Is Android less secure than iPhone? Um, no.
- 14 January, 2011 11:04
One can only hope that security software provider Trend Micro saw a nice sales boost after the proclamation of its chairman earlier this week that Android phones are more vulnerable to hacking than iPhones are. If it didn't, those blatantly self-serving statements were made for nothing.
After all, they're certainly not true. Not only that, but they were made immediately after the company launched its brand-new security software for Android. There's no way that was a coincidence.
The statements were, however, a classic example of the FUD that's so often resorted to by companies that earn their bread by instilling fear in the hearts of computer users. Microsoft's recent anti-OpenOffice.org campaign was one example of such fear tactics used for profit; now, Trend Micro's little threat is another. Who needs enemies when you've got "friends" like these, working to steer you away from free and open source software and toward their expensive products?
Lest anyone get fooled by the dramatic headlines, let's take a cold, rational look at Android vs. iPhone security.
'Security Through Obscurity'
"Android is open source, which means the hacker can also understand the underlying architecture and source code," is what Trend Micro's Steve Chang originally told Bloomberg Businessweek.
Basically, what he's doing there is falling back upon the tired old argument--highly popular among closed-source vendors and those that make a living off of their products--that open source software's openness makes it less secure. It's called the old "security through obscurity" claim, and those of us who have been watching this industry for more than a few minutes know it well.
"If hackers can't see the code," the old argument goes, "then it's harder for them to create exploits for it."
The reality, however, is that it just doesn't work that way--as evidenced by the ever-increasing parade of (often incomplete) patches coming out of Redmond. First, even developers for Windows or the iPhone, say, have to understand the underlying architecture in order to create their applications. It's by no means a Big Secret.
A Misplaced Trust
Second, no closed-source company's limited set of developers--each of which is bound to have its own timetable and agenda--can possibly do a better job of finding and eliminating vulnerabilities than the worldwide mass of developers and users, which is who's at work 24/7 for open source software's security.
Zooming in more specifically on Android, the software draws many security advantages from the Linux operating system that underlies it. Much the way Linux users are not typically given the "root," or administrator, privileges that would be required in order for a virus to do widespread harm, so Android apps are isolated in separate "silos," unable by default to read or write data or code to other applications.
With Android, users are explicitly asked for permissions right up front, when the app is installed. On the iPhone, users can only blindly trust Apple to keep things secure for them--a trust that seems misplaced at best given the threats that have slipped into Apple's "walled garden" anyway.
'Most Vulnerable' of 2010
Then, too, there's the data.
Security research firm Lookout, for example, recently reported through its App Genome Project that Android applications are more secure than iPhone apps are because they're less likely to be capable of accessing a user's contact list or retrieving their location. It also found that nearly twice as many free iPhone apps can access the user's contact data.
Security firm Secunia, meanwhile, declared that Apple products now have more security vulnerabilities than any others--including even Microsoft's. Apple, in fact, topped Secunia's ranking of the top 10 vendors with the most vulnerabilities in 2010.
Even more recently, researcher McAfee fingered Apple products as growing targets for malware this year.
Would companies far and wide be placing increasing trust in open source applications, and would this country's Departments of Defense and Homeland Security be among the U.S. government's biggest users of open source technology, if openness made technology less secure? I don't think so.
It was a nice try, Trend Micro--all's fair in love and marketing, right? But next time, it might be a good idea to pay attention to the facts, too.
Follow Katherine Noyes on Twitter: @Noyesk.
Join the Computerworld Australia group on Linkedin. The group is open to IT Directors, IT Managers, Infrastructure Managers, Network Managers, Security Managers, Communications Managers.
- iPhone Safer from Hackers than Android - PCWorld
- Fear, uncertainty and doubt - Wikipedia, the free encyclopedia
- Why Is Microsoft So Scared of OpenOffice? - PCWorld Business Center
- Android's Openness Doesn't Mean It's Less Secure - PCWorld Business Center
- Why Linux Is More Secure Than Windows - PCWorld Business Center
- Patch Tuesday Defined by Flaws That Aren't Fixed - PCWorld Business Center
- Why Android App Security Is Better Than for the iPhone - PCWorld Business Center
- JailbreakMe Exploits Serious iPhone Security Flaw - PCWorld Business Center
- The Official Lookout Blog : Introducing the App Genome Project
- Apple No Longer Flying under the Security Radar - PCWorld Business Center
- Linux Is on the Rise For Business - PCWorld Business Center
- Open Source for America Publishes Federal Open Technology Report Card; Rates Agencies on Open Government and Use of Open Technologies
- Forrester Research: Total Economic Impact Of The Management Suite
- Embracing Behaviour-Based Pricing Models
- CMO's Customer Engagement in a Multi-Channel Marketing World
- Cloud-Based Mobile Device Security Streamlines Data Protection
- ‘A Little Extra Service’ Raises Customer Satisfaction and Lowers Costs
Should Australian businesses fear US cloud vendors?
If you haven't retired Windows XP and haven't been fired yet, get busy
Apple dominates 64-bit mobile chips as Android rivals lag
TPG's FTTB plan could upset NBN: Switkowski
TPG's FTTB plan could upset NBN: Switkowski