Your Smartphone Is Safer Than Your PC — For Now

snydeq writes "InfoWorld's Galen Gruman reports on the future of mobile security — one that will see a significant rise in exploits as valuable information increasingly migrates to mobile devices. To date, sandboxing and code-signing have helped make mobile OSes relatively secure, when compared with their desktop brethren. But as devices store more valuable information than email, they will become more enticing to hackers currently breaking into Windows PCs. And the biggest bulls-eye appears to be on Android, in large part because its architecture is most like that of the desktop PC but also because there are so many variants in use — too many for Google or the carriers to patch securely. And as the PDF-jailbreak vulnerability showed, sandboxing has its limits when it comes to securing the browser — the most likely point of entry for exploits not due to the rise of extensions, helper objects, and plug-ins on the mobile Web."

Re:Android less secure?

[Microlith]

I don't think it makes it more insecure so much as harder to close the holes. Handset vendors and carriers, for a long time, have worked with devices that generally could not be exploited in such a fashion, and probably don't have any means of getting such fixes out to their users within an acceptable time frame.

Marketing

[Kupfernigk]

Apple is trying to attack Android, which is growing in marketshare much faster than the iPhone. So they are trying to encourage the view that a monoculture is a virtue, and the various flavours of Android are somehow fracturing the market. (One phone to rule them all...)

Personally I think this is complete nonsense. Android runs on a lot of devices - soon to be added is the Toshiba AC100 netbook, so it will run on everything from entry level phones to small computers - which involves numerous changes in UI arising from optimisation and features. But the underlying architecture should make it possible to ensure that things are properly partitioned to give a robust security model, and Google isn't exactly short of brainpower. I suspect that just as we had the Microsoft trolls trying to minimise reports of Windows security issues, here we have Apple trolls trying to find narratives to attack Android.

And no, I don't use Android.

Re:Android less secure?

[akadruid]

Windows is a high value target, which was once crippled by it's backwards compatability with DOS and low skilled userbase. Microsoft, whatever their flaws, have some properly clever people and serious vested interest in addressing this problem, and they've finally put out a release that is fairly secure out of the box and somewhat usable - while still providing fairly timely security patches for a 10 year old release. Which is why the most serious threats are now coming from widely deployed software from less responsible companies (Adobe).

Android is the exact opposite. Very few smartphone manufacturers care enough to issue regular updates for their phones, especially once you get outside of the US market. Even on the US market, most smartphones have had exactly one update: from 1.5/1.6 to 2.0/2.1 usually. No monthly security updates, and nothing at all for obsolete phones over 12 months old. You'd better hope that nobody else has the time to look at your phone that your carrier has forgotten about.