On February 1st 2023 the National Telecommunications and Information Administration published a report on the competition in the mobile industry. The report itself states how “Mobile apps have become an essential tool for participation in much of daily life” and, in the attempt to assess the market states, it also provides an overview of the security checks that both Apple and Google (owner of Android) run before allowing the app to be sold on their stores.
The report analyses the fact that sometimes security is used “pretextually to justify anticompetitive behaviors” and concludes that, while “Apple and Google are the primary gatekeepers for apps,” it is also true that consumers can benefit from stores and devices that implement “privacy by design out of the box.” In other words, for better or worse, the security measures that Apple and Google implement in their stores created two tightly controlled environments with pros and cons that users have to choose between.
Which of the two ecosystems is the best and implements the best security features to protect you is the question that we will try to solve in this article.
App marketplace comparison
On February 1st 2023 a report from Sophos too was released. This report was about the infiltration of scammer apps on the App Store and Google Play Store. It would seem that, despite the malware scan on the app that both app stores execute on every app submitted, these apps managed to divulge the CryptoRom malware.
It is not the first time that either store is a victim of a cyber security breach, despite the fact that both have a remarkable security record considering that millions of apps have been uploaded for selling in the past 15 years. The App Store, launched by Apple in July 2008, and The Play Store, launched by Google in October 2008, sell through their stores e-books, music, video, and all types of digital content that can be used on smartphones.
The fact that both stores fell victim to security breaches more than once does not mean that they are not secure as they both run very thorough reviews of the apps once they are uploaded, and every time they are updated.
Apple’s App Store reviews every app and every update submitted based on technical, content, and design criteria. It also checks whether data is collected and used following industry-standard security practices.
On the other hand, Google Play Store uses Google Play Protect, which checks apps before you download them and scans your device regularly for potentially harmful apps and behaviors originating from Play Store apps and apps installed from other sources. It warns you about any detected risks and removes known harmful apps from your device.
Both stores use industry-standard techniques to perform their checks, and when a security breach affects one store, it usually affects the other. Also, it is worth noting that Play Store runs on Android devices on the side of other stores, such as the Samsung App Store or the Xiaomi Mi Store.
It can be hard to determine which of the two ecosystems, iOS and Android, offer a safer experience in their store. Yet, while iOS has a tighter grip and total control over the apps running on its devices, Android devices can benefit from the additional security offered by Play Protect.
In order to understand which ecosystem is better, we should have a broader overview of how the Operative Systems are managed.
Operative System Security Comparison
Apple’s iOS and Google’s Android have very different approaches to their operating systems.
On one side iOS has a closed-source operating system. This means that only Apple is capable of making modifications to it and only Apple can issue new system releases. On the other side, Android has an open-source operating system, meaning that other entities are able to customize the Operative System and release their own version.
From a security perspective, Apple’s App store has an edge. While open-source systems are not necessarily preferable, as they are reviewed and tested by the system’s community, in the particular confrontation of Android vs iOS, the fact that Android has various different versions used by millions of users, makes it harder to track and solve bugs.
As a problem affecting an android based Samsung phone won’t necessarily affect a Google Pixel phone, it is harder to keep consistent the effort put into making Android a more secure environment overall.
This includes security patch and updates that Apple releases regularly for its iOS devices, while Android updates rollout depend on the device manufacturer.
These last entities, device manufacturers, are also responsible for hardware-level security, the last ground of confrontation for this contest.
Hardware-level security Comparison
As per the Operative System, Apple controls both the hardware and software of its devices, making it so that hardware-level security features, such as Touch ID and Face ID, are immediately available on all devices of the same generation.
Android devices, on the other hand, have a wide range of manufacturers, making it difficult to ensure consistent security features on all the hardware running them.
Conclusions
Following this confrontation, we can draw some conclusions. The fact that iOS does not allow for unreviewed apps to be installed, and Apple’s tighter control over OS and Hardware level security patches and features, make iOS an ecosystem less prone to cyber security breaches compared to Android.
However, this does not render iOS immune to cyberattacks. Both systems have their strengths and weaknesses, and users must be aware of the potential risks to take the correct precautions.
