Accountability, Not Code Quality, Makes iOS Safer Than Android

chicksdaddy writes "Threatpost is reporting on a new study of mobile malware that finds accountability, not superior technology, has kept Apple's iOS ecosystem free of viruses, even as the competing Android platform strains under the weight of repeated malicious code outbreaks. Dan Guido of the firm Trail of Bits and Michael Arpaia of iSEC Partners told attendees at the SOURCE Boston Conference on Thursday about an empirical analysis of existing malicious programs for the Android and iOS platforms which shows that Google is losing the mobile security contest badly — every piece of malicious code the two identified was for the company's Android OS, while Apple's iOS remained free of malware, despite owning 30% of the mobile smartphone market in the U.S. Apple's special sauce? Policies that demand accountability from iOS developers, and stricter controls on what applications can do once they are installed on Apple devices."

You have to be kidding

Since when is the iOS more secure? The latest Android has a very stable code and a solid permission system that allows the user to set exactly what an app can or can't do. This in contrast to an OS that can be rooted by a fucking website.

Re:You have to be kidding

[ircmaxell]

This. Very much this.

This article is pure FUD. Plain and simple.

Malware, by its very definition is:

Malware is a general term used to describe any kind of software or code specifically designed to exploit a computer, or the data it contains, without consent.

Android requires that you give consent, since it tells you what permissions the application needs prior to installing it. So by very definition, these data leakages on Android are not malware. The user said it was ok for that application to collect that data.

Re:You have to be kidding

and what percentage of phones out there have the latest Android release? My Galaxy S2 is still waiting...

Re:You have to be kidding

Could you post the link, please? Seriously. I have an iPhone 3GS which I want to jailbreak to use with another phone carrier, but it has been updated to ios 5.1 and nothing I find (whited00r, redsn0w, tinyumbrella etc) seems to work. The most I've been able to is make the phone boot with a non-working 3G/Wifi radio, which defeats the device being a mobile. Fucking Apple support doesn't want to make it free, and my old operator says it has been freed (my ass).

Please, post the link, it would have saved me a week of failed hacking attempts so far!

Re:You have to be kidding

[mysidia]

Since when is the iOS more secure? The latest Android has a very stable code and a solid permission system that allows the user to set exactly what an app can or can't do.

The reason there are fewer iOS malware infections has to do with something totally separate from security of the device.

There is a 'more efficient' distribution channel for Android platform malware.

Developing for the Apple platform requires a security certificate from Apple to sign applications, paying money to apple, signing a contract, and approval from Apple and review to be listed on the pap store, which makes the app store a less efficient means of distributing malware than the Android marketplace.

An operating system can be extremely insecure, but if there is no useful distribution channel, or no network connection, it is not likely to be infected.

Re:You have to be kidding

[Black+Parrot]

This article is pure FUD. Plain and simple.

Can't imagine that a company called "iSEC" would be biased on this matter.

Re:You have to be kidding

[DavidRawling]

On the contrary, the user has NO control over app permissions, by default. The app author sets what he/she wants, and the user has the choice of accepting it or finding an alternative. No justification, no ability to say "well I want this useful SSH app but I don't want it reading my contacts, so I'll deny that permission". Yes, there are firewall apps (the permissions are in the OS, why do I need an APP to enforce OS permissions?) and for rooted devices, apps that can tweak permissions. But the default is horribly, terribly broken because most of the power is in the hands of the developers, NOT the users.

Re:You have to be kidding

[cyber-vandal]

No it isn't, the firmware's been out for a long time now.

Re:You have to be kidding

[BasilBrush]

Since when is the iOS more secure? ...an OS that can be rooted by a fucking website.

If that is your measure, the answer to the question you pose is July 15th 2011. That was when the last version of iOS that could be rooted via a website was replaced.

4.3.3 could be jailbroken via website, 4.3.4 would not.

5.x has been out since Oct 2011.

Personally I'd say a better measure is the amount of malware. And on that measure, Android has always been many times worse than iOS.

Re:You have to be kidding

[wvmarle]

Afaik most Android malware is not from the Play Store, but from third-party Android stores.

And besides Play Store does have accountability: every developer has to register, and pay a small one-off registration fee as form of identification.

