Close X
Log In
If you are not a member,
register now
Email
Password
Forgot Your Password?
New User? Register now
to gain member-only access to all of IT World Canada's premium content & community portals.
Log in for Full Access |
Log In
|
Subscribe Now!
Follow
IT World Canada
Knowledge Centres
Community
Publications
Events
Services
Media
Communications Infrastructure
•
Carriers and Cellular
•
Networking
•
Voice, Data, and IP
Security
•
Alerts, Patches and Fixes
•
Disaster Recovery
•
Hacking and Viruses
Enterprise Business Applications
•
Business Intelligence
•
Enterprise Resource Planning
•
Open Source and Linux
Enterprise Infrastructure
•
Data Centre
•
Servers and Mainframes
•
Virtualization
Government
•
Case Studies and Best Practices
•
Collaboration
•
Policy
Leadership
•
Budgeting / IT Alignment
•
Industry News
•
Issues for CIOs
Information Architecture
•
Data Warehousing
•
Databases
•
Messaging and Collaboration
Integrating IT
•
Development Environments
•
Middleware - Utilities
•
Project Management
Green IT
•
E-Waste and Recycling
•
Green thinking
IT Workplace
•
Careers and the Job Market
•
Consulting and Contracting
•
Human Resources Issues
•
Women in IT
Departmental and End User Computing
•
Future Technology
•
Help Desk and End-User Support
•
Mobile Applications
Featured Blogs
•
All things Android
•
Enterprise Insights
•
Network World
•
Industry Watch
•
CDN Varbose
Computing Canada Blogs
•
World Wide Webb
•
Blogosphere
•
Techbuzz
Wikis
•
IT job Descriptions
Most Recent
All IT World Blogs
Click Here to Subscribe Now!
Job and Career Resources
•
Canadian IT Jobs
•
IT Sales Jobs
•
Salary Calculator
Knowledge Services
•
CDN ProFIT - Turnkey Marketing solutions
•
Visability
Subscribe Now- Register
Content
•
Slide Shows
•
Videos
•
White Papers
•
Webinars
Social
Facebook:
facebook.com/ITWorldCa
Twitter:
@itworldca
Linkedin:
IT World Canada Live
YouTube:
ITWorldCanada
More
brands and Accounts
Digital Media
•
Media Guide
•
Digital Publications Media Guide
•
Latest Digital Editions
Hot Topics:
backup
•
cloud-computing
•
bring your own device
•
virtualization
•
Web browsers
•
security strategies
•
Cisco
•
MDM
•
Search
SHARE
Home
>>
Departmental and End User Computing
Symantec compares iOS and Android security
By:
Mikael Ricknas
On:
28 Jun 2011
For:
IDG News Service (Stockholm Bureau)
Tweet
Apple's iOS wins in most categories, but neither offers protection against phishing. According to Symantec, possible weaknesses in iOS include its encryption
Apple Inc.'s
iOS
and Google Inc.'s
Android
smart phone platforms are more secure than traditional desktop-based operating systems, but are still susceptible to many existing categories of attacks, according to
a 23-page report from security software vendor Symantec Corp.
The good news is that Apple and Google designed their respective operating systems with security in mind. But keeping up with a constantly changing threat landscape is difficult. In the report, "A window into mobile device security," Symantec evaluated the two operating systems for how they stood up to Web-based and network-based attacks, social engineering attacks, attacks on the integrity of the device's data, and malware.
Users of both Android and iOS smart phones and tablets regularly synchronize their devices with cloud services and with their home desktop computers. This can potentially expose sensitive enterprise data to systems outside the control of the enterprise, according to Symantec.
When it comes to protecting against traditional malware, Apple's certification of applications and developers protects users, according to Symantec. On the other hand, Google's less rigorous certification mode has arguably led to today's increasing volume of Android-specific malware, the company said. Earlier this month Google
had to remove yet more malware-infected apps offered in its Android Market.
Google's more open approach has been one of the reasons for its success, according to Ben Wood, director of research at CCS Insight. It has helped Google to quickly increase the number of available applications. So far, the offending apps haven't had a major affect on users, but user sentiment could change quickly if they are hit by more severe attacks, Wood said.
As has been pointed out by security experts in the past, Android's reliance upon the user to grant a set of permissions is a weak link. A majority of users are simply not technically equipped to make these security decisions. In contrast, Apple's iOS platform simply denies access, under all circumstances, to many of the device's more sensitive subsystems, according to Symantec. On Android, a malicious app simply requests the set of permissions it needs to operate, and in most cases, users happily grant these permissions.
On the plus side, Google does require that developers pay a fee and register with the company to be able to distribute their apps via the official Android App Marketplace, Symantec said.
