The cliche is as old as smartphones themselves. With their restrictive walled-garden application sandboxing and their heavily policed App Store, Apple iPhones are unable to be hacked (or so the rumor goes). But do the Apple devices live up to this reputation in practice? How do modern Android devices stack up in security against the allegedly impervious Apple devices?
Malware for iPhones Exists in a Big Way
In 2016, the Nokia Threat Intelligence Report indicated that iOS-based XcodeGhost was the 10th most active malware in the first half of that year. It certainly wasn’t the only iPhone malady featured in the report. While only representing a small but notable part of total malware activity for the year, the frequency and severity of these exploits are intensifying years after year. Their prevalence should serve as another powerful wake-up call to both Apple and iPhone users everywhere that no phone is inherently safe from the devious intent of the black-hat hacking community.
Android Users Are Still the Primary Targets
Despite the recent uptick in malware targeting iOS devices, most attacks on mobile devices take aim at Androids. Analysts estimate that Android now runs on more than 87 percent of phones in use today — making Android devices a target for malicious exploitation.
Android’s customizable nature compounds this issue by separating Google from the end-user experience. While a superior level of control over how the device functions have historically been an attractive feature for carriers and consumers alike — opening a wealth of opportunity for personalization, branding, and functionality — this customization has come at a hefty cost.
The net result is a fragmented and inefficient update distribution network. Google’s own reporting demonstrates the incredible impact, with the last two versions of Android (Nougat) running on only 13.5 percent of Android devices worldwide. This usage severely hampers Google’s capacity to protect Android users from upcoming and present threats, leaving some users vulnerable to mature, well-distributed exploits.
Android Manufacturers Are Responding
Some of the latest Android flagship phones have adapted to a threat-filled environment by embracing technologies that significantly reduce the risk of malware infection and the resulting damage. Through positive, proactive changes to hardware design and employing real-time protection and monitoring strategies, Android hopes to catch exploits before they can compromise the devices.
Case Study: Samsung Galaxy S8 Plus
In recent years, Samsung has demonstrated that it’s serious about stepping up to the challenge of overcoming hardware and software exploitation. The Galaxy S8 Plus, the latest iteration of Samsung’s flagship Galaxy series, features Samsung’s proprietary Knox Protection technology. This in-depth suite of tools and mechanisms refined over the last few iterations of Galaxy protect the phone from a hardware perspective.
Knox features run-time protection, in-house manufactured chipsets with safety features loaded on board, and a one-trip fuse designed to prevent access to sensitive data after a tamper attempt.
On the software side, Samsung is bundling the S8 Plus with real-time virus and malware protection from McAfee. This addition gives the S8 Plus a fighting chance at protecting your private data when dealing with new exploits. Definition updates reach your device as soon as they’re released, as opposed to the traditional Google-to-Samsung-to-carrier-to-user chain that software updates and security patches need to follow.
The carrier and device you choose also has a profound impact on the speed at which the update distribution chain moves. An established 4G LTE network such as T-Mobile, and a modern, popular, flagship device such as the Samsung Galaxy S8 Plus, will more often than not receive updates before older devices and smaller carriers, potentially reducing wait times from a few days to a few months.
All in all, between iPhone and Android, the iPhone is still a safer phone by virtue of statistics. But the state of play now — with iOS-based exploits managing to rank in the top 20 most active forms of malware targeting mobile devices — highlights how far removed from its “inability to be hacked” reputation the iPhone has become.
Looking at the current trends, we’re going to see a notable increase in the number of hacks directed at Apple devices in the current years. Apple will need to respond to these threats by evolving in many of the same ways that some of the more mature Android manufacturers, such as Samsung, have done.