~couchNerd ~serialOutrager ~puts2In42 ~makesPigsFly

Android vs iPhone: Security Models

Android and iPhone OS (iOS) have been at loggerheads for quite some time now. This is a take on which has a better security model to protect its users. I thought of writing it up because there have been a lot of discussions around me lately about which platform is more secure and I keep repeating the same points over and over at every one of them, so thought that in future I’ll just point them to this page :P

Disclaimer:

A. I don’t guarantee this post to be absolutely correct as I’m no security researcher or expert but I do have some interest in this field and I’ve been a developer for some time now on different architectures and OSs especially at OS/driver level and that too in the mobile devices field, so I “might” actually be right about a few things here and there..

B. I’m an android user myself but not of the fanboy variety. I’ll be happy to switch camps any day I get something that appeals to me better. I have love and hate points for almost all platforms available but I’m using android because “for me” it’s love points slightly outnumber the hate points.

OK, on with the points then. Here is the table that I created for this showing points I considered and which side wins each. Don’t start flaming me though just by seeing the table :P I will be discussing the points as well below it.

**Android vs iPhone: Security Models** Android iPhone Distribution Medium Security Local Security Open vs Close App Development Model Damage Control Summary
Approval Process NA NA
Phishing Lose Win
Permissions Win Lose
Environment/Sandbox Tie Tie
Slight Win Lose
Slight Win Lose
Tie Tie
? ?

1. Distribution Medium Security: Apple vets every application that is put on the app store while Google’s Market Place is unrestricted. How does this affect you security wise?

**a.¬†Approval Process: **The biggest myth is that the vetting process is what will save you from malware on app store. IT WON’T. The Apple app approval process isn’t defined anywhere but in general it just states that it checks for apps to do what they say they will do. But they don’t check the source code of the apps and static analysis of binaries can only take you so far (Heck, they have even been inept at catching a whole lot of apps that were using their disallowed private apis which can be found easily using simple tools) . So, anyone actually wanting to write a malware can do it trivially by making the malicious code to run after the app has been approved. The trigger could be time based or could even be done over the web remotely. The app could even have encrypted payloads or download new pieces of code over the web and run them.¬†So, we can safely say that approval process is something that can’t make things secure for you that way.

Result: No one wins

** **

b. Phishing: This is where App store can protect you if someone put an app claiming to be from someone that it isn’t. e.g. Someone could make an app that claims to be from “Bank of America”. In apple’s case, I’m 99.99% sure that the app won’t pass the screening but in Android’s case, there won’t be any hassles for it to reach the marketplace. It could be pulled soon after as google learns about it but still even one person’s damage here is much more than what would have happend on iPhone.

Result: iPhone wins

** **

2. Local Security: What about the security in the OS itself once an app is on your phone? This is an important question because 1.) As I noted above, Apple’s app screening process isn’t robust enough to catch malware 2.) People can bypass the official distribution medium easily. Android allows to install apps from other sources on most phones by just enabling an option and a huge number of people jailbreak their iPhones and get/use this capability.

a. Permissions: On Android, an app has to explicitly declare what capabilities/data of the phone it wants to access/use and the user has to explicitly give it those permissions before it is allowed to install, irrespective of from where/how this app is being installed. So, it works even if you are installing the app from your SD card and even if you have rooted your phone. On iPhone, there is no such mechanism of restricting apps. All apps are equal and can access a lot of resources unhindered without the user knowing. So, while installing a single player only game on android you can immediately be suspicious if the app is asking for internet connection or access to your contacts data but on iPhone you will not come to know about this.

Result: Android wins

** **

b. Environment: On both platforms, the apps run in their own sandboxes with unique uuids

Result: Tie

** **

3. Open vs Closed: Most of the Android code is open source while for iOS, only darwin kernel and some other things like webkit etc are open source. Now, this in itself doesn’t gurantee to make Android secure but its code does get a lot of scrutiny from open source community as well as lot of other big name companies with commercial interests in Android which allows it to find and fix more bugs and loopholes than iPhone can.

Result: Slight win for Android

** **

4. App development model: Most apps for Android are written in java while those in iPhone are written in C/Objective-C. While I’m myself a big time C lover (Majority of my coding is in C/CPP) but it is indeed a very unforgiving language where you need to be very careful with what you write and has much greater chances of exploits, .e.g, Buffer overflows, as compared to java (Interestingly, all the jailbreaks for iPhone OS have been done using such exploits and have been made available day 0/day 1 mostly.)

Result: Slight win for Android

** **

5. Damage Control: What if an app actually got through everything on any of these platforms and started spreading? Both of these platforms have kill switches in the hands of Google/Apple which they can use to remove such malicious apps from the users’ phones remotely.

Result: Tie

** **

Summary: Well, there is no clear winner. Apple is quite good when it comes to protecting you from phishing (though that advantage goes away if you jailbreak and use alternative means to install apps) and Android has a real sound local security system (though it also has the flaw that users might not always understand why an app is requesting a certain critical permission and install it anyways). So, take your pick and let me know what you picked :) and please do tell me if I’m wrong in any of my points or missed out on something that needs to be compared.

Comments