Hi Lifehacker, I’ve been a loyal iPhone user for years now, but am starting to flirt with the idea of jumping ship to Android-based phones. My main reason for sticking with iPhones — availability and priority afforded to the iOS platform when it comes to apps – -seems less of an issue these days. But security concerns around Android are still stopping me from switching.
As an iOS user, I’ve been able to blissfully ignore reports of “mobile malware” and the security vulnerabilities that seem to plague the Android ecosystem. Apart from setting a PIN on my iPhone and the occasional iOS update, I haven’t really had to think about OS-level security at all.
How will this change if I switch to Android? Are all these reports of malware on the Android platform overblown? What is the best security regimen for Android users? Anti-virus software like PCs? Only downloading from particular app stores? And is the everyday user really going to face more risk in an Android world versus iOS? Thanks, Potential Switcher
Android picture from Shutterstock (1000 Words)
Dear PS,
We’ll try and examine the issues that you raise in a hype-free way. The bottom line is this: yes, there are more potential security risks on the Android platform because of its open-source code approach and anyone-can-upload software market. However, those risks are manageable, and the initial reaction to them is often exaggerated.
More importantly, while the risks are lower on iOS, they are not non-existent. An iPhone user who incorrectly assumes that their environment is fully secured without any effort on their part is arguably at much stronger risk than an Android user following sensible security precautions.
Let’s address the specific questions you raise:
- Firstly, there’s more to iOS security than setting a PIN number and regularly updating your software (though both are important steps). If nothing else, you should set up Apple’s Find My iPhone service, which will make it easier to track and/or wipe your device if you misplace it.
- iOS malware is rare, but as we reported just this morning, it isn’t non-existent. Apple’s app-checking iOS also doesn’t do a good job of pointing out potentially risky behaviour by apps (and Apple tends to ban apps which make a point of identifying that behaviour, such as BitDefender’s Clueful). However, users can protect themselves by being cautious about downloading apps from unfamiliar vendors (a solid rule for any platform).
- As an Android user, the single most important step you can take is to check the permissions which an app asks for on installation. If you can’t imagine why an app needs a particular permission (why should the Woolworths shoppping app be allowed to initiate phone calls?), then don’t install it.
- The basic steps you’ve detailed for iOS (regularly updating your device and setting a password) also apply to Android. Platform updates are more complex for Android if your phone includes vendor-specific enhancements; rooting your phone can make it much easier to stay up to date (and offers many other benefits as well.
- If you are regularly downloading new apps, then installing security software for your phone can make sense. Check if your desktop security vendor provides a mobile solution as well, as this is often the cheapest route.
- Finally, stick to purchasing apps from major app stores (Google Play, the Amazon app store, and the Samsung store are the most obvious choices here). While it’s easy to find and install APK files from elsewhere, that’s risky behaviour.
To be clear: we think iOS and Android are both great platforms and can be used securely — but in both cases, whether that happens is down to the user as well as the software. No complex computer (and that’s what a smartphone is) can offer bulletproof security, and user awareness is critical whichever platform you choose.
Cheers
Lifehacker
Got your own question you want to put to Lifehacker? Send it using our [contact text=”contact form”].
Comments
4 responses to “Ask LH: Is Android Really Less Secure?”
You understate the crucial issue of updates and security patches. Since this often relies on vendors and carriers stuff goes unpatched, like the bug that allowed bitcoins to be stolen due to a poor random number generator.
http://www.extremetech.com/computing/164134-how-bitcoin-thieves-used-an-android-flaw-to-steal-money-and-how-it-affects-everyone-else
You can go on all you like about other features, but when a device takes a long time to get patched for a known vulnerability, then you have genuine security issues. The fragmentation of Android clearly demonstrates that users do not keep their devices up to date.
Every app you install gives you a list of what it can access on your phone (GPS, internet, contacts, credential storage (ie, to integrate with dropbox)).
As long as there isn’t anything suss in there, you should be OK. If you root your phone, you can get an app that will even block certain permissions if you still want to use the app.
Don’t install stuff from random off the internet – that goes without saying.
I would recommend getting a nexus device. They are beautiful, get updates first and are dead easy to root.
If you are one of the five people that use bitcoin, and are being targeted by hackers, maybe don’t install that on your phone.
As mentioned, at least with Android you can see what services an app may need
Common sense prevails. But to be cautious, I use Norton Mobile ( https://play.google.com/store/apps/details?id=com.symantec.mobilesecurity ) to scan apps for malicious activity, but there are great free alternatives out there like Avast! ( https://play.google.com/store/apps/details?id=com.avast.android.mobilesecurity ).
Secondly, I use an app called Permission Manager ( https://play.google.com/store/apps/details?id=com.gmail.permissionmanager ) to change permissions of apps with “odd” requirements. I’ve only had to do this once or twice. Apparently the next Android upgrade will include permission management by default.
Finally I have Clueful ( https://play.google.com/store/apps/details?id=com.bitdefender.clueful ) that reports on privacy risks of apps, like whether they are sending your device ID’s to 3rd party carriers, etc etc.
Linux; less secure than Windows.