by Reese Kimmons, MS ISA
The number of cyber attacks targeting mobile devices has risen dramatically since the pandemic triggered a transition to remote and hybrid work models.
This is because many employees are now using their personal devices to access valuable and sensitive company resources. Even if you aren’t one of those employees, your device is still at significantly higher risk than it was a couple of years ago.
There are some not-so-subtle differences between Android and iPhone mobile devices that undoubtedly sway users’ preferences when it comes to choosing between them. Many of the same basic security settings can, however, be implemented on both.
Let’s take a look at the differences, some pros and cons, and some common security safeguards you can implement regardless of which device you prefer.
Android Pros and Cons
When compared to an iPhone, Android devices are inherently less secure and more vulnerable to threats. This is because the Android operating system (OS) is built upon Linux and other open source technologies. Historically, what went into the development of what is today’s Android OS wasn’t as tightly controlled as that of iPhone’s iOS.
On the plus side, Android mobile devices are highly-configurable and allow their users to have full control over their security and privacy settings. Android phones are the preferred choice of those who want the ability to select and design their own security schema.
On the other hand, out-of-the-box configuration of these devices is not standardized and can vary by vendor. This means that, depending on where you get a new Android phone, it may be vulnerable to threats until or unless you upgrade its security profile.
In response to the transition to hybrid and remote work models, Google has developed Android for Work functionality that is supported by newer versions of the Android OS. Android for Work provides an organization’s IT department with some managerial control over their users’ Android security and their access to business applications. Also included are some productivity enhancement tools.
iPhone Pros and Cons
iPhones are highly standardized and are known for their reliability. New phones must meet Apple’s strict security requirements regardless of which service provider is offering them to its customers. This ensures that iPhone users know what they can expect when they get a new device.
It does not, however, guarantee that iPhones are safe from attacks. In many instances, vulnerabilities in smartphones and other devices are first discovered and exploited by threat actors, then patched by their manufacturers after the fact.
With iPhones, a user’s ability to make configuration changes and install certain apps is more restricted than it is with Android devices. One example would be if an employer were to provide a copy of an app with certain company-required restrictions pre-configured.
iPhone users are not permitted to install more than one version of the same app. This would mean that, even if the user wanted to install an unrestricted version of the employer-provided app, he or she would not be allowed to do so.
iPhones can also be significantly more expensive than Androids. This, rather than security concerns, may end up being the deciding factor for many, especially new users, when choosing a smartphone.
Basic Security Recommendations That Work for Both
There are basic recommended security settings and practices that apply to both iPhones and Android devices, one of which is setting a strong password or passcode. A complex passcode consists of a mix of numbers, upper and lowercase letters, and special characters and is an effective first step you can take to secure your device and data.
Biometric security features
Newer models of both Android and iPhone mobile devices offer the ability to unlock them using biometric authentication functionality rather than a password. Both devices allow users to choose between facial recognition and touch (fingerprint) ID. It’s easier to steal a password than a fingerprint, so using touch identification offers more security than even a complex password or passcode.
If, however, you choose to use facial recognition and your phone will be using a 2D rather than 3D depth-sensing camera to scan your face, think twice. Complex passcode and fingerprint ID methods will provide more security because, with a 2D camera, a printed photo of your face could possibly be used to unlock your device.
Find My Device functionality
Android and iPhone both offer the ability to locate misplaced devices using Find My Device and Find My iPhone functionality. Find My Device allows Androids to be tracked, locked, and wiped clean of data if they’re lost or stolen. The app can be downloaded from the Google Play Store. When activated, Find My iPhone offers tracking capabilities and prevents unauthorized users from accessing data on a lost or stolen iPhone.
Don’t install third-party apps
Both Android and iPhone users should refrain from the installation of apps from third-party providers. Only download apps from the Apple App or Google Play stores. Those apps have been screened for security threats and approved for installation.
Even if an app comes from one of the authorized providers, you should read reviews to find out what others are saying and whether the apps had any side-effects you might want to avoid. It’s recommended that you also read the app’s terms and conditions and determine what access the app requires.
If, for example, a gaming app requires that you grant it access to your contact list, email, and messaging service, you may want to avoid it.
Delete older apps
Periodically check the apps that are already installed on your phone. If there are any that you don’t use, it’s best to remove them. They could possibly have vulnerabilities or have access to sensitive data and/or systems on your device. If you aren’t using them, why take the chance of leaving them there?
Update your device regularly
Regardless of which device you choose, ensuring that available security updates are installed as soon as possible is important. These updates may include fixes for newly-discovered vulnerabilities. The best way to make sure that you get your updates as they become available is to make sure your device is set to check for and install them automatically.
Install antivirus protection
To better protect your device and data, install an antivirus/anti-malware app. Search for the best malware apps for your brand of device and you’ll find some reviews by trusted third-party sites. They usually include pros and cons along with pricing information. Adding virus and malware protection gives you an extra layer of security.
Use a VPN
A virtual private network (VPN) app encrypts the data traveling to and from your device. If a hacker manages to intercept it, he or she will be unable to unencrypt and use the information.
Whether you have an iPhone or Android, using a VPN is critical when you are connected to an unsecured public Wi-Fi network. Criminals monitor these networks to spy on their users, intercepting data like account credentials.
A VPN will dramatically increase your security while using public Wi-Fi and also when you’re entering data like banking credentials and payment card information while connected to a more secure network.
As you would when finding malware protection, find some reviews from third-party sources online before selecting a VPN. We’ve conducted multiple VPN reviews and published our findings here.
What Not to Do With Your Android or iPhone
As you would while using your home computer, avoid opening unsolicited emails or any attachments thereto. Also avoid clicking links in suspicious text messages or emails. Phishing attacks are on the rise and criminals are increasing their use of texting when launching their scams.
If you receive a message that appears to be from someone you know or a company with which you do business but there’s just something strange about it, use a phone number you know to be correct (not one provided in the message) to contact the listed sender and determine whether the message is legitimate.
Whether you prefer iPhone or Android, both have their pros and cons. Whichever your choice may be, it’s important that you implement at least some of the basics of device security as soon as possible if you haven’t done so already. The three we recommend that you start with are:
- Implementing a secure login method (fingerprint ID or complex password)
- Confirming that your device and the data it stores can either be tracked and secured or wiped clean if it’s lost or stolen
- Ensuring that your smartphone is set to update automatically to install fixes for newly-discovered vulnerabilities.
Implementing these and all of the other recommendations provided here is an even better idea. Additional device-specific security controls are available for both iPhone and Android cell phones. You may want to do some more research on your own to further increase your level of protection.
About the Author:
Reese Kimmons is an experienced IT executive with an AAS in Applications Programming, a BS in IT Management and an MS in Information Security and Assurance. During his time in the IT industry, Reese has earned certifications in ethical hacking, forensics investigations, ISO/GIAC, and Cisco networking.
- How Secure is Your Car? Tips to Stop Car Key Fob Hacking - December 17, 2022
- Cybercriminals Raking in Millions with “Hi Mom” WhatsApp Scam - December 17, 2022
- EU Websites Charging Visitors to Reject Tracking Cookies: A Practice Expected to Spread - December 17, 2022