Android's hardware is extremely fractured with the majority of the devices sold being cheap and missing the good features, including hardware security.
Apple's phones are more homogeneous. Certainly a larger percentage of Apple users have a Secure Enclave than Android users do.
Apple's iOS is way more secure than Android in several aspects. The best example is their 5 years of guaranteed security (and features!) updates, versus 2-3 tops in Android (even <1 with Chinese cheap brands than are very common in Europe, such as Xiaomi).
I suspect most privacy problems come down to the apps on the users device for both platforms, but in terms of security Android is worse overall because of the abysmal rate of updates, and lack of widespread backing store encryption. That leaves a lot of Android devices open to shady apps and data loss after theft.
Both platforms can always do better of course, and should learn from each other. But to pretend device security hasn't been a genuine focus for Apple is blinkered.
historically iphones have been better in terms of security. but the landscape has shifted since recent releases. Android security has come a long way. The problem is still that Android can't be compared with iphones due to fragmentation. The fragmentation has an unintended positive side-effect to offsec which is your Android exploits don't scale as well as for iphones due to monoculture.
edit: another thing that rubs me the wrong way about Apple recently is their stubborn stance against any outsider who might offer iOS introspection capabilities. this raises the bar for security researchers but is counterproductive to iOS security.
Android's system security design is inferior to that of iOS.
But, iOS's superiority (a) derives in significant part from Apple's total control over the hardware platform†, and (b) comes at the cost of a lot of user control tradeoffs that nerds like us tend to hate.
Really, to suggest that Android's security is at parity with Apple's, you'd have to be arguing that Apple does a terrible job at exploiting their inherent advantages of control over hardware and control over what's allowed to run on the platform. Apple does not do a terrible job at those things.
† Yes, Google controls some of their hardware, but they have an ongoing support requirement for a lot of hardware they have no control over at all, and will have that requirement forever, which limits their options.
iOS seems to be more privacy oriented (for the western market, where the government does not yet have the power to force them to comply) by default, while android needs more work put in. If you did as much as you could to secure both I'd agree with you that android is more secure.
Apple has many of the same issues, and uses a huge amount of bug-riddled open source. The big difference between Android and iOS is that iOS, which is the same on every platform it runs, is locked down to a far greater extent than Android is. This is a good thing for security and a bad thing for end-user control; Google and Apple just took two different tradeoffs here.
Functionally, iOS is a much more secure platform. Far more people are updated to the latest iOS version, which makes a huge difference. Apple invests tons of money into secure biometrics, privacy initiatives, and lots more.
At the same time, Android might still have fewer vulnerabilities in the latest versions. It's possible that Android's security technology or coding practices result in fewer security bugs. I don't think that Android has any attack surface equivalent to iMessage (which is written in Objective-C and uses some fairly low-level techniques, if I remember correctly).
A lot fewer people use the latest version of Android, though, so most of that effort goes to waste.
An android is famously more secure and suffers from less malwares / viruses / ... than iOS due to custom ROM, sideloading etc being available on the device.
How is android any better? Anecdotally I’ve seen more compromised android devices than iPhones. It appears to me Apple has defaults, at least now, that protect the privacy of the user. Additionally the ecosystem is less littered with apps that can take over the whole OS. My mother’s phone is always getting compromised by malware or apps that inject ads.
You have to be very specific about what Android phones you're talking about, and I'm the wrong person to debate Android security with. I have friends who work on Android platform security and I am very hesitant to cast aspersions on the Android security effort as a whole. But my advice for people who really care about security is: get an iPhone.
They absolutely do. Android is known to be a security nightmare. That means a bad reputation, which also means less sales. I hate Apple and their products, but if someone said that they got an iPhone because it's more secure than Android, I can't really argue that they are wrong.
The non-US world overwhelmingly uses Android more than iOS, and yet everyone's personal security has not crumbled into dust. I will absolutely agree that Android's security posture (both in the OS itself and its app ecosystem) is worse than Apple's, but that doesn't seem to make all that much of a practical difference, does it?
Oh, no question about Android being more secure from bad actors - there are most likely multiple parties that could be problematic (Google, device manufacturer, baseband manufacturer, network operator, etc.) while with Apple its just a single such entity.
What I meant is that on Android There is less being done to actively prevent their usage as a self hosting workstation (though some recent "security" changes communig from Google related to running code that does not come from an installed APK might be a reversal of that trend).
Apple's phones are more homogeneous. Certainly a larger percentage of Apple users have a Secure Enclave than Android users do.
reply