{"id":53291,"date":"2013-10-21T16:59:16","date_gmt":"2013-10-21T14:59:16","guid":{"rendered":"http:\/\/onsoftware.en.softonic.com\/?p=53291"},"modified":"2025-07-02T01:05:07","modified_gmt":"2025-07-02T08:05:07","slug":"security-showdown-ios-7-vs-android-4-3","status":"publish","type":"post","link":"https:\/\/cms-articles.softonic.io\/en\/security-showdown-ios-7-vs-android-4-3\/","title":{"rendered":"Security showdown: iOS 7 vs. Android 4.3"},"content":{"rendered":"

In the battle for mobile supremacy, there are two main contenders:<\/strong> iOS and Android. They’re the most popular, but which is the most secure?<\/p>\n

Mobile security – often ignored<\/h3>\n

According to a survey from Motorola<\/a>, only 12% of buyers take security\u00a0into account when they’re buying a phone. People prefer to look at things like applications availability, usability and superficial aspects such as the style of the icons or the fluidity of the animations.<\/p>\n

We forget that a phone is no longer just a device to make calls: we use them to store emails, passwords, pictures and more. Smartphones effectively store the most important details of our lives –\u00a0 and not just our personal lives. We connect to corporate networks, read confidential documents and fill out job applications – all on our smartphones.<\/p>\n

What’s worse, we use our phones while ignoring the most basic security principles. Between 30 and 60% of people<\/a> don’t use locking systems, like PINs or an unlock pattern, on their\u00a0phone. More complex and powerful options such as data encryption are almost universally ignored.<\/p>\n

The NSA scandal<\/a> has put data privacy in the spotlight, and has urged software authors and phone manufacturers to put more emphasis on security in each update.<\/p>\n

Android 4.3 vs. iOS 7<\/h3>\n

iOS and Android are the quintessential high-quality devices and they contain a lot of personal data. In each of their most recent updates, both Apple (iOS) and Google (Android) strive to improve system security through new security options, patching vulnerabilities and installing system improvements.<\/p>\n

But sometimes things go wrong, as happened in the case of iOS 7, users discovered that calls\u00a0could be made from the lock screen. This sort of slip-ups\u00a0show the complexity inherent in ensuring mobile security and the balancing act of\u00a0combining\u00a0security and speed of use: you want to protect data, but not at the expense of usability.<\/p>\n

\"\"<\/p>\n

If we were to ask Google and Apple, they would each\u00a0say that their system is the most secure. And that’s exactly what’s happening. Eric Schmidt, CEO of Google, says <\/a>that “Android is more secure.” On the other hand, Tim Cook, Apple’s CEO, emphasized<\/a> the negative consequences of Android fragmentation<\/a>, which carries with it the need to plug holes. Putting aside opinions and advertising, though, which of these platforms is safer for users? In this comparison, we put both systems, iOS 7.0.2 and Android 4.3, to the test.<\/strong><\/p>\n

The 5 levels of mobile security<\/h3>\n

We’ve come up with five levels of progressively more complex security<\/strong> which encompass safety issues ranging from the basics, such as the lock screen, to the more advanced, such as encryption or the number of vulnerabilities.<\/p>\n

For the vast majority of users, Level 1 is the only one they know about\u00a0and the only thing that matters, while level 5 is only of interest to more advanced users. There are aspects of levels 2-4 that may be of interest to all users, but they generally don’t spring to attention in normal daily use.<\/p>\n

Level 1: Locking or identification systems<\/strong><\/h4>\n

\"\"<\/p>\n

Accessing\u00a0your phone or tablet<\/strong> is the basic level of security that concerns all users, regardless of what device they use. Without this level, a device is at the mercy of any opportunistic (or malicious)\u00a0person.<\/p>\n

Android 4.3 has five screen lock systems: swipe, Face Unlock, Pattern, PIN and password. They’re configured from the menu Security\u00a0> Lock. Meanwhile, iOS provides only two methods: swipe\u00a0and PIN code.<\/p>\n

Swipe offers no security, and it’s only there\u00a0to prevent accidental inputs. PIN is a numeric code that, if kept to\u00a0the minimum (four digits), can be guessed in less than a day<\/a>. While iOS put delays in\u00a0between incorrect attempts, Android does not<\/a>. Moreover, in iOS there is an additional option to erase all data after ten failed attempts.<\/p>\n

\"\"<\/p>\n

When it comes to the other locking systems offered by Android, facial recognition is the one that even\u00a0Google says<\/a> is the least secure, since it can easily be\u00a0fooled by a photo<\/a>. The system of patterns (drawing lines between points) is easy to remember and fairly robust, but depends on the complexity of the pattern, and fingerprints on the screen can be clues that undermine reliability.<\/p>\n

