Nmedia - Fotolia


Android vs. iOS security: Compare the two mobile OSes

The latest versions of both Android and iOS up the security ante with encryption and other features. It's up to IT which devices to support, whether Apple or Google.

Apple and Google have a rivalry for the ages, not unlike Windows vs. Linux, and the competition continues with Android vs. iOS security. The top two mobile operating systems are both security contenders.

In a world where it's hard enough to convince executives, even CIOs, about the importance of security, the average mobile user may not be all that concerned. However, if IT is looking to deploy corporate-issued devices or support multiple mobile platforms via a BYOD policy, both Android and iOS mobile security features are worth knowing.

Check out these OS security highlights, which can affect IT and information security programs, as Android and iOS step into the ring.

In this corner: Android

Google pushes out Android security patches every month. Only Nexus and Pixel users get the update immediately, and other manufacturers might delay or skip the update all together. Having owned a Nexus phone as well as others from Samsung and LG (both locked and unlocked), I can say that it's really nice getting the monthly updates for stock Android directly from Google. Having to wait on third-party manufacturers and the layered complexity/bureaucracy of the carriers on top, I have found it pretty rare to get any consistent security updates on the Android platform.

Google has a built-in "guard" against apps that users install manually if Google deems them to be unsafe. There can be false positives, though, and there's no way for users to know for sure. There are also numerous ways to lock or unlock an Android phone such as pattern, voice and facial recognition.

A common question that arises with both iOS and Android is whether or not users need to run antivirus software.

Starting with Android Marshmallow, boot verification has become a standard feature that checks for anything wrong with the operating system. It will give errors if the user is running a custom ROM on the device or if someone has rooted it.

To increase security, users are required to enter app permissions upon app launch, if the app is updated. Older apps will not ask for permissions, but users can manually disable this feature in the settings -- a step that further boosts mobile security and privacy. After all, who wants to share their calendar and address book with random app developers if they don't want to?

Encryption is also standard, starting with the Nexus 6. It initially made the devices slower, but Google has since fixed any lagging issues.

In this corner: iOS

Apple's most well-known security feature is its App Store, where any app passing through must not only meet Apple's security requirements, but also pass the tests. This security has been shown to be at risk with hot patching, or remote software updating, but Apple's new policy may keep things under control.

Apple device users have control over many different security features, including encryption, which they can enable in the device settings. Apple introduced device encryption starting with iOS 8 in 2014. Users can disable features such as Siri on the lock screen to prevent anyone trying to send messages without the device being unlocked. Like Android, iOS also lets users disable permissions for certain apps in the settings.

The latest iOS has upped its user passcode requirements. Now, the default PIN length is six characters rather than four, which provides for better security than previous versions of iOS. In addition, the fingerprint reader grants users direct access into apps in lieu of having to enter a password every time.

Android vs. iOS security

A common question that arises with both iOS and Android is whether or not users need to run antivirus software. Given the architectures and default configurations of these operating systems, running antivirus software is likely unnecessary, although such controls certainly wouldn't hurt if maximum security is the ultimate goal.

So, when it comes to Android vs. iOS security, which OS is the winner? It's up to IT shops to decide; only they know exactly what the organization requires in terms of mobile security features. The latest versions of Android and iOS are both pretty solid; the question is whether users have the latest version and, if not, when they'll be able to get it.

There are a lot of moving parts with mobile, whether it's outdated app vulnerabilities or numerous source code and runtime flaws that can equally affect both iOS and Android. IT shops might have additional mobile device management controls in place to ensure that they're locked down. Then again, they may not. The important thing is to understand the organization's mobile security gaps and do due diligence to minimize any identified risks moving forward.

Test your mobile device security know-how

Do you know what it takes to provide mobile security? Take this quiz that covers differences in mobile OSes, containerization, data encryption and more

Next Steps

Mobile OS security smackdown

Four ways to boost Android security

Catch up on iOS 10 security

Dig Deeper on Enterprise mobile security