Sunday, December 9, 2007

Android's and iPhone's security compared?

When you see an article grandly titled, "Google's Android vs. Apple's iPhone: Which is More Secure?", what might you expect? That somebody has managed to compare the Android and iPhone systems in terms of:
  1. How easy it is to hack into the system, snoop around for information, control the system, etc.
  2. How easy it is to infect the system with virus, spyware and other such malicious software.
  3. How easy it is to prevent or clean-up after such attacks.
And similar other questions.

Instead, Kenneth van Wyk, a "20-year veteran of IT security" and "co-author of two security-related books", compares the two systems on the following basis and gives them the following grades:
  1. In Android, each application is assigned its own unique Linux user-ID at the time of installation and this ID is used to run the application. Where as, in the iPhone, "applications appear to all run with root (administrative) privileges on a single UNIX kernel". Based on this difference (and appearance), Android gets an A- grade and iPhone gets an F or "F-, if that’s possible".
  2. Android is an open system, which has led to at least one product vendor announcing the development of security applications. We have heard of no such thing about the closed iPhone system. Grades: Android B, iPhone D.
  3. iPhone has a well-developed and easy system for providing updates and patches through iTunes. We don't know of any such thing for Android. Individual handset makers will probably have to come up with their own update and patching process for their particular phones. Grades: Android INCOMPLETE, iPhone B+.
And, after this very arbitrary and subjective comparison, he declares Android to be the more secure platform!

Granted, at the very beginning of the article, Kenneth van Wyk, admits that there is no Android handset available right now for him to compare with the iPhone. So, this is an "apples and oranges" comparison. Nevertheless, this comparison and conclusion is not convincing enough.

In fact, it is very obvious that the open nature of Android, the ease of development of applications which control the phone's features and functionality, and the corresponding ease in installing such applications will see a proliferation of malicious software for the phone. The more popular Android becomes, the more threats there will be. It is actually a pretty scary situation to imagine something as personal as the cell phone being compromised. Imagine someone getting access to all your most personal information and conversations. Imagine someone using your phone to silently route expensive calls, for which you get dinged on your bill!

I think it is too early to comment on how secure future Android handsets will be. We can comment only on what is available now - Android SDK. And, it is certain too early to compare just the SDK with the iPhone to reach any convincing conclusion right now.

[via Earthweb]

No comments: