2

What are the security implications of using Android as opposed to iOS? Many sources say Android is much less secure and much less capable of handing a user's data in a secure manner. What are the main failings or disadvantages of using Android?

I.e., Apple using sandboxing and has a secure runtime environment which Android apparently does not.

KimberleyK
  • 459
  • 1
  • 6
  • 12
  • 1
    can you please cite the sources which claim so. – Jor-el Nov 08 '15 at 08:46
  • 1
    As already explained in the answer, "*Apple using sandboxing and has a secure runtime environment which Android apparently does not.*" is not correct, unless you mean different sandboxing. – Andrew T. Nov 09 '15 at 02:59

2 Answers2

2

like all security features, the Application Sandbox is not unbreakable. However, to break out of the Application Sandbox in a properly configured device, one must compromise the security of the the Linux kernel.

Android much less secure? Not so sure about that(subjective).

1- Security implications?

Misc:

  • Open-source.
  • Android IPC (Intents, Services and BroadcastReceivers).

Linux Security:

  • ASLR, NX, SELinux.
  • System Partition and Safe Mode.
  • Application Sandbox.
  • Process isolation.
  • Filesystem Permissions.

User Security Features:

  • Filesystem Encryption(not enabled by default)
  • Password Protection.
  • Device Administration.
  • Keychain.
  • App permissions.

2- Disadvantages?

  • Rooting of devices: It's great for attackers or geeks, but it's a security nightmare. Root access, exploits, file system exposed with shared_prefs, sqlite_db, ...
  • SSL mutual authentication in the Webview: Impossible untill recently, thanks to hidden/unofficial APIs.
  • Handling of private/company PKI CAs: Keychain added in api level 14.

  • Android Runtime Code Injection

  • Android database(SQLite): No encryption! ==> SQLcipher for sensitive data.

kernel-security

Community
  • 1
Seb B.
  • 401
  • 2
  • 5
1

Android does have app sandboxing, which is in some aspects stronger, and in other aspects weaker, than iOS. But if your question refers to end-user's choice to keep their personal data private, then the choice of applications is much more important than the decision whether to use an Android or iOS - powered device. Also, both systems keep user data in the cloud, and the security of either Google Cloud storage or Apple Cloud storage is a greater risk factor than the "sandboxing" on the device.

Alex Cohn
  • 823
  • 5
  • 7