Re:You have to be kidding

There's a number of things you're missing. Most importantly: practically everyone would consider trojan horses to be malware, or at least an important security issue. Just because the user checked a box somewhere doesn't mean that trojans don't count.
Beyond that, trojan horses are due to their very nature less useful in an environment where accountability is higher. This is definitely the case with Apple/iOS, and has lead to a large number of false positives and censorship by Apple, both of which have been discussed at length here on slashdot.
Thirdly, unlike Android, I haven't seen any major and widely-reported breaches of apple devices, despite widely-available jailbreaking tools. This surprises me quite a bit. According to the iPhone users I've asked about this they claim that the cause is that most jailbreaks these days work through a physical connection (ie. with a computer).

Android may be more secure in capable hands, but the average user is safer in an environment where available software is code-signed and strictly supervised, either by a single entity such as Apple's iOS market or by the community such as the debian repositories.

Re:You have to be kidding

Sure, but if the user is asked for every app whether to share data, the act of sharing data then becomes a standard part of the install. Very technically aware users will make use of this, but for most users it's effectively worthless: it's just another mind-numbingly annoying button you click for the app to run, like EULAs almost no one reads. (Just to be clear, I'm not really arguing about Android vs. iOS, I'm just pointing out the generally low value of relying on users giving consent for an install.)

Re:You have to be kidding

[jsvk]

the exploit you're talking about existed for 1 or 2 minor version numbers, and can no longer be exploited (including by the device owner) due to the OS version(s) no longer being installable without jumping through some hoops (apple's server no longer signs off on the installation). It was a bug in the PDF renderer for safari, for anyone wondering.

Rooting iOS devices remains a hunt for exploits in every version release, and no one's ever sure if and when the next version's exploit will be released. Many 4S/iPad users on iOSv5.1 are have been stuck using a jailed, but perfectly secure device for months now, with no guarantee that the jailbreak will come anytime soon.

Each version makes iOS more and more secure, and there's no guarantee Apple won't eventually release a perfectly secure, jailed OS, and I hope at that point this OS dies off, but that may be asking too much.

Re:You have to be kidding

[gstrickler]

Since when is the iOS more secure?

Headline says "safer", not "more secure". Safer != more secure. A Windows 95 machine that is not connected to the internet is safer than a Linux web server, but it's certainly not more secure.

BTW, most Android devices have Flash. If Flash isn't current (and even if it it), it's likely your device can be rooted by a website. I haven't heard about targeted attacks on Flash for Android, but Flash for Android has most of the same vulnerabilities as Flash on the desktop.

Re:You have to be kidding

[chrb]

I don't think that is the reason that we hear more about Android malware, although it may be a factor. The barrier to entry of becoming an iOS developer is: buy a Mac (Intel Mac Mini will do), pay $99, sign up on web site. The barrier to entry of becoming an Android developer is: buy a PC (any will do), pay $25, sign up on web site. You could argue that the cost of a Mac Mini is prohibitive, or that hackers are less likely to own a Mac and begin hacking around on iOS in the first place, but for serious malware authors these are not significant barriers.

The real reasons that we hear more about Android malware:

1. Android users can enable installs of apps from non-official markets and random web sites. Many of the reported malware apps come from these kind of sites. But users have to explicitly do this, no phone ships with random web sites enabled as app stores. These same users, having enabled random app sources, then presumably don't bother to check the permissions that the app they install requests.
2. Android allows apps to send premium rate SMS messages and calls without an explicit popup. I personally think Google should probably kill this ability, but then I never call premium rate numbers. Blocking premium rate texts would kill the profit incentive for most malware. If this were an explicit, in your face, permission or setting (like the big warning for data roaming in settings!), then we wouldn't have seen any premium SMS fraud malware.
3. Apple marketing is happy for the media to push the "no iOS malware" angle in the same way that they did successfully with "no OS X viruses". It isn't strictly true, but people believe it anyway, and there is a huge class of users who are willing to pay more for the belief that there will be fewer problems in future. Malware that affects a few thousand people really isn't important in the big scheme of things, but it is something that marketing can use to try and differentiate iPhones in the eye of the consumer from very similar and equally capable Android phones.
4. Apple fans are pushing the "Android is full of malware" meme extensively, even though very few Android users have actually been affected. Is malware an issue that should be dealt with? Yes, but these same Apple fans who argue that Android is "straining under the weight of malware" after a few thousand users have been infected, are also the ones who claim that half a million infected Apple desktops is no big deal.