The safest option is an alphanumeric password, but it is also the most inconvenient to use, and is most effort to set up well (people generally don’t\u00a0like having to remember complex passwords). iOS 7 running on new devices, offers Touch ID<\/a>, a fingerprint recognition\u00a0system which is very easy to use and more robust<\/a> than almost all alternatives.<\/p>\n

Convenience vs. security<\/h4>\n

So which device offers the safest access systems? If we go on sheer number of options offered, it’s got to be Android, but when you consider the convenience factor and Apple’s new Touch ID, things change. Convenience vs. safety is the most heated debate as far as mobile security is concerned. We’ve prepared this graph to help you get your head around it:<\/p>\n

\"\"<\/p>\n

Subjective ratings of safety and convenience. Asterisks indicate that the security depends on the complexity of the password or pattern. Those in green have both.<\/em><\/p>\n

The two\u00a0locking systems that are secure AND easy to use<\/strong> are the patterns (Android) and fingerprint (iOS). PINs score low on the security front if they’re left at four digits, which is standard.\u00a0Passwords can be very safe, but convenience goes down dramatically as their complexity increases. The battle, then, is between the Android pattern system and Touch ID from iOS.<\/p>\n

\"\"Touch ID from\u00a0Apple in action (photo courtesy of\u00a0iPhoneWorld<\/a><\/em>)<\/p>\n

Android offers more locking options, they can be extended through third party apps and the pattern system is fairly easy to use, but it’s more vulnerable and less convenient than iOS 7’s\u00a0Touch ID fingerprint reader.<\/p>\n

\"\"<\/p>\n

iOS 7 wins for balance between convenience and security (thanks to Touch-ID), and its approach seems to be\u00a0the best for simplicity and ease of use.<\/p>\n

Level 2: application security<\/strong><\/h4>\n

\"\"<\/strong><\/p>\n

After analyzing the access options, we turn our\u00a0attention to applications: how to obtain, install, authorize and execute them. Users install dozens of apps on their devices, but don’t typically pay much attention to safety. So what do iOS and Android do to ensure that malicious applications won’t\u00a0cause a disaster?<\/p>\n

At first glance, both Android and iOS adopt a similar approach, in the sense that they both rely on applications in their own markets which check (automatically\u00a0and manually) the safety of the thousands of applications available to the user. Both systems isolate the processes in a sandbox, which prevents an application taking\u00a0control of the entire system, and they do this very effectively.<\/p>\n

Open model vs. closed<\/h4>\n

The safety of both ecosystems and markets is very good<\/strong>, although there have been cases of malicious applications that have managed to sneak past. For example, researchers at Georgia Tech managed to introduce the Jekyll application<\/a> on the iOS Store. But malware can also sneak into Android, and it’s already happened on several occasions.<\/p>\n

\"\"Fake apps in Google Play, a common sight\u00a0(s<\/a>ource<\/a>)<\/em><\/p>\n

Both of these cases were exceptional situations, but while sources estimate that about 6% of apps on Google Play are malware<\/a>, for the iTunes Store this figure is\u00a0virtually nil (partly because Apple doesn’t\u00a0provide data). Android, which has a 70% market share, has become the\u00a0favorite target for hackers, 92% of mobile malware<\/a> can be found there. Does that mean that Android is less secure?<\/p>\n

Assuming normal use and that applications are obtained only from Play or Amazon, malware risk is as low as that of iOS. But whereas iOS forces users to install only applications sourced from its store, Android has adopted a much more liberal approach<\/strong>, leaving the door open for\u00a0installing completely independent applications and even separate stores. And through this door, malware can enter.<\/p>\n

\"\"<\/p>\n

Android allows the installation of applications from unknown sources<\/em><\/p>\n

Being a more open system, Android favors the installation of third party apps. It’s dangerous, but it gives you immense flexibility that iOS users can only dream of – or try to emulate by jailbreaking their devices. This freedom, however, comes at a price, and this price is the possibility of accidentally installing malware disguised as legitimate apps. Incidentally, the risk of malware has led to a flourishing industry of antiviruses for Android<\/a>.<\/p>\n

Managing app permissions<\/h4>\n

One way to control what applications make it through is via a permit system, which establishes what data and which parts of the device a particular application can access. Both Android and iOS have permit systems, but their style of informing the user differs greatly<\/a>.<\/p>\n

iOS just asks the user when necessary to authorize access to a specific resource. The user can then accept or reject each as he wishes, with the app already installed and working. In Android, it reports from the beginning in\u00a0great detail about the permissions required by an app, and the decision is “all or nothing”: if the user doesn’t\u00a0accept the conditions, the application isn’t installed.<\/p>\n

\"\"<\/p>\n

In Android 4.3, detailed permissions were introduced,\u00a0although the feature is hidden: to activate it you have to use apps like App Ops Starter<\/a>, which make it visible.<\/p>\n

