Android malware has managed to sneak into the official Android Market for a few months at a time, but Apple’s review process has (thus far) prevented any iOS malware from entering the Apple App Store.
When I tell people this, I commonly get two questions:
- Does that mean iOS is better than Android?
- Should Google start reviewing all Android apps?
My answer is that security is only one part of the mobile application ecosystem. Apple’s reviewers filter out malware, but they also censor application developers for other reasons. If you are a security-conscious user who downloads lots of apps, then maybe iOS is “better” for you. If you want apps that let you tether your phone or view adult content, then maybe Android is “better” for you.
Regardless of one’s opinion about the tradeoff between security and freedom of development, I predict that problems with the app review process will arise in the next few years. App markets are growing rapidly, and the review process is slow and human-intensive. I don’t see how it can keep scaling up. For example: neither Apple nor Google could manually review the entire Internet. I think the security community needs to find better, automated ways to address the problem of mobile malware — but this will be hard to do until there is more mobile malware out there to study.