Dr. Charlie Miller Compares the Security of iOS and Android

By Michael Farnum ·

I had the honor of talking to Dr. Charlie Miller, principal research consultant for Accuvant LABS, for a bit during DerbyCon about the security of mobile devices’ operating systems. Specifically, Dr. Miller articulated the differences between Apple’s iOS and the Android OS. Here are some of the highlights before you watch the video to get it directly from the good doctor himself:

  • Application Store Control
    • Apple places fairly rigid controls on the App Store from a corporate perspective, which results in a much lower possibility of malware infected apps
    • Android depends on the user community to control security of the apps, which results in much less effective security
  • Application Sandboxing
    • The iOS sandboxing model is the weaker of the two because it uses one sandbox to run all applications, which means that the sandbox is “only as strong as the weakest app you want to allow”
    • Android uses a separate sandbox for every app, so each app has to ask for the permissions it needs to execute
    • However, the weak application control in Android (see the Application Store Control point above) tends to negate the superior sandboxing of Android
  • OS Protection (preventing drive-by downloads)
  • Jailbroken Phones
    • All bets are off when an Apple device is jailbroken
    • However, there has not been a lot of malware written for jailbroken phones because the bad guys have not yet shown a lot of interest in the mobile device world (something Dr. Miller thinks will soon change)

Video: http://www.youtube.com/watch?v=KsbOxT268bc