\"\"<\/p>\n

iOS wins for its stricter control of apps, in exchange for giving up the freedom to install any application you want…<\/p>\n

Level 3: Protection of privacy<\/strong><\/p>\n

\"\"<\/strong><\/p>\n

The first two levels cover essential security, but what about more subjective aspects such as privacy? Things like how data is displayed\u00a0on the lock screen or the sending anonymous (or not) data for advertising purposes are hot topics and issues\u00a0that may bother many users.<\/p>\n

Notifications on the lock screen<\/h4>\n

Being able to read notifications directly from the lock screen is something that Android, for now, does not allow – to achieve this you need to install third party applications<\/a>. This can be inconvenient, since you need to unlock the screen every time you want to check what’s going on on your phone, but Android does support illuminated notifications via LED (on mobile phones that allow it).<\/p>\n

\"\"<\/p>\n

iOS, on the other hand, displays notifications directly on the lock screen, and does so by default. You can read mail or WhatsApp<\/a> messages without unlocking the terminal, for example. Notifications of this type can be disabled from the Notifications Center<\/strong>, which features custom options for each application that uses this feature.<\/p>\n

Personalized Ads<\/h4>\n

Both iOS and Android can send data to customize ads<\/strong>. For some people, this feature, far from being\u00a0helpful, is an unacceptable intrusion into their personal sphere.<\/p>\n

With Android, this is controlled from Google Settings > Ads<\/strong>. In iOS, from the settings\u00a0menu\u00a0Privacy > Announcements<\/strong> and from the System Services menu<\/strong> – in other words, you have to do quite a bit of navigating\u00a0to disable it.<\/p>\n

Browsing privacy<\/h4>\n

Most\u00a0of the time we’re on our devices we’re browsing the web. The native iOS 7\u00a0and\u00a0Android 4.3\u00a0browsers\u00a0are\u00a0Safari and Chrome, and they each have abundant privacy settings.<\/p>\n

Safari<\/strong>, the default browser for iOS 7, has a Do-Not-Track option\u00a0to disable cookies and selective cookie blocking.<\/p>\n

Chrome<\/strong>, the Android browser, has a whole menu dedicated to privacy, with Do-Not-Track and options to disable bug reports, suggestions and predictions of network shares.<\/p>\n

\"\"<\/p>\n

Android wins for the greater control its privacy options for the\u00a0browser offers, as well as the choice, which in my opinion is correct, not to show notifications on the lock screen, although many Android users look upon this feature\u00a0with envy.<\/p>\n

Level 4: Remote device security<\/strong><\/h4>\n

\"\"<\/strong>Okay, so your phone is secure\u00a0and well configured. But what if it’s lost or stolen? You’ll want to find it, locate it on the map or, at the very least, order the automatic deletion of your data if you give it up for lost.<\/p>\n

With the “Find my iPhone<\/a>” feature, iOS has been the pioneer of locating lost phones. Upon entering iCloud, users can locate their devices and their status (on or off), play a sound and activate the lost mode<\/a>, which displays a message on screen. In extreme cases, you can enable remote wipe.<\/p>\n

\"\"Web interface of Find my iPhone (image courtesy of\u00a0Applediario<\/a>)<\/em><\/p>\n

Android introduced something similar with its Device Manager. It supports a wide variety of Android devices, and allows you to locate devices on Google Maps, as well as play a sound, block the terminal or erase data remotely. However, there are no options such as a customizable remote message.<\/p>\n

\"\"<\/p>\n

iOS wins for number of options and data\u00a0supplied through Find my iPhone. The Android Device Manager is more limited.<\/p>\n

Level 5: Advanced security<\/strong><\/h4>\n

\"\"<\/strong><\/p>\n

In the last level of security, we look at the more advanced aspects of iOS and Android, such as the encryption of the file system or the ease of obtaining root privileges. If you’re a basic user, these points probably won’t interest you much.<\/p>\n

Encrypting user data<\/p>\n

Encryption<\/a> allows you to protect data confidentiality. For example, you can prevent a thief from accessing banking data stored on your phone.<\/p>\n

In iOS, encryption is enabled at the factory<\/strong> and carried out via dedicated hardware, which minimizes the performance impact. It is a 256-bit AES encryption which is very secure<\/a> in most situations.<\/p>\n

\"\" <\/strong><\/p>\n

With Android, encryption is a user choice<\/strong>. As we mentioned above, the variety of Android devices has meant that encryption must be implemented through software, which is much more likely to have an impact on performance.<\/p>\n

Superuser (root and jailbreak)<\/h4>\n

In any operating system, superuser permissions are essential for complete control of the system. In mobile, this allows you to install unofficial applications, uninstall factory apps or customize the system.<\/p>\n

