I don’t believe you’re arguing in good faith because you ignore my responses and keep repeating the same demands for data. Is there any data in the universe that could wobble your staunch view a little bit? What would that data look like? I digress.
I use both platforms daily. I’ve been working on smartphones since they’ve existed. I live and breathe them. Android has some great upsides, but security is definitely not one of them. Six years ago at a previous employer we had cardboard boxes full of completely bricked android phones from the Triada Trojan.[0]
I have never seen anything like that on an iPhone. I can’t even recall witnessing a bricked iPhone (sans hw failure), but I won’t deny the possibility.
You have conceded that iOS is worse for security, so now you want to argue about performance. Android has iOS beat there, too. Here is a midrange Android phone one generation older than the iPhone 6 beating it at the most common task for phone users — opening apps: https://youtu.be/hPhkPXVxI*
I’m not arguing performance for performance sake. I’m arguing that a four year phone is still performant compared to many newer Android phones and it is getting both* security updates and os upgrades 24 months and 12 months longer than the tiny percentage of Android phones that get either. It also doesn’t have to wait for a third party OEM to decide to push updates.
I’m also criticizing Google for not knowing how to push updates to phones running its operating system without OEM intervention - something Microsoft figured out 30 years ago with PCs.
But you don’t need to speculate how fast iOS users update their phones.
There are plenty of sites showing how many iOS users have updated operating systems compared to Android users:
What an incredibly weak argument. Android absolutely destroys iOS in market share, it's not even a comparison. That's why it's targeted by malware writers. That doesn't mean it's any less secure than iOS. You have to try very hard to infect your phone.
I'd pick being able to run whatever I want over Apples choice of apps any day.
I regret the flame bait in my previous post. I think both platforms have their drawbacks. But I still disagree that Android can be considered more secure. Apple is good at rolling out security updates to all devices as soon as a security vulnerability happens - that doesn't, and can't happen on Android due to fragmentation and reliance on OEMs. Hence my Win95 comment, which had a similar problem.
How is android any better? Anecdotally I’ve seen more compromised android devices than iPhones. It appears to me Apple has defaults, at least now, that protect the privacy of the user. Additionally the ecosystem is less littered with apps that can take over the whole OS. My mother’s phone is always getting compromised by malware or apps that inject ads.
1. Are there any statistics showing the ratio of security issues between Android and iOS?
2. What's the most common phone among security researchers?
To be honest, I'm wary of believing this, but I own a Nexus and if I had to give the benefit of the doubt to either Google or Apple, it would most certainly be Apple because they don't make business out of my data (or, not as much as Google, at least).
historically iphones have been better in terms of security. but the landscape has shifted since recent releases. Android security has come a long way. The problem is still that Android can't be compared with iphones due to fragmentation. The fragmentation has an unintended positive side-effect to offsec which is your Android exploits don't scale as well as for iphones due to monoculture.
edit: another thing that rubs me the wrong way about Apple recently is their stubborn stance against any outsider who might offer iOS introspection capabilities. this raises the bar for security researchers but is counterproductive to iOS security.
They absolutely do. Android is known to be a security nightmare. That means a bad reputation, which also means less sales. I hate Apple and their products, but if someone said that they got an iPhone because it's more secure than Android, I can't really argue that they are wrong.
It used to be the case that iphones were way ahead of security in android. With the efforts that have gone into improving things in the last few years and Google stepping up the quality of their hardware security with their Pixel lines that is no longer the case.
iPhones also have nasty (sometimes unpatchable) vulns. Android gets ever stronger protections against malicious apps, doesnt rely so much on Malware being screened from the store (malware regularly gets through onto both Play Store and Apples App Store)
You're getting downvotes for your "LA, LA, LA I'm not listening" attitude. Android and iOS have many very different advantages and disadvantages over each other, but security on iOS is very clearly vastly superior and this has been confirmed repeatedly by top security researchers. Trying to pretend that's not true or pick and choose 'whataboutist' issues and pretend that's all that matters to make false equivalences is really going to wind people up. The expected level of discourse here is quite a bit beyond that.
