When I talk to security experts, I find that one issue really bugs most of them – people who still think that Apple products are immune to hacks, malware and other threats. I think the security awareness among iPhone users has improved a lot over the past year or two, but I know some deniers are still out there (I’m friends with some of them). But to be fair, a lot of people I know just shrug off security on their Android devices, too.
Maybe the June Marble Labs Mobile Threat Report will convince the most stubborn users out there. The report compares vulnerabilities between Android and iOS platforms, and what it found is that it doesn’t really matter which operating system you choose because both are about equal when it comes to threats. Also, the report adds, when used for BYOD, the risks that iOS and Android present to a company are the same:
Many security professionals focus on the operating system or app store protections of these mobile platforms without recognizing that both mobile platforms pose many of the same dangerous risks to an enterprise with BYOD programs and access to corporate networks, email and cloud services.
Many of those risks come via the apps that are downloaded onto the device. Android is well-known for app vulnerabilities. In fact, as I’ve been writing this blog post, I got an email about a serious security problem found in Google Play. In this particular problem, developers are storing secret keys in their apps software, which can then be used by anyone to maliciously steal user data or resources from service providers such as Amazon and Facebook. In that email, Prakash Panjwani, SVP and General Manager, Data Protection with SafeNet told me:
This is the IT security equivalent of leaving house keys under the doormat. Instead, organizations should leverage purpose-built key management platforms that allow users to store and manage keys in hardware, where they are more protected and controlled.
However, iOS has its app problems too, as The Wall Street Journal’s Market Watch stated:
Another key finding based on the analysis of 1.2 million iOS and Android apps is that gaming and news apps on iOS devices present significantly greater mobile security risks than other app categories on that platform.
According to the report, the iOS game apps can hold information that could do a lot of damage:
This data can include contact information, which if connected to corporate Active Directory, can be the entire database of all employees. It may also be device information, user location and authentication credentials.
I recommend this report as required reading for anyone who supervises BYOD or anyone who is still sure that iOS doesn’t present security threats like the ones Androids are known for. The report is a real eye opener for iOS users.