Skip to main content

Dr. Charlie Miller Compares the Security of iOS and Android

October 20, 2011

I had the honor of talking to Dr. Charlie Miller, principal research consultant for Accuvant LABS, for a bit during DerbyCon about the security of mobile devices’ operating systems. Specifically, Dr. Miller articulated the differences between Apple’s iOS and the Android OS. Here are some of the highlights before you watch the video to get it directly from the good doctor himself:

  • Application Store Control
    • Apple places fairly rigid controls on the App Store from a corporate perspective, which results in a much lower possibility of malware infected apps
    • Android depends on the user community to control security of the apps, which results in much less effective security
  • Application Sandboxing
    • The iOS sandboxing model is the weaker of the two because it uses one sandbox to run all applications, which means that the sandbox is “only as strong as the weakest app you want to allow”
    • Android uses a separate sandbox for every app, so each app has to ask for the permissions it needs to execute
    • However, the weak application control in Android (see the Application Store Control point above) tends to negate the superior sandboxing of Android
  • OS Protection (preventing drive-by downloads)
  • Jailbroken Phones
    • All bets are off when an Apple device is jailbroken
    • However, there has not been a lot of malware written for jailbroken phones because the bad guys have not yet shown a lot of interest in the mobile device world (something Dr. Miller thinks will soon change)

Video: http://www.youtube.com/watch?v=KsbOxT268bc

Related Blogs

April 02, 2014

An Update on Mobile OS Updates

Many of the customers I meet with most often ask for a recommendation or guidelines on the application of mobile OS updates (Android, iOS, etc.). For ...

See Details

May 16, 2012

Securing Mobile Gaming Applications

The Gaming Industry is moving at lightening speeds to get mobile content to their players to enhance player in-house experiences, integrate with loyal...

See Details

March 30, 2018

Mobile App Testing With Automation Trickery in Frida

When you spend a lot of time doing security testing on mobile apps like I do, you begin to worry that a large part of your life will be spent rebootin...

See Details

How Can We Help?

Let us know what you need, and we will have an Optiv professional contact you shortly.


Privacy Policy

Related Insights

July 21, 2015

Application Security Solutions

Learn how Optiv can help with web, email and application protection.

See Details

July 21, 2015

Data Security Solutions

Learn how we can help secure your date throughout its lifecycle.

See Details

July 21, 2015

Network Security Solutions

Learn how we help protect your environment while maintaining connectivity.

See Details

Stay in the Know

For all the latest cybersecurity and Optiv news, subscribe to our blog and connect with us on Social.

Subscribe

Join our Email List

We take your privacy seriously and promise never to share your email with anyone.

Stay Connected

Find cyber security Events in your area.