Sponsored By

Security Showdown: Android Vs. iOSSecurity Showdown: Android Vs. iOS

Symantec compares the security architecture of mobile operating systems from Google and Apple, but OS improvements are only part of the story.

Kurt Marko

July 5, 2011

4 Min Read

In light of Research In Motion's continuing poor financial performance, executive departures, and tepid tablet sales (subscription required), it's clear that the competition for smartphone and tablet pre-eminence is now a two-horse race: Android and iOS, via Google (and its stable of hardware licensees) and Apple. Estimates show these two now account for almost two-thirds of the smartphone market and are the two platforms gaining share at the expense of RIM, Microsoft, and Palm/HP.

Since your next phone or tablet will almost certainly be running one of these operating systems, what's a security-conscious buyer to do? Sure, most people are swayed by more subjective factors, such as Apple's sex appeal or Google's openness and product diversity, but if you're a paranoid, tech-savvy IT type, which platform is least likely to cause security headaches for you and your enterprise? To help answer that question, security researcher and Symantec chief security architect Carey Nachenberg has put both systems under a microscope, detailing his findings in a new white paper. For those who don't want to wade through the 22-page report, here are a few highlights. The good news is that mobile operating systems, both of which are Unix variants (Android based on Linux and iOS on OS X, which has its roots in FreeBSD), are more secure than a Windows PC. This is probably not too surprising since they build on years of experience in OS security and are designed for more narrowly focused tasks, unlike a general-purpose, do-everything PC. Still, as the paper highlights, both embody most, if not all, of these five "security pillars": -- Traditional access control: techniques such as passwords and idle-time screen locking to protect the device itself. -- Application provenance: curation (testing, verifying, and tamper-proofing) of individual applications, and subsequent secure signing (with the author's identity) and hashing (using a digital signature). -- Encryption: protecting data on the device in the event of loss or theft.

-- Isolation: limiting an application's ability to access sensitive data or system resources on a device.

About the Author(s)

Kurt Marko

Contributing Editor

Kurt Marko is an InformationWeek and Network Computing contributor and IT industry veteran, pursuing his passion for communications after a varied career that has spanned virtually the entire high-tech food chain from chips to systems. Upon graduating from Stanford University with a BS and MS in Electrical Engineering, Kurt spent several years as a semiconductor device physicist, doing process design, modeling and testing. He then joined AT&T Bell Laboratories as a memory chip designer and CAD and simulation developer.Moving to Hewlett-Packard, Kurt started in the laser printer R&D lab doing electrophotography development, for which he earned a patent, but his love of computers eventually led him to join HP’s nascent technical IT group. He spent 15 years as an IT engineer and was a lead architect for several enterprisewide infrastructure projects at HP, including the Windows domain infrastructure, remote access service, Exchange e-mail infrastructure and managed Web services.

Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.

You May Also Like


More Insights