History has shown that a monoculture is actually more vulnerable to attack. There were some very skilled virus writers back in the 80s who innovated with polymorphic, anti-virus proof code, hidden boot sector infections etc. For whatever reasons, these kinds of hackers moved on to other projects, and what we see now in the virus/malware sector is mainly an industry driven by financial profit motive. iOS has had root exploits, and getting an app on the iPhone app store isn't that hard. Maybe they scan code and do some static analysis to try and spot dodgy functions, but at least one person has gotten malware into the iPhone app store, so it is certainly possible. I really do think that the only reason this hasn't been done is due to the explicit permission that the iPhone requires to send a premium rate SMS. If people ever start doing widespread banking on the Android/iPhone, or Android/iPhone malware ever becomes a populist hobby again (like viruses of the 80s), then I'm sure there will be more. An X-Prize, designed to stimulate malware production on either platform, would almost certainly produce results.

Re:You have to be kidding

[thegarbz]

You would have a point in the case of a killer app, or an only app. In the case of the SSH app, simply pick one of 20 other SSH apps in the market place. Typically for most things you want to do on your mobile there is ample choice available.

The only time this breaks down is when you're forced to use an app for a specific purpose due to popularity. If for instance Draw Something suddenly needed a stupidly unrealistic set of permissions then you'd have something there, but the app would likely drop in ratings quite quickly too.

Re:You have to be kidding

[kthreadd]

I like Android, but what has kept me away from it is that I have not found an Android phone that consistently gets new updates after they are released for a long period of time. Sure, Apple makes mistakes like this but the important thing is that they shipped an update and basically all affected phones got it even if they were a couple of years old.

Let's say that the same thing happened to Android. How large percentage of Android phones would even get the update at all?

Re:You have to be kidding

[multi+io]

Android requires that you give consent, since it tells you what permissions the application needs prior to installing it. So by very definition, these data leakages on Android are not malware. The user said it was ok for that application to collect that data.

Does that mean that there can never be malware on an operating system like Windows which (AFAIK) doesn't have a mechanism for the user to "say that it's ok for an application to collect that data"?

Re:You have to be kidding

[yoctology]

But consent has to be informed. What are the implications, amount, frequency, and potential commercial exploits of the data you are giving permission to use?

Re:You have to be kidding

[youn]

iLOL, what makes you think so :p

Re:You have to be kidding

[mkraft]

I'm not sure why this was modded insightful, let alone +5 since if you read TFA you'd know that they weren't saying that iOS is more secure, only that there are virtually no delivery mechanism for malware because of Apple's app store policies of requiring real world identification of an app author to publish apps in the app store. That and iOS apps are more restricted in what they can do over Android apps.

That's the problem when articles like this hit Slashdot. Rabid fanboys (Apple and Google) start posted without even reading the article. The same thing with modders.

Re:You have to be kidding

[Nemyst]

So basically the only way would be protecting users from themselves?

Do you see where that'd be going?

Re:You have to be kidding

[Nemyst]

Get a Nexus phone? They tend to get extensive updates, and once your warranty's up/official support dries up, you're guaranteed to be able to flash to Cyanogenmod or any other distribution you can think of thanks to unlocked bootloaders and the inherent popularity of the device.

For anyone remotely tech savvy, it's the logical choice.

Re:You have to be kidding

[MacDork]

What about the Path app. It would steal your address book and private photos. It's recent and very high profile. That's not malware?

I find it very suspicous that their "empirical analysis" didn't uncover a single bit of "malware" on iOS. Mod article Troll.

Re:You have to be kidding

[MoronGames]

Android requires that you give consent, since it tells you what permissions the application needs prior to installing it. So by very definition, these data leakages on Android are not malware.

Do you really think that a significant number of users actually read what permissions they are giving to applications? The problem is that most users are not to be trusted!

Re:You have to be kidding

[Deorus]

Wow! What a fair and unbiased comparison! A year old iOS version that anyone with an at least 3 year old iPhone could and should have upgraded from, versus the latest Android version that most people can't upgrade to! Rated Insightful, of course, because there's a lot of circle jerk insight in that nonsense of a post!

This is not even to mention that the article has nothing to do with the security of the platform itself but rather its exposure to malware, but hell, let us make it about security and debate the merits of each platform, shall we?

