Marble Labs issued its Mobile Threat Report (PDF) for June 2014 today, providing an in-depth analysis of the relative security offered by the iOS and Android mobile platforms. Though the general impression is that Apple Inc.’s (NASDAQ:AAPL) iOS features an almost sacrosanct security and Android leaks like a sieve, Marble Labs claims that there is broad parity between the security levels of the two competing platforms, with each able to claim a handful of minor advantages over the other.
The central contention of the report is that neither platform possesses greater inherent security than the other. Indeed, it praises both for their robust “sandboxing” protocols, which prevents apps from easily modifying each other and thus limits the potential spread of an infection across the whole system. Both systems are compared favorably to the Windows OS, which more or less allows infections to run riot, installing new programs or apps and patching existing ones.
According to the report’s “Threat Matrix,” iOS and Android are equally vulnerable to phishing, spear-phishing, SMS-phishing, app-phishing, corporate directory mining, jailbreaking, rooting, jammers, SSL vulnerabilities, unencrypted email attachments, ransomware, and backup hijacking. In both cases, robust security measures are in place against most or all of these threats, but these measures, created by skilled but fallible humans, are not impenetrable and sometimes fail. This, Marble Labs claims, is as true of iOS as it is of Android.
Android is subject to the risks of sideloading apps and call log harvesting, which iOS is immune to. Conversely, iOS can be attacked via hostile configuration profiles, which are useless against Android. These profiles take advantage of the fact that iOS accepts configuration data from visited websites, a mechanism that can be turned into a major security breach by a skilled hacker. Pornographic websites are particularly likely to host hostile configuration profiles.
The only real identifiable advantage that the iOS platform enjoys, according to Marble Labs, is external to the platform’s architecture. This is the fact that most (though not all) apps for iOS are obtained through the App Store, which is monitored by Apple Inc. (AAPL), while Android apps can be downloaded from any of thousands of possible sources.
A good analogy to understand the security similarities and differences between the two platforms is to compare them to two nations. Both countries have precisely the same level of internal policing, but the iOS “nation” has a strict arrangement of border and customs controls while the Android “nation” has a much more porous border and more relaxed entry requirements. It is more difficult for hostile foreign agents to enter one than the other, but once inside, they have precisely the same chance of operating freely or being caught and eliminated.
