14 DAY TRIAL // When it comes to enterprise security, oftentimes the platform used behind the company's network is rarely a compelling argument, a report from a security company shows.
From a regular user’s standpoint, iOS offers more security thanks to Apple's controlled app distribution and limitations imposed to the operating system.
On the other hand, Android users have more resources to pull the apps from, hence they’re exposed to a higher security. If the user downloads the resources from reputable places, the danger is greatly mitigated.
However, a threat report around the BYOD (Bring Your Own Device) theme, released by Marble Security, shows that in an enterprise environment, neither operating system “is inherently more secure than the other.”
The report explains that despite Apple’s tight app distribution control, a non-jailbroken iOS device can still download software from enterprise app market places, through various testing apps and programs.
These allow installation of apps from websites with no more effort than a tap on the screen, thus allowing for more or less the same risks as in the case of Android devices.
Google Bouncer, the engine that checks the apps for malicious code before being listed in the store, is quite efficient, but, as Marble Security says in the document, it “cannot protect users from installing apps from other marketplaces.”
A threat matrix in the document shows the weak spots of the two platforms, both being vulnerable to most of the attack types presented.
While iOS is not susceptible to sideloading apps and harvesting phone call and SMS logs, Android is resistant to hostile configuration profiles, which on iOS can be delivered while visiting a website.
But both of them are vulnerable to different types of phishing (regular phishing, spear-phishing, SMS-phishing and app-phishing), address book mining, jailbreaking and rooting, SSL weaknesses, unencrypted mail attachments, ransomware and backup jacking.
Ransomware threats are present on both platforms, as the latest reports of this type of incidents on iOS are no older then the month of May, this year; on Google’s mobile platform these events are even more recent, more frequent and can be more complex in nature.
“Both iOS and Android are complex operating systems, and will continue to grow in complexity over time. Major new features such as Siri for voice navigation have revealed serious security holes that may expose user contact data and phone address books. As the operating systems evolve, they will no doubt improve security, but as they add features, new security holes will emerge,” concludes the report.