Possible weaknesses in iOS include its encryption, according to Symantec. The majority of the data is encrypted in such a manner that it can be decrypted without the need for the user to input the device's master passcode. This means that an attacker with physical access to an iOS device can potentially read most of the device's data without knowing the passcode, Symantec said. In February, researchers in Germany showed
how they could do this in six minutes
on an iPhone running iOS 4.2.1, Symantec warned.
Also, attacks against specific applications like the iOS Web browser, while being self-contained and blocked from impacting other apps, can still cause significant harm to a device.
Android recently began offering built-in encryption in Android 3.0. However, earlier versions of Android, which are running on virtually all mobile phones in the field, contain no encryption capability.
So far, security researchers have uncovered about 200 different vulnerabilities in various versions of iOS. But the vast majority of these vulnerabilities have been of a lower severity. To date, all but four of the 18 vulnerabilities on Android have been patched by Google. One has been fixed in version 2.3, but it has not been fixed for prior versions of the operating system. For example, the recent Android.Rootcager, also known as Android.DroidDream, and Android.Bgserv threats both leveraged this vulnerability to obtain administrator-level control, according to Symantec.
Symantec also has a word of warning for users with jailbroken smartphones. They are an attractive target for attackers since they are every bit as vulnerable as traditional PCs, it said.
Symantec concluded that iOS offers better access control, application provenance and encryption. Google's Android offers better application isolation, and the permission-based access control category is a tie, according to Symantec. Apple also offers better protection against malware attacks, service attacks, data loss and data integrity attacks. Both offer full protection against Web attacks, and no protection technologies to address social engineering attacks such as phishing or spam.
Security on smart phones is a growing challenge that vendors need to address, according to Wood. Large-scale attacks can end up having a detrimental effect on smart phone popularity, he said.
Sign up for our
Newsletters
Tags:
security strategies
,
Symantec
Tweet
Close X
Your Name:
Your E-mail:
Friend's Name:
Friend's E-mail:
Close X
|
Views:
2619 |
Rating:
(0 votes)
Rate this article on a scale of
1 to 5 stars,5 being the best.
Close X
Page
1
Quick Access
Video Conferencing
Cloud Computing Resource Centre
CIO Canada's Brainstorm Centre
CIO Canada Debate
IdeaCity Conference June 18-20 - Toronto
Mikael Ricknas
is a contributor to the International Data Group (IDG) News Service, which publishes global technology stories from bureaus around the world to more than 300 publications in more than 60 countries.
Recent Canadian IT Jobs
more:
IT Jobs
,
Post A Job
Related Content
5 Technology Security Myths, Busted
If you think virus writers ignore Apple Inc.'s platform or that free anti-virus programs are useless, think again. Find out about wireless device security and how safe the Firefox browser really is
The Demo: Madeover Internet and AV security
Symantec Corp. says its Norton Internet Security 2009 and Norton AntiVirus 2009 comes with 300 changes, including a new underlying architecture
Hacker attacks getting more targeted and subtle, says report
Corporate IT managers should re-double efforts to guard against targeted attacks, which will increase in scope and subtlety this year, according to security experts.
Cyber crooks getting cleverer
by joaquim p. menezes - several years ago, john roese – when he was chief technology officer of enterasys networks (he’s now cto of nortel) comme
Please enable JavaScript to view the
comments powered by Disqus.
blog comments powered by
Disqus
Related Videos
Cloud Computing: Extending the Network (3 of 3)
Cloud Computing: Extending the Network (3 of 3)
-
The end goals of private cloud computing are to; Enable efficient delivery of IT resources and services; Give the enterprise complete control over data; Enable choice in technologies and service providers
Cloud Computing: Getting to One Network (1 of 3)
Cloud Computing: Getting to One Network (1 of 3)
-
In this first video of the series, the team will take you through how to consolidate the different types of traffic onto a single, general-purpose, high-performance, highly available network that greatly simplifies the network infrastructure and redu
Cloud Computing: The Unified Compute Model (2 of 3)
Cloud Computing: The Unified Compute Model (2 of 3)
-
In this second video, the team will look at how to unite computing, networking, storage access, and virtualization into a single cohesive system. The Unified Compute model prepares you for cloud computing. This will be discussed in the next and fin
Frankly Speaking - Cloud Computing
Frankly Speaking - Cloud Computing
-
IT World Canada's John Pickett and IBM Canada's Richard McDonald discuss why organizations should care about cloud computing, what benefits it can yield and risk issues concerning security and resilience.
2008 CDN Top 100 Event Overview
2008 CDN Top 100 Event Overview
-
Every year CDBN and Partner Research Corp. rank Canada's Top 100 Solution Providers in the IT channel. Watch highlights of this years event.
more from the:
Video Library
Computing Canada Poll
What topic would you like to see covered in the next issue?