I find it interesting how ignorant some Android fanboys are regarding iOS' sandbox, which is extremely restrictive and does not, by design, allow apps to do anything too fishy even if all permissions are granted. At most an app may be able to pull up your contacts without your permission or access call information, but not much beyond that without the user being notified unless they pierce through the sandbox. An app can't keep itself running in the background for longer than 10 minutes (unless specific profiles that permit so are chosen and approved by Apple for each app), run any kind of code not present during the approval process (meaning it's not OK to download code unless it's an in-app purchase, which may be free, and this includes interpreting code other than HTML and Javascript on Safari, which is why emulators are not permitted), launch or interact directly with other applications unless they register themselves as resource handlers (even running a secondary executable within your own application will result in iOS completely obliterating it without even bothering to inform any attached debuggers of what happened).

In essence, the article hits the spot by claiming that it is the screening process and its walled gardens that keep the nastiness away. It's simply not worth developing malware for iOS, you don't have much to gain by doing it, either you pierce through the sandbox and your app will be rejected (with potential consequences to your developer and / or publisher certificates) or you can be easily detected by any user. There are exceptions, of course, but compared to Android, they are very few in number.

Re:You have to be kidding

[jfengel]

Good question. My Droid won't even run the latest release, and I have no idea how good they are about security updates for out of date releases.

Re:You have to be kidding

[MacGyver2210]

Not to mention Apple has a huge cert process for their iOS store, versus basically anyone being able to code and upload to the Android markets. They do some minor "known problem" screening, but largely it is up to the user to determine what they allow the software to do on their device.

That said, it is the fact that people who are too lacking in knowledge(stupid seems a bit harsh) who use Android are at a greater risk than if they use an iOS device, because Android actually allows you to control your device and allow it to do things that are dangerous in the hands of the computer-knowledge-deficient(aka, your average Apple customer).

If you can't read a list of settings and pick out that a flashlight app doesn't need to access your SD card and make calls/charges on your account, please get an iPhone instead of becoming a misrepresented Android statistic. You'll be happier with the device that does all the thinking for you.

Re:You have to be kidding

[BasilBrush]

The Path app is not malware. It's still on sale on the App Store, and has 5 times as many five star ratings as any other rating, and litterally zero one star ratings. (the possible ratings run from one to five stars).

Email addresses were uploaded simply to facilitate a find-my-friends feature of social networking.

It was a naive implementation, because the same functionality could be achieved simply by uploading hashes of the email addresses. And it was wrong that in earlier versions it didn't explicitly ask the users permission to upload those email addresses.

But there's no evidence of malign behaviour. Only behaviour intended to implement the advertised features.Therefore it's not malign software; it's not malware.

Re:You have to be kidding

[Sebastopol]

So it depends on your definition of the word "is"?

Gotcha.

Re:You have to be kidding

[PapayaSF]

And besides Play Store does have accountability: every developer has to register, and pay a small one-off registration fee as form of identification.

But as the article points out, Apple requires verification of a developer's identity, and Google does not, so a malware author who gets banned from Play can just sign up under a new identity.

Plus:

Beyond that, Guido said that Apple's iOS ecosystem has put controls in place that squeeze malware authors in other ways. An automated and manual application vetting system includes static analysis of compiled binaries that make it very difficult for developers to merely repackage malicious or legitimate applications for sale on the AppStore. That prevents infections of Trojaned applications like the DroidDream malware, which frequently popped up on Google's Android Market.

Re:You have to be kidding

[Dr_Barnowl]

.NET gets this right, as it happens - the administrator can grant or deny permissions on a fine-grained level, on a per-app or per publisher basis. The downside to that, though, is that if your app isn't well written, the permissions exception will kill it, which is a big no-no on a phone.

You can do automatic static analysis to determine which APIs the app calls, which provides a list of permissions it might request, but doing analysis to check that it copes with permission denied exceptions is much harder, so you can understand their choice.

What really sticks in my craw is that despite doing this static analysis, and providing this information on the Android market, you can't filter the listings based on the permissions that an app requests.

Anecdote : my wife wanted a bible reader app. I couldn't find a single one, paid or free, that didn't want what I considered an unnecessary level of permissions for something that is essentially an offline eBook reader. What the hell does a bible app need SMS, or contact list access for? In the end, she just installed the one she liked the look of the most, even though I couldn't say I approved of any of them. And I'm sure most people won't even consider it, and click through.

