3

If I replace my current smartphone with a Google Pixel, which would get updates pretty quickly, would I be just as safe from hackers as I would be using an iPhone? This is assuming I don't install shady apps, of course.

If you're wondering what my baseline for security updates is, I have a Google Nexus 6 (good support) and used to use a Samsung Galaxy S III (not very good support IMO).

Thanks in advance.

jajavoli
  • 39
  • 2
  • 1
    "intrinsically more secure" *from* what? – schroeder Apr 29 '17 at 09:12
  • Good question. I was thinking in terms of things like remote exploits. That's why I said "assuming I don't install shady apps"; I want to know if Android phones would be easily hackable by criminal botnets or the CIA even if I do everything right. Granted, if I'm super concerned about that, I would want to consider something like a Coppherhead phone, but that may be impractical due to costs and the lack of Google Play access. – jajavoli Apr 29 '17 at 17:56
  • if your Threadmodel includes the CIA then you are pretty much doomed. Both apple and google are U. S. companies and thus provide backdoors for the government. Even if they don't have a backdoor (but yes they have) they have the legal powers to force google/apple to crack into the phone. – BlueWizard Apr 29 '17 at 22:57
  • Very true; I was just giving a rather colorful example of an entity than exploit security bugs – jajavoli Apr 30 '17 at 01:14

2 Answers2

6

I will attempt to make this question which could easily be viewed as an "opinion based answer" into something with concrete facts.

I think that, on a whole, the Android ecosystem is a tire fire. If you put every iPhone sold up against every device running Android sold up against each other and compared which platform had more security vulnerabilities, Android would win by a landslide. The reason for this is the variety of form factors and phone manufacturers makes cheap hardware possible, but you have no vetting of your supply chain in many cases. We have seen Android handsets sent with factory installed malware in several cases. Couple this with the fact there is no easy native backup solution which drives people to root their phones and you have an environment where malware can thrive.

Now with that said, if you put a Google Pixel, which was purchased from the manufacturer, not rooted and running the standard ROM (without any carrier bloatware) up against an iPhone I would argue that there is no difference in security between one or the other. Both manufacturers tightly control their supply chain and manufacturing process, as well as put out ROMs or OS's with a security focus in mind.

DKNUCKLES
  • 9,237
  • 2
  • 37
  • 47
2

iOS requires all code to be signed before it can be run. This complicates things a lot when you want to install persistent malware on iOS, as you've not only got to put the files in the right place, you also need to patch the kernel so that on the next reboot it no longer enforces code signature so that it can run your malware.

Here's an example of such an attack. The attackers had an exploit for Safari that allowed them to execute code, but they also needed other exploits to be able to patch the kernel to disable code signature enforcement, effectively "jailbreaking" the device. Without those two extra exploits their malware wouldn't be able to persist.

Android on the other hand allows you to choose whether to allow apps from the Play store or from untrusted sources, however I am not sure whether this check is made only at installation or at runtime. Unless it's the latter the device is still vulnerable to exploits that plant malicious binaries (without involving the installer) since the signature won't be checked on those.

The other issue with Android is that the quality bar on the Play store is much lower than its iOS counterpart. There have been instances where actual malware was published on the Play store.

iOS apps run in a much more restricted sandbox than Android. This can be good or bad as it prevents apps from doing things that can be useful in certain cases, but on the other hand prevents some attacks by malicious apps. For example, in iOS, when you press the home button you can be sure you're going back to the OS's trusted home screen. On Android nothing prevents the previous app from drawing over that screen or even simulating it completely, making you think you're opening another app that you trust (password manager?) while in reality you're still in the malicious app that's just mimicking the home screen and password manager in an attempt to capture your master password.

Finally, while this doesn't apply to your question as you already chose a trusted device, in the iOS world it's much easier to buy a clean device that is guaranteed to receive updates. You can buy it from Apple, a carrier or even a shady phone shop, as long as the device isn't counterfeit it will receive latest updates and the firmware running on there hasn't been tampered with. With Android on the other hand you could have the same hardware device but depending on where you buy it from will run a different firmware (sometimes with built-in spyware from the carrier) and have different update schedules. There's also no easy way to tell those apart (some carrier firmware looks just like the stock one, besides the fact that you'll never get updates and there's probably spyware hidden in there).

