Cybersecurity Matchup: Apple vs Android

A side-by-side breakdown

As the greatest software rivalry of all time, emotions can run high. So we decided to create a non-partisan fact-based analysis of Android's and iOS's cybersecurity profile.

As is frequently pointed out, the very first thing to notice about the two companies, Apple and Google, is what they're trying to accomplish. For Google, they have been very clear about their goal to put the latest technology into the hands of as many people as possible. In other words, Google's goal is to provide their users with the freedom to access and create their own tools, and trusts them to do so. Apple on the other hand, promises their users the very best experience that money can buy. What this means is that Apple first figures out what the best product looks like, and then delivers that product (and nothing but that product) to their end users. Simply put, Google sells freedom, while Apple sells experiences.

And this focus filters all the way through their respective business models, product offerings, and even marketing materials. Google creates open source software that is easily customizable by both their manufacturing partners and end users. Apple charges a premium for creativity-first products that have propelled the company to a trillion-dollar valuation. With that in mind, let's take a look at their security postures.

Market Size
According to recent reports, Android users are 50 times more likely to be infected by malware than Apple device users. Similarly, it's estimated that 97% of all malware targets Android users. Why is that? While Apple fans like to point to Android's open source model as the culprit, the truth is that with over 2.5 billion devices in the wild Android simply has a far greater market share than Apple. Naturally, then, hackers will look towards the largest target when crafting their exploits.

Furthermore, reports suggest that successful malware attacks are disproportionally distributed to older, cheaper Android devices, often running on poor internet connections in developing countries. As we've seen, Google has almost single handedly shouldered the burden of managing the world's mobile computing. This is squarely in-line with their goal of spreading the boon of technology as far as possible. But by making smartphones cheap and widely available, they've also presented hackers with a large target. Should we consider this a security flaw or merely the cost of doing business?

Open Source
Here is another way in which Google and Apple's corporate outlook affects their security postures. Apple is notorious for holding their cards close to their chest. Unlike Google, they don't publish their source code, nor do they allow manufacturers or programmers to tamper with their OS. Consequently, security patches are rolled out to all of their users all at once.

In addition, Apple flexes more control over their App Store. While new Android apps can be approved in as little as a few hours, iOS apps can take up to two weeks to be approved. As a result, very few iOS apps have been found to contain malware or viruses (and even then, these are often produced by security researchers testing the system). This is further bolstered by Apple's practice of sandboxing third-party apps in order to limit their interactions with other apps or the OS itself.

Again, the question is not which system is more secure, but rather would you prefer to have an OS that is optimized for a particular user experience or for widespread usability?

Hardware Integration
Even the most secure software needs to be supported by cutting-edge hardware. With their focus on consistency and security, Apple takes their time rolling out the latest hardware designs and functions. More often than not, Apple is not the prime (or even secondary) mover when it comes to hardware innovations. So, while Android-based manufacturers rely on their ability to be the first-to-market in order to differentiate themselves within the packed Android market, Apple can rely on their brand to retain their user base, even as they technologically lag behind their competition.

A good example is with facial recognition software. When Samsung released their version of Face ID, researchers found that it could be fooled by a picture of the person, leading Samsung to continue to recommend using the fingerprint scanner for enhanced security. However, when Apple later released their Face ID it was able to reject images as well as recognize a face even while sporting a beard or wearing glasses.

Finally, not all device manufacturers are created equal. Samsung continues to stand out as a security-minded company, with Samsung Knox coming pre-installed on most of their personal and enterprise smartphones, tablets, and watches. HTC and Nokia, on the other hand, have been less successful.

In Conclusion: With their one-size fits all approach, Apple delivers a more tailored experience. Android users, on the other hand, have an abundance of choices, and with more power comes more responsibility to avoid insecure apps.

Further Reading:
Top 10 Challenges Facing CISOs in 2022
9 Steps to Reducing Your Attack Surface
Securing the Cyber Supply Chain

About Silent Breach: Silent Breach is an award-winning provider of cyber security services. Our global team provides cutting-edge insights and expertise across the Data Center, Enterprise, SME, Retail, Government, Finance, Education, Automotive, Hospitality, Healthcare and IoT industries.