Re:You have to be kidding

6. Because it's amusingly easy to publish an app on Google Play--any app that does any darn thing. You just...publish it. Done. OTOH, you need to get your app past an actual human reviewer and Apple's automated software checkers to publish on the App Store. It's not just a little harder to publish crap on the App Store than Google Play, it's a lot harder.
7. Because Apple is usually pretty quick for a giant monoculture to jump on actual malware apps. While Google has a history from day 0 of letting malware slide and slide and slide until it's a serious problem and then letting it slide a little longer.
8. Because the Android Faithful like yourself are quick to defend Google's Wild West policies towards apps and their market. rather than decry those policies. Google Play is a mess, a stinking mess. If you really love Android, you should be the first to complain about that mess, rather than defend it.

Re:You have to be kidding

[BasilBrush]

You're showing your ignorance again. Apple did care about it, and that's what got the rule about asking for user permission before uploading contact details came from. A rule which Path now adheres to, which is why it's still in the App Store.

Re:You have to be kidding

[lanner]

First off, I want to say that I own a Nexus One and really like my Android phone. I have no intention of going iPhone. I get to hands-on with iPhones all the time and I still like Android better. I both iPhone and Android to everyone, they are both awesome compared to old stupid phones and Blackdeathberry.

That being said, the truth is that Apple does a much better job at releasing updates and supporting older phones than ANY Android phone manufacture out there.

Obviously, Apple has a much much easier time since they have fewer phone models than you do fingers, where the various Android manufactures have hundreds if not more than a thousand phones to choose from. Those manufactures do a very poor job of releasing updates for their phones.

The last update Google/HTC released for the Nexus One was 2.3.6 (GRK39F) in September of 2011. The phone is not yet three years old now and it's basically dead from a development standpoint. I have to go to community mods and rooting my phone for a better experience.

Meanwhile, Apple releases updates for three years. The 3GS, which came out before the Nexus One, is still fully supported by the latest iOS!

Reference: http://theunderstatement.com/post/11982112928/android-orphans-visualizing-a-sad-history-of-support

I want everyone to know this because it will force the Android phone makers to shape up. Why buy an Android, which will barely get one year of feature updates, if ANY OS feature updates, when an iPhone will last you three years (assuming you don't break it first).

what counts as malware..

[gl4ss]

..and how would they detect it on the ios? they just said that there is _zero_ malware, yet there's plenty of ios games/apps which leak all your contact info?(as is there for android).

(and the accountability part is that it takes a little more checks to get yourself identified as a publisher for itunes appstore.. however.. it doesn't take that much, there is and has been plenty of unauthorized distribution of asian comics etc there)

I haven't identified any iOS malware either, but that could be because I haven't looked for any(just not my field).

Re:what counts as malware..

[pankkake]

Malware has been accepted in the Apple App Store, TFA is bullshit.

Re:what counts as malware..

[BasilBrush]

As a tul of thumb:

Uploading your contact data for the purposes of expected social connections within the app is not malware. It's not the way it should be done, and poses a security risk if the server is compromised. But there is no mal-intent there. Nevertheless such practice is now explicitly banned without asking the users permission via a dialog at the time.

Uploading your contact details to a server for the purposes of mailing lists, tracking outside of the intended application domain would be malware.

The former is what was flagged up for iOS.

Android meanwhile suffers from both, and much, much worse, such as malware sending premium rate SMSs, thus potentially causing users severe financial losses.

Re:what counts as malware..

[wvmarle]

No, no, no. Totally wrong. If it's reviewed and accepted for listing in the App Store, then it's not malware. So the App Store is by definition 100% malware free. QED.

Re:what counts as malware..

[chrb]

..and how would they detect it on the ios?

Good point. The security researchers who identified some of the Android malware visited third party Android app stores and downloaded all of the apps so that they could build up a huge app corpus, which they could then scan (static analysis) for malware suggestive signatures. They stated that they couldn't do the same with the iPhone because Apple prohibits mass downloading of iPhone apps in order to build an iPhone app corpus. So the only people who can look for malware across the whole range of iPhone apps is Apple, and it seems unlikely that they would announce if they found any malware, when they can instead just silently remove it from the app store.

Freedom has it's risks

[Zico]

Guess what?! Freedom comes with risks! I don't make any decision until I weigh the pros and cons and do a bit of research, and yes, this includes any and all apps I may want to use.

Re:Freedom has it's risks

Freedom has little risks compared to looking to be "taken care of".

Re:Freedom has it's risks

[vakuona]

And that is why the Android model is flawed. Not fatally mind you, but flawed nonetheless.

You can't expect people to have to audit every bit of software that they install on their smartphone. In fact, it ought to be reasonable for users to expect software they download off the official repositories (App Store, Market) to be malware free.

