Security on most consumer-oriented mobile devices hasn't been a top priority. Instead, gee-whiz features take precedence. After all, how many consumers have security even on their list when buying a phone or tablet? Not many. Unfortunately, many PC buyers don't either, which is why there are so many unprotected computers online right now that are happy to work for their zombie overlords in sending out spam or spreading malware.
That hasn't stopped Apple from bringing security to the forefront in its iOS platform used on the iPhone and iPad. Apple has done such a good job that not only has it bested the smartphone competition, it may have also bested desktop platforms like Windows 7 and OS X.
InfoWorld has done an analysis of what Apple has done to secure the iOS platform. As the article notes, iOS wasn't always like this. When launched, the browser ran as root, which is a definite no-no. Its security was a joke back then. No more.
There were four key areas that Apple focused on:
-- All programs are sand boxed.
-- Apple controls every app in the App Store and can remove an app from a user's device if it is later found to be a security threat.
-- Apple isn't shy about releasing patches on a regular basis. When is the last time you got a patch for an Android phone?
-- The OS and accompanying software is regularly reviewed, both internal code and open source code.
It also has a bit of "security by obscurity" going on. Not that the iPhone is obscure, but it is difficult to target the devices directly. Smartphones pop on the network and then drop off as people switch from 3G to Wi-Fi and back, or disappear entirely as they enter elevators and other areas where there is no service. This, combined with tight controls over the apps in the App Store and restricting how much you can do in a browser window, really makes it difficult for hackers to take the same avenues that have been so successful with Windows PCs and even OS X more recently.
Apple isn't the only one successfully protecting users. Windows Phone 7 has similar protections. It has released three updates since launch, the last one being strictly to fix a potential security issue involving fraudulent SSL certificates. Android needs to make greater strides here. Most updates for Android phones tend to be version updates, not routine patches. This isn't a Google issue as much as a carrier issue. Carriers don't like being in the update business. It costs money to test, deploy, and support should an issue arise. Apple and Microsoft have demanded their updates get pushed out. Google doesn't have that kind of power in its licensing agreement, so we are at the mercy of the carriers to release patches.
Smartphones and tablets continue to grow and that means they are a juicer target for hackers. We'll see how the platforms fare as war is waged on them. In the meantime, you just need to be prudent about what you install and what sites you visit and where you key in sensitive data. You are at far more risk of being tricked into entering banking info into a fake Web site than having malware sneak onto your phone.