Android has chosen to be totally transparent in this regard. Their devices can be “rooted” without too much effort, but this isn’t required to install applications outside of Google Play. The risk of rooting is minimal, and it’s a legal operation and accepted<\/a> by many manufacturers.<\/p>\n

\"\"<\/p>\n

In iOS, obtaining root privileges is part of the jailbreaking <\/a>process, an operation that is carried out to obtain the\u00a0freedom to customize. It is legal in many countries, but iOS warns of a large number of dangers and instabilities<\/a>.<\/p>\n

Vulnerabilities and updates<\/h4>\n

Vulnerabilities are software bugs that can be exploited by malware or attackers to take control of the system, to damage\u00a0or get information.<\/p>\n

According to CVEDetails, the number of vulnerabilities in iOS is much higher than that of Android (regardless of browser vulnerabilities). It can be seen in this chart:<\/p>\n

\"\"<\/p>\n

Number of vulnerabilities discovered in\u00a0Android and\u00a0iOS by years (source: CVEDetails)<\/em><\/p>\n

This data doesn’t tell us much<\/a>: despite the large number of vulnerabilities in iOS, the number of applications that can exploit them are\u00a0minimal due to the tight control Apple exerts over the application market (control is annulled with the jailbreak, which is why Apple is so resistant).<\/p>\n

So it’s not that iOS is\u00a0less secure, but it’s in no hurry to plug these vulnerabilities. Android,\u00a0on the other hand, is definitely in a hurry. And there are other factors to consider when it comes to vulnerabilities and patching them. By controlling the devices, Apple can patch vulnerabilities immediately through a new update that will hit devices no matter what. This only occurs in the Android Nexus range: other manufacturers release new versions as they see fit, forcing many users to change the ROM on their device. Fortunately, Android is solving many problems<\/a> by bypassing the manufacturers and going for\u00a0updates through Google Play.<\/p>\n

\"\"<\/p>\n

\n

iOS wins this one thanks to its superior control over its devices, which allows it to send updates quickly to all users and encrypt data without much effort.<\/p>\n

Verdict: iOS is the winner, albeit not on the freedom front<\/h3>\n

In general, both Android and iOS operating systems are exceptionally secure<\/strong>. Both are committed to security measures enabled by default and do not overload\u00a0users and developers with requests for decisions. The focus, however, differs on certain points, especially with regard to the control of functions.<\/p>\n

Apple says in the iOS Security Guide<\/a> that its\u00a0security is transparent to the user, but some features such as data encryption can be configured. It’s a foolproof strategy consistent with its user\u00a0strategy – simplicity – and its hardware strategy – optimized.<\/p>\n

Android, on the other hand, offers the user a greater degree of control not only for ideological reasons but also because of the fragmentation of devices: enabling\u00a0encryption, for example, has a negative impact on performance<\/a> by running via software which is the opposite of what Apple does by encrypting via\u00a0hardware.<\/p>\n

iOS is a safer system for all types of users, in exchange for giving up some freedom\u00a0that some users value<\/strong>, like the ability to move data easily or install unofficial applications. With iOS you give up some\u00a0freedom in exchange for thinking less about security, while with Android, you’re forced\u00a0to think about what you’re doing.<\/p>\n

Which do you think is the most secure –\u00a0Android or iOS ?<\/h4>\n

Note: The author of this comparison article has a Nexus 4 and an iPad 3<\/em><\/p>\n

Original article<\/a> written by Fabrizio Ferri<\/a>, published on Softonic ES<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"

In the battle for mobile supremacy, there are two main contenders: iOS and Android. They’re the most popular, but which is the most secure? Mobile security – often ignored According to a survey from Motorola, only 12% of buyers take security\u00a0into account when they’re buying a phone. People prefer to look at things like applications … Continue reading “Security showdown: iOS 7 vs. Android 4.3”<\/span><\/a><\/p>\n","protected":false},"author":2040,"featured_media":53540,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":"","wpcf-pageviews":0},"categories":[2441],"tags":[],"usertag":[],"vertical":[],"content-category":[],"class_list":["post-53291","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-how-to"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/posts\/53291","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/users\/2040"}],"replies":[{"embeddable":true,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/comments?post=53291"}],"version-history":[{"count":1,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/posts\/53291\/revisions"}],"predecessor-version":[{"id":331956,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/posts\/53291\/revisions\/331956"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/media\/53540"}],"wp:attachment":[{"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/media?parent=53291"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/categories?post=53291"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/tags?post=53291"},{"taxonomy":"usertag","embeddable":true,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/usertag?post=53291"},{"taxonomy":"vertical","embeddable":true,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/vertical?post=53291"},{"taxonomy":"content-category","embeddable":true,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/content-category?post=53291"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}