And yes freedom comes with risks. But freedom also allows users to choose a phone that doesn't require them to expend more effort than necessary to be able to do what they require. Don't forget, a smartphone is a luxury, not a necessity.

Re:Freedom has it's risks

[marcello_dl]

> to choose a phone that doesn't require them to expend more effort than necessary to be able to do what they require

Am reading this the day after having to perform a forced itunes upgrade (no not on my boxes of course)

Re:Freedom has it's risks

[squiggleslash]

If you ever feel like it, buy yourself an Android device (one with Google), and actually try buying some software - or even downloading stuff from a third party website and installing it directly.

You'll notice that "auditing every bit of software (you) install" is ridiculously easy. The installer tells you what rights the app needs when you install it. It's pretty easy to determine that a game does not need to capture your keystrokes, and if a cool tool to change the wall paper needs "access to your Google account" then there's obviously something odd going on.

If an app doesn't ask for a particular right, Android's security model prevents it from doing whatever it was that required the right in the first place.

By comparison, as I understand it, I only have Apple's (and a developer's) word that a particular tool for iOS doesn't contain malware. I'm not going to be told what parts of the system it needs to access, I just get a straight "Do you want the advertised features or not?" choice.

The flaw here is on Apple's side. Both systems require you audit the apps you install. Only Android actually lets you do that.

Re:Freedom has it's risks

[QuasiSteve]

It's pretty easy to determine that a game does not need to capture your keystrokes, and if a cool tool to change the wall paper needs "access to your Google account" then there's obviously something odd going on.

Certainly, but even when setting aside that people ignore this all too easily because they simply want the shiny, your examples are obvious.

What if a chat app wants access to the internet, your contacts, and your phone?
Well the internet makes sense - can't very well expect an app that is intended for chatting to not have that connectivity.

Contacts also makes sense because in combination with the phone, it allows the app to send a text message if you have no internet connectivity or simply choose to use SMS instead of its internet-based chat functionality.

So you install the app, and the app sends all your text for datamining to China, all of your contacts to some company in Bulgaria, and sends a bunch of texts to expensive SMS service numbers.
Oh, and it also lets you chat with people, so as far as you know, it's doing exactly as advertised.

This is no different on any other platform, of course. It may have been different in the early days of the iPhone, but I rather doubt that they still check each and every app before making them available and instead rely on exactly what the article says.. accountability.. you only get away with malware once unless you also manage to fool Apple into allowing you a new account. But to the end-user(s), the damage is already done anyway.

Re:Freedom has it's risks

[jedidiah]

No. He was forced to upgrade his software and devices because of the restrictive nature of Apple products. Being told that you can either upgrade or lose access to your personal property is not a "choice", it's coercion.

Is this Covert Advertising for Apple's Ecosystem?

[dryriver]

Last time I checked, there were plenty of reports of malicious iOS apps clandestinely hoovering up your private data/contacts, and sending that bundle to the app's developers, who will use it for Lord-knows-what-nefarious-purpose. With this being the case, how can anyone possibly claim that iOS is "secure & malware free". The malware doesn't have to be a Trojan or Virus. It can also be a nasty little app that secretly sends your private data to a server somewhere that you don't even suspect exists. ----- I don't understand why Apple fans need to maintain a strange belief into the "infallibility" of Apple's ecosystem. Apple is plenty fallible in my humble opinion. And this is just another snide attempt to advertise the "Extra-Special-Specialness" of using Apple products.

Not a complete shock

[darkonc]

Most malware authors prefer anonymity. If we know who you are, you're not going to get much more than one shot at selling malware on our platform.

Time is precious

the competing Android platform strains under the wait of repeated malicious code outbreaks

Yeah, it's the waiting that I can't stand.

Apple Fanboi article

[Bysshe]

For some reason I doubt Boeing would build a super secure phone on a flawed platform. Neither platform is inherently more secure than the other.

Re:Apple Fanboi article

[Sponge+Bath]

I would not be so quick to label it Apple Fanboy.

FTA: "despite accounting for <strike>more than 40%</strike> 30% of the same market."

Seems like a jab at falling market share. I think the real motivation behind the article is inflammatory statements to get views.

A price I'm willing to pay?

