.
Finally
Generally speaking, while Apple IS a very secure platform, Android has been competing to become a very secure platform and in my opinion, will likely become a more secure platform than Apple in the near future. As Apple plays catchup on features to gain market share, they will likely have to balance the threats with the users wishes to be more flexible. The more you open up, the harder it is to fix every bug from every possible vector. While Microsoft has done well with similar issues, they also have a much larger market share, and have a much more open OS that allow people to make in depth changes like they would on Android to help with security vulnerabilities. Apple doesn’t have that flexibility. In the long run I think it will hurt them, and give Android a greater probability to shine.
Comments