Apples to Androids Part One: Security and Privacy
Apples to Androids is a series on the site that goes through and breaks down what you need to know if you plan on switching from iOS to Android. Looking at it from an analytical standpoint to help you decide if the switch is right for you. View the introduction post here.
Welcome back to the first post in the Apples to Androids series here on the site. This series aims to take an analytical approach to determining if the switch from iOS to Android is right for you, and what you should expect if you do make that switch. Today we are going to take a closer look and comparison at security and privacy between iOS and Android.
There are a couple of things to look at when comparing security and privacy between iOS and Android. First, encryption. What do the two companies do to encrypt files stored on the devices? Next we have to look at data privacy. How do these two companies handle your private data? Finally, we look at security vulnerabilities. How have Google and Apple handled patching their operating systems in the face of new attack vectors?
Encryption is the process of converting information or data into a code, especially to prevent unauthorized access. With computers, there are two main types of encryption: Full Disk Encryption (FDE) and File-Based Encryption (FBE). I’m not going go into the technical detail of each, you can find that easily online. So how do the two powerhouses of mobile computing implement encryption?
Apple has been using File-Based encryption with iOS since iOS 4 with different encryption keys at different security levels. This gives iOS an advantage because app creators can create apps that work when the phone is locked, while still providing security to other sensitive files on the phone. It also gives users more control over what level of encryption they want with three basic types: Complete Protection, Protected Until First User Authentication, and No Protection.
Starting with Android KitKat (4.4) Android used full-disk encryption to add security to their devices. While it was their first attempts at adding encryption to devices, it was still a dirty way to do it. Since then, Android has been getting much better. Starting with Android Nougat (7.0) Google moved away from just an FDE approach and introduced a more FBE approach. They support two types of encryption: Credential encrypted storage and Device encrypted storage. Credential encrypted storage protects data under the user pass-code and is not available until the user enters they pass-code, but only once. Device encrypted storage is just encrypted by by the hardware, and is available without having to enter a pass-code.
This is perhaps the BIGGEST topic of conversation for the usual end user when it comes to mobile technology, and technology in general. People want to know that their data isn’t being sold to the lowest bidder at every chance, and that it’s hard for criminals to get their hands on this data. How do Google and Apple do with this?
Using Google products like Gmail, Docs, Chrome, Android, and more, keeps your data in a centralized location. It’s not spread throughout a multitude of applications and databases. This can be viewed as a better way for your data to stay secure, granted you use the right password protection to your account.
Apple is also known for their strict security and privacy of user data. However, they may not be as prone to ask you for your consent. While you can change settings for different services through Apple, they state outright that they may share your information with third party vendors to “provide products or services, or that help market Apple to customers.” No opt-in option for this one.
Apple loves themselves and loves to promote themselves whenever possible. Of course, this isn’t a bad thing necessarily. It is business and a business can’t grow without marketing and securing new customers. However, it is unsettling that they do not make the option of having data given out available like Google does. I honestly found this information a little shocking considering Apple’s reputation for things like backdoors for government agencies.
Vulnerability is defined as the quality or state of being exposed to the possibility of being attacked or harmed. When it comes to smartphones, these are usually loopholes that security researchers or those with malicious intent uncover in the firmware. From the appropriately named Stagefright vulnerability that struck so many Android devices, to the Israeli NSO vulnerability that could capture encrypted messages. The ability for people to take action against a device, and the prevention of, are highly looked at components of security comparison.
Apple has long been good at addressing major security vulnerabilities in their operating systems. iOS is definitely no exception to this. Patches often come quickly as major vulnerabilities are discovered. What makes Apple be ahead of the curve when it comes to this is the fact that they will update many old devices at the same time. This means a 2 year old iPhone has the same chance of being on the latest update, and therefore patched.
This keeps in line with how Apple markets newer products and drops older products on a regular basis to keep users upgraded. This can be expensive, but at the same time, it is a wise move for the user. Newer phones in general tend to get upgrades first. And those upgrades are guaranteed.
Android has had its time in the spotlight as a very vulnerable operating system. It’s an easy target for hackers as it is open-source and easy to see where code can be exploited. The fact is also there that Google’s checking of apps in the PlayStore has suffered in the past and allowed more than its fair share of malicious apps. This being said, Google has done much better at eliminating these apps and even being able to verify apps that are sideloaded to the phone.
Android also has a regular release schedule, though it can be a bit more difficult than simply waiting for the next month’s security update. Those with Nexus and Pixel devices usually see the updates on a monthly basis. However, being fragmented like the operating system is, not all manufacturers and carriers seek to push out security updates as fast. So when choosing an Android device, this is something to heavily consider.
It’s a little long, but here you have it. A more detailed look at privacy and security factors to look at when you are trying to decide if you want to switch to Android from iOS. Security and privacy should always be a major factor in deciding what smartphone and platform is right for you. Do the research before you make your decision and know what you are buying into.
Apples to Androids will be back next week and we will be focusing on application compatibility and how you can transition from apps in the Apple App Store to apps in the Google Play Store.