[aoty]

Of course a walled garden is safer than the wild west. I bought into Apple's ecosystem for my phone, because reliability and stability are very important qualities to me for that type of device. And I haven't been disappointed with my choice. Where this approach suffers is with my newly acquired iPad. The iPad is quickly becoming my laptop replacement; I do way more with it than is practical with my phone. I've started to bump my head on the roof of Apple's iOS. The limitations can be irritating. I'd be willing to sacrifice a little safety for more options. Perhaps that will come with time.

Re:A price I'm willing to pay?

[cyber-vandal]

Yeh right because Apple want to lower their profits. You still won't be able to upgrade the storage either (unless you pay a lot of money for the crippled Apple solution or even more money for an 8GB flash add-on).

waiting for a clue

[1u3hr]

Slashdot: "the competing Android platform strains under the wait of repeated malicious code outbreaks."

From TFA: "the competing Android platform strains under the weight of repeated malicious code outbreaks"

It takes a determined idiot to make a spelling mistake when copying and pasting from a website.

Re:waiting for a clue

'Cept that if you read the comments in TFA, the original article had "wait" in it and was corrected.

This just in

[GameboyRMH]

Crushing authoritarianism leads to lower crime, worth the misery? Film at 11.

Re:This just in

[Lehk228]

There already is a secure and fairly libertarian phone out there, blackberry. You can only load signed RIM OS's however you can loa any signed RIM image compatable with your phone, there are betas in the wild to play with, and you can install apps from the browser or the PC software that comes with it. You also have a detailed list of what you will and will not allow. You can allow wifi and bluetooth but block mobile, you can allow SD card but block email and contacts

Re:This just in

[BasilBrush]

Reality check: it's a phone, not your life.

Re:But the Apple factor?

[flyneye]

Don't you remember being a lil kid? Anything you want to do is safe as long as you have someone to blame.
Accountablility=safety.
Oh a security breach! It's Norms fault, Fire him!
Problem solved, you're all safe now that Norm isn't coding for us anymore.
For Security, just think different.

Re:Is this Covert Advertising for Apple's Ecosyste

[Clsid]

Call it whatever you want, but we just got the first major malware outbreak in OS X recently after so many years. On the iPhone that is unheard of. Much as in the Windows world and the much hated Vista security system that kept asking you, do you want to do this, or allow that?, that security model is fail since regular users will start saying yes to everything and then end up with a problem. Call Apple what it is, an overpriced hardware/software company that likes to keep the lid closed, but as far as their products running trouble free in general, I will have to agree with the article. But hey, everybody is free to think whatever they want.

Re:iOS programmers are superior

[flyneye]

Telepathy= Salt flats
C.B. Radio= Nascar
Twitter= lemmings jogging

Re:But the Apple factor?

[wvmarle]

Being accountable does help keeping people honest. Knowing you will get away with taking a fistful of dollars from the cash register versus knowing that the management will realise that there is money missing from your cash register makes a big difference.

Security is all about layers. Accountability is just one of them, and it is an important one.

Re:"has kept Apple's iOS ecosystem free of viruses

[kthreadd]

Flashback is a trojan, not a virus. And it only affects OS X, not iOS. If someone knows of an actual virus for iOS (and for OS X too by the way) I'm very interested to know about it.

Re:Is this Covert Advertising for Apple's Ecosyste

[hot+soldering+iron]

I've told people for several years that Apple, Windows, and Linux are for totally different philosophies. Apple seems to be more for the creative content producers, that don't really want to know how the computer works, or play with it, they just want to focus on whatever it is that they want to do. They may pay a premium, and have a severely limited selection, but they are getting what they want. Windows seems to appeal to the largest percentage of the consumer market and industry. It's got everything under the sun available for it, and is fairly well locked down, but with some work you can dig into it and do some limited customizing.

You didn't think I was going to leave out Linux/Android, did you? My personal favorites, but I don't recommend them for everyone. They seem to appeal to the tinkerers and hackers, not afraid to get their fingers burned or let the magic smoke out. Linux does run most of the Internet though, and most smartphones, and a lot of tablets now, and Google and Yahoo! and Ebay, and 9 out of 10 financial institutions, and is embedded in most home routers and god-knows-what-all. Just not most desktops.

Rampant Fanboyism

[Thumper_SVX]

Wow... the last time I saw such rampant fanboyism is when I badmouthed the original iPad here on Slashdot on the day of release. Of course, every one of my comments was completely on the mark... and this from someone who still has an original iPad that gets used when I take business trips and almost no other time in my life. But I digress.

