Android malware has managed to sneak into the official Android Market for a few months at a time, but Apple’s review process has (thus far) prevented any iOS malware from entering the Apple App Store.
When I tell people this, I commonly get two questions:
- Does that mean iOS is better than Android?
- Should Google start reviewing all Android apps?
My answer is that security is only one part of the mobile application ecosystem. Apple’s reviewers filter out malware, but they also censor application developers for other reasons. If you are a security-conscious user who downloads lots of apps, then maybe iOS is “better” for you. If you want apps that let you tether your phone or view adult content, then maybe Android is “better” for you.
Regardless of one’s opinion about the tradeoff between security and freedom of development, I predict that problems with the app review process will arise in the next few years. App markets are growing rapidly, and the review process is slow and human-intensive. I don’t see how it can keep scaling up. For example: neither Apple nor Google could manually review the entire Internet. I think the security community needs to find better, automated ways to address the problem of mobile malware — but this will be hard to do until there is more mobile malware out there to study.
“The iPhone and Android security models are very different and reflect the different levels of “openness” of each ecosystem.
iOS runs all applications as the same user, and utilizes a kernel-level mandatory access control mechanism known as “SeatBelt” to limit interaction between applications. While SeatBelt policies could, in theory, be customized for each downloaded application, in practice customization is only used for a handful of pre-loaded apps (like mobile Safari) and all downloaded apps run with the same set of permissions. This set of permissions is not visible to users, and the standard seatbelt policy has actually become more permissive as the platform has evolved, with iOS 4 granting many more rights than iPhone OS 2.
The security of iOS is really provided by the lack of application choice. All applications are supposed to be loaded from the Apple App Store, and Apple uses human review, static and dynamic analysis to look for potentially malicious actions by uploaded apps. You are not allowed to sideload applications from the Internet or your PC, so in theory every bit of executable code your phone has passed by Apple’s gatekeepers. In reality, mobile Safari has had hundreds of vulnerabilities and the sandbox mechanism is regularly defeated, as evidenced by the success of enthusiasts in creating jailbreak software for pretty much every version of iOS.
Android was always intended to allow users to load software from untrusted sources, so the security model needed to be “collapsed” onto the phone and can’t rely on external review processes. Every application on Android is assigned its own uid on install, and by default the application’s user is granted no rights outside of access to its home directory, the ability to execute itself and write to the screen. Android applications request permissions to perform other actions, like access the network, use the Bluetooth stack, make phone calls or read the user’s contacts. The user needs to approve these permissions on install, and a lot of work has gone into designing a UX that makes this decision easier to understand while not “lying” to the user. A handful of these permissions are enforced in the Linux kernel by use of group membership by each app’s user, but the majority of them are enforced on IPC calls between the application and services that provide these abilities.
So a very long answer to a short question. How would I sum it up? It is more likely that an Android phone will be exposed to malicious software than a non-jailbroken iPhone over its lifetime, because the Android market is not as controlled and the user can download applications whenever he/she pleases. If you were trying to attack a fully patched Android phone and a fully patched iPhone, then the iPhone is probably the softer target, especially if you can get the user to navigate to a malicious page using Safari. In this way, Android and iOS play out the Windows/OS X security drama in miniature and reflect the difference between security and safety. The former OSes are like very secure homes in bad neighborhoods, the Apple OSes are like mansions with unlocked front doors in much safer neighborhoods.”
http://www.quora.com/Which-platform-is-more-vulnerable-to-viruses-iOS-or-Android