I don't believe even for a second that Android devices are any more secure than iPhones. And I use an android phone. But let's be honest - with dozens of manufacturers there isn't a single one who dedicated the same amount of work to securing their devices or engineering things like the secure enclave in iPhones. I use a Sony phone but I'm sure Sony wouldn't have the guts to stand up to FBI, or that FBI would even need to ask - the hardware is most definitely not on the same level of polish as Apple's.
Android's system security design is inferior to that of iOS.
But, iOS's superiority (a) derives in significant part from Apple's total control over the hardware platform†, and (b) comes at the cost of a lot of user control tradeoffs that nerds like us tend to hate.
Really, to suggest that Android's security is at parity with Apple's, you'd have to be arguing that Apple does a terrible job at exploiting their inherent advantages of control over hardware and control over what's allowed to run on the platform. Apple does not do a terrible job at those things.
† Yes, Google controls some of their hardware, but they have an ongoing support requirement for a lot of hardware they have no control over at all, and will have that requirement forever, which limits their options.
Android's hardware is extremely fractured with the majority of the devices sold being cheap and missing the good features, including hardware security.
Apple's phones are more homogeneous. Certainly a larger percentage of Apple users have a Secure Enclave than Android users do.
I'm not defending Android. I'm just pointing out the platform you consider more stable and secure is likely only so if you are concerned with certain threat vectors more than others.
I suspect most privacy problems come down to the apps on the users device for both platforms, but in terms of security Android is worse overall because of the abysmal rate of updates, and lack of widespread backing store encryption. That leaves a lot of Android devices open to shady apps and data loss after theft.
Both platforms can always do better of course, and should learn from each other. But to pretend device security hasn't been a genuine focus for Apple is blinkered.
- Worried about Google? Android is bad. Google collects your data.
- Worried about the government? Since Google must obey warrants for your data, Android is bad.
- Worried about malicious third parties? Since Google has failed to patch even the Pixel line for KRACK until the December update... yeah, Android is bad. And malware through the Play Store that hits large numbers of devices is quite common.
To be clear: I greatly dislike iPhones. But Apple controls their store with a quality approval methodology, they patch all of the devices on their platform promptly going back a number of years, their business model is not built around data mining, and their privacy features have frustrated and irritated the government.
I dislike the iPhone, but if you want privacy and security, you should get an iPhone.
You have to be very specific about what Android phones you're talking about, and I'm the wrong person to debate Android security with. I have friends who work on Android platform security and I am very hesitant to cast aspersions on the Android security effort as a whole. But my advice for people who really care about security is: get an iPhone.
We don't really have a reliable measure of how many attacks are happening on Android and iOS, though. Unlike with a PC, users are much more likely to attribute malware-related problems to 'my phone is just old, I need a new one'. I would attribute this to a mixture of phone commodification (iPhone's appear to be pretty cheap thanks to subsidy plans) and the effects of cloud infrastructure. Users have basically nothing to lose by swapping out phone hardware, because what'll you do, ransom their contact list?
I use both platforms daily. I’ve been working on smartphones since they’ve existed. I live and breathe them. Android has some great upsides, but security is definitely not one of them. Six years ago at a previous employer we had cardboard boxes full of completely bricked android phones from the Triada Trojan.[0] I have never seen anything like that on an iPhone. I can’t even recall witnessing a bricked iPhone (sans hw failure), but I won’t deny the possibility.
[0]https://www.google.com/amp/s/usa.kaspersky.com/blog/triada-t...
Just a cursory search shows things haven’t improved much since:
https://news.ycombinator.com/item?id=32154294
https://news.ycombinator.com/item?id=32084635
https://news.ycombinator.com/item?id=23027184
reply