Slashdot Mirror

← Back to Stories (view on slashdot.org)

Accountability, Not Code Quality, Makes iOS Safer Than Android

Posted by timothy on from the well-it-isn't-obscurity dept.

chicksdaddy writes "Threatpost is reporting on a new study of mobile malware that finds accountability, not superior technology, has kept Apple's iOS ecosystem free of viruses, even as the competing Android platform strains under the weight of repeated malicious code outbreaks. Dan Guido of the firm Trail of Bits and Michael Arpaia of iSEC Partners told attendees at the SOURCE Boston Conference on Thursday about an empirical analysis of existing malicious programs for the Android and iOS platforms which shows that Google is losing the mobile security contest badly — every piece of malicious code the two identified was for the company's Android OS, while Apple's iOS remained free of malware, despite owning 30% of the mobile smartphone market in the U.S. Apple's special sauce? Policies that demand accountability from iOS developers, and stricter controls on what applications can do once they are installed on Apple devices."

7 of 210 comments (clear)

  1. Is this Covert Advertising for Apple's Ecosystem? by dryriver · · Score: 4, Informative

    Last time I checked, there were plenty of reports of malicious iOS apps clandestinely hoovering up your private data/contacts, and sending that bundle to the app's developers, who will use it for Lord-knows-what-nefarious-purpose. With this being the case, how can anyone possibly claim that iOS is "secure & malware free". The malware doesn't have to be a Trojan or Virus. It can also be a nasty little app that secretly sends your private data to a server somewhere that you don't even suspect exists. ----- I don't understand why Apple fans need to maintain a strange belief into the "infallibility" of Apple's ecosystem. Apple is plenty fallible in my humble opinion. And this is just another snide attempt to advertise the "Extra-Special-Specialness" of using Apple products.

    --
    Why did the chicken cross the road? Because Elon Musk put an AI chip in its head.
  2. Re:what counts as malware.. by pankkake · · Score: 4, Informative

    Malware has been accepted in the Apple App Store, TFA is bullshit.

    --
    Kill all hipsters.
  3. Re:You have to be kidding by mysidia · · Score: 5, Informative

    Since when is the iOS more secure? The latest Android has a very stable code and a solid permission system that allows the user to set exactly what an app can or can't do.

    The reason there are fewer iOS malware infections has to do with something totally separate from security of the device.

    There is a 'more efficient' distribution channel for Android platform malware.

    Developing for the Apple platform requires a security certificate from Apple to sign applications, paying money to apple, signing a contract, and approval from Apple and review to be listed on the pap store, which makes the app store a less efficient means of distributing malware than the Android marketplace.

    An operating system can be extremely insecure, but if there is no useful distribution channel, or no network connection, it is not likely to be infected.

  4. Re:You have to be kidding by BasilBrush · · Score: 5, Informative

    Since when is the iOS more secure? ...an OS that can be rooted by a fucking website.

    If that is your measure, the answer to the question you pose is July 15th 2011. That was when the last version of iOS that could be rooted via a website was replaced.

    4.3.3 could be jailbroken via website, 4.3.4 would not.

    5.x has been out since Oct 2011.

    Personally I'd say a better measure is the amount of malware. And on that measure, Android has always been many times worse than iOS.

  5. Re:You have to be kidding by wvmarle · · Score: 4, Informative

    Afaik most Android malware is not from the Play Store, but from third-party Android stores.

    And besides Play Store does have accountability: every developer has to register, and pay a small one-off registration fee as form of identification.

  6. Re:You have to be kidding by jsvk · · Score: 4, Informative

    the exploit you're talking about existed for 1 or 2 minor version numbers, and can no longer be exploited (including by the device owner) due to the OS version(s) no longer being installable without jumping through some hoops (apple's server no longer signs off on the installation). It was a bug in the PDF renderer for safari, for anyone wondering.

    Rooting iOS devices remains a hunt for exploits in every version release, and no one's ever sure if and when the next version's exploit will be released. Many 4S/iPad users on iOSv5.1 are have been stuck using a jailed, but perfectly secure device for months now, with no guarantee that the jailbreak will come anytime soon.

    Each version makes iOS more and more secure, and there's no guarantee Apple won't eventually release a perfectly secure, jailed OS, and I hope at that point this OS dies off, but that may be asking too much.

  7. Re:"has kept Apple's iOS ecosystem free of viruses by Entrope · · Score: 4, Informative

    That is a distinction that the study apparently did not make, because it talks about "malicious code" rather than viruses. In fact, most of the malicious apps that one hears about are spyware or trojans rather than viruses.