The “PC or MAC” argument has evolved into an analogous “Android or iOS” debate over which platform is better for mobile devices. Any individual’s choice will likely come down to personal preferences, but the one immutable technical distinction between the two platforms is that iOS is ‘closed source’ and Android is ‘open source.’ Some cybersecurity experts argue that Android’s open-source nature makes Android devices more appealing to hackers. This argument bears closer inspection.
Hackers certainly have more access into Android’s inner workings. They can exploit that access to develop customized malware and viruses, but the platform’s open source nature exposes that malicious code to a community of developers who rapidly develop defenses against it. Android’s greater vulnerability is its fragmented nature. A number of companies all install different versions of Android on their mobile devices. As those devices are deployed, their customized Android operating systems may or may not be updated. An organization that deploys Android mobile devices among its employees can inadvertently be running multiple versions of the platform at any given time. Organizations that allow or encourage employees to use their own personal mobile devices only add to this jumble. If a known cybersecurity patch is not deployed among all devices, the organization is leaving itself exposed to a hacker’s unauthorized network incursions.
This does not suggest that iOS is without its own vulnerabilities. Some cybersecurity experts suggest that because iOS is closed source, security patches take more time to develop and leave iOS devices vulnerable to hack attacks for longer periods of time. Further, CVE Details, a Mitre Corporation entity that tracks known cybersecurity issues in platforms and devices, notes that as of January 2017, iOS had at least 200 more known vulnerabilities than Android. The recent Wikileaks disclosure of CIA documents that purport to reveal the government’s ability to bypass security measures in both iOS and Android devices also implies that, with the right resources, hackers could do the same thing.
Rather than agonize over which platform is more secure, organizations can adopt measures to increase the security of mobile devices that they issue to employees and of the employees’ own devices in environments where organizations maintain a “bring your own device” workplace. First and foremost, an organization should educate employees on the importance of keeping operating system software updated with the most current releases that include all patches for security vulnerabilities.
Second, all mobile devices that are used to access a corporate network should include antivirus software or apps that regularly scan those devices for unauthorized incursions. Several third-party apps are available for this task. Many of those apps will also automatically check for updates and security patches. They can also be used to lock down any mobile devices that may be lost or stolen, thus preventing the device thief from using a purloined device to access a corporate network. Lastly, those apps monitor other applications on mobile device to confirm that those apps are not using the device’s tracking and other features in ways that might lead to deeper security breaches.
An active cybersecurity education program will help to maintain awareness of cybersecurity vulnerabilities among an organization’s employee base. That program can erect stronger defenses against a data breach, but it will not prevent every conceivable breach. When an organization does experience an unauthorized incursion into its networks that results in a loss of data, cybersecurity insurance can provide the resources and funds that will help the organization recover its operations and maintain relationships with customers whose data might have been compromised. Cybersecurity insurance companies can also provide additional information and suggestions on improving cybersecurity in both Android and iOS mobile devices.
Edited by Alicia Young