It’s a common claim to hear from iPhone users that iOS offers superior security compared to the Android OS after doing Android app security testing.
When you compare each OS, the flexible and customizable nature of the Android OS sacrifices security at the OS level and for Android app secure, with the more rigid iOS considered more secure.
Research from 2015 indicates that both platforms are the victims of hacking, jailbreaking, malware, and unintended use, raising questions over whether the traditional perception of iOS as more secure still holds true against the view of poor Android app security.
Adrian Ludwig, Director of Android Security at Google, stated in an interview on 1st Nov, 2016 at a security conference in Manhattan, “In the long term, the open ecosystem of Android is going to put it in a much better place. For almost all threat models, they are nearly identical in terms of their platform-level capabilities.”
Ludwig mentioned during his talk that the built-in security feature of Android called “Safety Net” scans around 400 million devices and approximately 6 billion apps every day. As a result of Safety Net scans and subsequent mitigation mechanism very few Android devices, i.e. less than 1%, are actually infected with Potentially Harmful Applications.
Ludwig further went on to talk in support of Android app security, saying that there hasn’t actually been a real-world attack on an Android phone yet that has exploited the hyped Stagefright series of bugs. He also stressed that Android phone manufacturers also bear the responsibility to come with regular updates and security patches.
His claim for the security of Google Pixel has since been disproved with a pwning proof of concept shown to hack the Pixel in 60 seconds. Whether these new claims that the Pixel will stand up to Android app security testing and the Google Pixel is more secure is anything more than PR remains to be seen.
Codified Security is here to help make your mobile app secure whether it’s for iOS, Android app security testing, or to make sure you’re clearing the OWASP Mobile Top 10. For mobile app security testing try out Codified Security.