An Insight into iOS and Android Mobile Device Security - Symantec's WhitePaper

Symantec published a new white paper detailing strengths and weaknesses about the security of the two industry's largest mobile operating systems: Apple's iOS and Google's Android.The whitepaper, outlines the best and worse practices both companies have taken while building and upgrading their mobile platforms.Apple's biggest strength lies in the rigid policy enforcement of the App […]

Symantec published a new white paper detailing strengths and weaknesses about the security of the two industry's largest mobile operating systems: Apple's iOS and Google's Android.

The whitepaper, outlines the best and worse practices both companies have taken while building and upgrading their mobile platforms.

Apple's biggest strength lies in the rigid policy enforcement of the App Store. By controlling every application installed on the device, Apple has made it extremely hard for malware to sneak onto users devices. And although Apple offers hardware-level encryption, the encryption key isn't protected by the user's defined password leaving it vulnerable to attack. In addition, iOS apps have access to areas like the calendar and video camera without user permission which could cause some concern over privacy.

Android's more permissive method of delivering apps leaves it potentially open to more attacks. Google has been very good so far in limiting and removing malware from the market itself and so far no major security instances have occurred to threaten a large number of users. Android's process of having the user explicitly approve app permissions means that users are more aware of what the apps have access to so that they can make a more informed decision about whether or not they want to install that app. However, Froyo and Gingerbread versions of Android don't have an option for encryption but it's available as an option in Honeycomb, albeit turned off by default.

The report also touches on other areas of concern, particularly jailbroken and rooted devices. Both methods allow the devices to potentially become more vulnerable as they can install unsigned and unofficial applications and operating system modifications.

We've embedded below complete report for online reading, and the offline version can be downloaded using the link under:

Download: Symantec Whitepaper