Seriously? I had to do a doubletake when I read the summary, and had to take a few more when I read the article. I have run an Android phone for over a year now and I am seriously happy with it. It's not failing under the "crushing weight of viruses" any more than my aging but still useful iPhone 3GS is (I use it as an iPod because I bought into the iTunes ecosystem years ago and it happens to integrate beautifully with my car). I install apps on both depending on my utilization and needs, and neither has been unduly burdened with malware. Of course, my Android phone actually tells me what an application wants to do while I install it, thus providing the knowledgeable user some modicum of security. And yes, every app I install I read those and make a decision whether the app is asking for appropriate rights or not. And yes, I've refused some apps because of it. Of course, I AM a knowledgeable user and that kind of security doesn't help Joe Schmoe with his free smartphone with a 2 year contract and no lube... but one of the central tenets of security is that people are the weakest link in any security chain and that will never change.

So far I've found my only complaint with Android is that it fails under the crushing weight of battery technology that can't cash the check the manufacturers of the device wrote. But at least with Android I can have a second battery hanging around that I can swap in at any time... can't do that with an iPhone unless you're a really determined hardware hacker. Yes, I can improve it slightly by turning off all my antennae but then I am running a dumb phone with games on it... I have a smartphone so it can be connected anywhere at any time. Of course, many of the apps I install probably don't help... but that's a choice I make. Because the charging port is completely standard I just took my charger and left it at work; I use my Kindle's charger at home to keep my phone charged at night because really... how often do I need my Kindle?

As a past and current iOS user (sometimes), AND an Android user I find the article FUD. Actually, can I mod it trollbait?

Re:Is this Covert Advertising for Apple's Ecosyste

[Nemyst]

Funny. Everybody I know of who runs Windows can be slotted in one of two categories:
-Runs the computer with a modicum of common sense. Doesn't click "free cat wallpaper" links on ihaxyou.com. Lets Windows run its updates.
-Does everything in his/her power to wreck the computer.

The few that are in the second category deserve to be hacked, really. It's like complaining that your car sucks because you didn't do your oil change for five years and used summer tires in winter.

Re:"has kept Apple's iOS ecosystem free of viruses

[Entrope]

That is a distinction that the study apparently did not make, because it talks about "malicious code" rather than viruses. In fact, most of the malicious apps that one hears about are spyware or trojans rather than viruses.

Re:But the Apple factor?

[Tore+S+B]

Actually, human beings are social animals, and accountability can actually worsen security if it weakens a perception of a bond of trust, which might very well be more effective. Accountability can be circumvented, expectations of honesty cannot. In terms of the cash register, keeping the balance is probably a good idea, but there are other situations and I just wanted to nuance this very American notion that interpersonal trust is equal to weakness.

Re:But the Apple factor?

[Cute+Fuzzy+Bunny]

I'm sure there will be plenty of hair splitting by the apple afficionado's but just about every app I load, whether ios or android, all wants access to data they dont need and many transfer stuff like my name, phone number and who knows what else. I've had quite a few that broke my device or gave it some real problems, again on both platforms. I call that malware. It steals my stuff (although I agree to the theft because if I didnt, I'd have no apps) and often eats my battery life or gives me operational problems requiring an uninstall and reboot.

Sure seems like badware to me!

a better method

[cas2000]

Here's a much better method for optimising security on your smartphone or tablet:

DON'T INSTALL WORTHLESS SHIT

Apple's App Store and Google's Marketplace make Sturgeon's Law seem like hopelessly naive pollyanna-ish optimism. They each may have a few hundred thousand apps, but less than one in ten thousand or so are worth even looking at, let alone installing.

Android Hijack

[backspaces]

Unfortunately, Android has been hijacked by the carriers and handset manufacturers. There is no "Android" phone any more, only handset manufacturers (who screw up Android) and the carriers (who have no regard for Android security). Consider ..

Much of the Android vs iDevice confusion is based on the new Mobile Market:
1 - Carrier: Verizon, ATT, etc
2 - Handset Mfgr: Apple, Samsung, etc
3 - OS: Android & iOS
Notice that Apple controls 2 out of 3. Google controls 0 out of 3.

Zero? WTF? Think about it. You get a Samsung phone (2). They "improve" Android, leaving you with a big unknown in terms of OS (3). Carrier: Apple imposes HUGE restrictions on the carriers .. they act as a middle man between the consumer and the carrier. Google, OTOH, has zero control over the carrier.

We may not like it, but Apple has huge advantage over the security of their devices.