Read the Computing Canada articles you made happen.
•
Democratizing Business Continuity
•
Agility and efficiency through virtual switching
* Sponsored by Microsoft
Most Popular
Articles
Most Viewed
Most Emailed
Top Rated
Most Viewed
Most Emailed
Top Rated
Dell board wants more details on Icahn bid
By: Nestor E. Arellano (13 May 2013)
Dell Inc.’s board of directors wants more information on investor Car Icahn and Southeastern Asset Management’s $21 billion cash offer for ...
BlackBerry is on a roll
By: Howard Solomon (14 May 2013)
ORLANDO – Research In Motion officially opens its annual BlackBerry conference here today on a roll with the launch of a new keyboard-equipped s ...
Adobe’s subscription-only plan meets backlash
By: Nestor E. Arellano (10 May 2013)
Thousands of users of Adobe Systems Inc.’s software are taking to the Internet their displeasure over the company’s decision to adopt a su ...
Fairmont Raffles uses analytics to boost profits
By: Jeff Jedras (10 May 2013)
SAN FRANCISCO – As Fairmont Raffles’ executive director of customer relationship marketing, Andrea Johnson is helping to lead the charge a ...
New platform from Canadian wireless equipment maker
By: Howard Solomon (21 May 2013)
A Canadian maker of wireless backhaul networks for enterprises and telecom operators has created a new hardware and software platform which it says ca ...
Veeam adds acceleration to backup
By: Howard Solomon (5/24/2013 1:53:00 PM)
Many vendors say the latest version of their application gives the solution a boost, but Veeam Software makes it a literal promise. That’ ...
Tired of hackers? Fight back, says U.S. group
By: Howard Solomon (5/24/2013 10:21:00 AM)
The best defence is a good offence, goes a saying. That's what a private group in the U.S. recommended this week out of frustration with hack ...
WebRTC: Disruptive or oversold?
By: Howard Solomon (5/24/2013 9:58:00 AM)
The latest disruptive technology said to be greater than sliced bread may be right in front of your nose. It’s called WebRTC, a Javascript app ...
Wind Mobile financier back in Canada
By: Howard Solomon (5/24/2013 9:22:00 AM)
Manitoba Telecom Services is getting out of the national business market in a deal that might end up re-invigorating wireless carrier Wind ...
Edmonton agrees to expand Shaw Wi-Fi network
By: Howard Solomon (5/23/2013 3:43:00 PM)
Edmonton’s city council has agreed to allow Shaw Communication’s Wi-Fi network to expand to municipally-owned areas across the city. ...
Think internationally, Kobo CEO says
By: Dave Webb (16 May 2013)
It's important for Canadian digital media companies to think big -- think internationally -- right out of the box, Michael Serbinis, co-founder of Can ...
BlackBerry is on a roll
By: Howard Solomon (14 May 2013)
ORLANDO – Research In Motion officially opens its annual BlackBerry conference here today on a roll with the launch of a new keyboard-equipped s ...
No fee for Windows Blue update: Analysts
By: Nestor E. Arellano (13 May 2013)
Microsoft Corp. will likely not charge Windows 8 users for the operating system's upgrade codenamed “Blue,” according to technology indust ...
Pirate Bay co-founder to run for EU parliament
By: Nestor E. Arellano (15 May 2013)
Peter Sunde, co-founder of the file sharing site Pirate Bay, says he plans to run for the European Parliament in 2014 under the banner of the Finnish ...
Related White Papers
DNSSEC: The Antidote to DNS Cache Poisoning and Other DNS Attacks
-
DNS in the Wild: Bad Things Can Happen – Click here to read!
WebSphere Application Accelerator for Public Networks
-
IBM and Akami have partnered to develop WebSphere Application Accelerator for Public Networks to accelerate web application delivery.
Unified Communications matters to enterprise success
-
Your mobile workforce, business processes and interactions across the wide world of social media demand a UC strategy. This isn’t a plug-and-play proposition, but rather a far-sighted enterprise vision that requires expertise that stretches wide and deep.
Manufacturer Simplifies Security Across All Platforms
-
B.C. based manufacturer simplifies security, eliminates admin and better fights threats. Learn more here.
A Model for Success: Business Value of Integrated Communications Solutions
-
An IDC white paper that outlines a model to assist organizations in assessing how well they are maximizing the potential business value of integrated communications solutions. The model is based on a major research project conducted by IDC Canada in 2006, which includes qualitative interviews, a quantitative survey and detailed analysis. The Business Value of Integrated Communications (BVIC) model is designed to be a practical tool to optimize decisions. Free with registration, compliments of Telus.
more:
White Papers
Close X