André Borie
  • 12,706
  • 3
  • 39
  • 76
  • Hmmm, does that mean that I could get a Pixel through the Verizon upgrade program and flash it with the Google factory image to be safe? – jajavoli Apr 29 '17 at 00:00
  • Actually, scratch that last comment. It turns out that Verizon locks the bootloader on the Pixel. In this day and age. Ugh. – jajavoli Apr 29 '17 at 18:13
  • @jajavoli yeah that's the issue - if you've got the time to figure out how to install a custom firmware then go for it, but I personally value my time and would rather give my money to a manufacturer that doesn't force me to tinker with firmware just to be able to have an usable and secure device. – André Borie Apr 29 '17 at 18:15
  • yes, all iOS apps are cryptographically signed. But so is more or less every piece of consumer software since the new millenium. All Android apps are cryptographically signed just like iOS apps are. It is impossible to install unsigned apps on both platforms (althouh this doesn't mean that the signature needs to be from a trusted source) – BlueWizard Apr 29 '17 at 22:58
  • Many of the things you mention don't make iOS superior because android has them too. Yes, iOS has App-Sandboxing. But so does Android. Android uses state-of-the-art sandboxing technology. iOS devices do so too. Although your point about app store quality is correct. There is malware in the google play store while it's fairly rare in the apple app store. – BlueWizard Apr 29 '17 at 23:04
  • @JonasDralle sandboxing is there but Android offers much more ways to break out of it (which again, has legitimate uses but so can be abused for malicious stuff). – André Borie Apr 29 '17 at 23:05
  • @AndréBorie you mean the file security levels? Yes, app developers can specify what files can be accessed by third party apps. But this isn't a break out in any way. Android uses well-tested technology which has been used and tested by decades. – BlueWizard Apr 29 '17 at 23:07
  • @JonasDralle sorry, by break out I wasn't talking about exploits but about using the legitimate holes in the sandbox, basically I mean that Android offers much more "holes" in the sandbox (like drawing over other apps, which iOS doesn't allow) that can be used for malicious apps to do mischief. – André Borie Apr 29 '17 at 23:08
  • @AndréBorie yes, that is correct. Android Apps can shield themself by specifing that their UI may not be overridden. But you're right that this would have do be specified by the developer of the app and thus is not guaranteed. I would consider this a minor issue because when you have malicious code on your phone you are pretty much boned no matter how much your UI is drawn over or not – BlueWizard Apr 29 '17 at 23:11
  • @JonasDralle that is true, but for the average user iOS is much safer as there's less stuff that can go wrong. If you're a power user and have the time to make your device secure then Android can be made equally safe. – André Borie Apr 29 '17 at 23:12
  • @AndréBorie "don't touch anything and you will be ok" is equally true for Android and for iOS. Both are secure out of the box but can be made insecure by uninformed tinkering – BlueWizard Apr 29 '17 at 23:22
  • @JonasDralle I'll have to disagree on that one. With iOS you get a device with sane defaults and almost no malware on the App Store. With Android you mostly get a device with zero updates and it's a bit like the wild west in terms of what apps can do (as said before, more holes in the sandbox) so you have to carefully check each app's permissions before installing them. – André Borie Apr 29 '17 at 23:23
  • @AndréBorie both play store and app store contain "bad apps". Both platforms contain permission management. And no OS in the world can shield itself from human error. So what's your point? – BlueWizard Apr 29 '17 at 23:26
  • @JonasDralle but on iOS a bad app can do less evil stuff than on Android - for example, unless the sandbox is vulnerable, even the most evil app on iOS won't be able to capture my input in another app. In Android on the other hand it just has to ask nicely for permission (the average user won't even read it and blindly accept). So for the average user iOS is a much safer place to be in than Android. And don't get me started on OS updates, which you won't get if you buy your device from a carrier - where most of the average users buy them. – André Borie Apr 29 '17 at 23:28
  • @AndréBorie your model of how iOS works seems limited. – BlueWizard Apr 29 '17 at 23:29
  • @JonasDralle well, feel free to prove me wrong. Let's say I'm a user who installs every app (malicious ones included), opens the app, closes it and then goes to Safari and enters a password. Explain to me how any of those apps would capture that password. Now compare with Android. The lack of updates also makes it worse - a sandbox breach on iOS will be quickly patched, but on Android it will most likely remain there forever unless you're the lucky one that bought an unlocked device directly from the manufacturer. – André Borie Apr 29 '17 at 23:36
  • @AndréBorie don't take it personal. You seem like a cool dude. For iOS keyboard hijacking see here http://www.macdrifter.com/2014/09/ios-8s-new-key-logger.html . A quick online search revealed various proof of concept apps for various iOS versions (including iOS 10, the current stable) – BlueWizard Apr 29 '17 at 23:42
  • @JonasDralle I'm not taking it personal, just hoping you don't either (I can be blunt at times). Yes I never said either platform was bulletproof, but there are IMO more ways for stuff to go wrong on Android than iOS. It's not a single particular exploit but the combination of multiple ones (user stupidity, broader permissions for apps, and the lack of updates combined together make a pretty explosive cocktail). If you want I'll make the answer community wiki and you can improve it as it looks like you've got more Android experience than me. – André Borie Apr 29 '17 at 23:45
  • @AndréBorie you're right about the update policy. The update policy for carrier devices is garbage. There currently is no need to wiki your answer. This is a topic one could fight over for days because both iOS and androie are super-complex systems and both have their (dis)advantages – BlueWizard Apr 29 '17 at 23:50