Is Android less secure than iPhone? Um, no.

Trend Micro’s self-serving 'security through obscurity' claim about Android lacking security flies in the face of reality.

One can only hope that security software provider Trend Micro saw a nice sales boost after the proclamation of its chairman earlier this week that Android phones are more vulnerable to hacking than iPhones are. If it didn't, those blatantly self-serving statements were made for nothing.

After all, they're certainly not true. Not only that, but they were made immediately after the company launched its brand-new security software for Android. There's no way that was a coincidence.

The statements were, however, a classic example of the FUD that's so often resorted to by companies that earn their bread by instilling fear in the hearts of computer users. Microsoft's recent anti-OpenOffice.org campaign was one example of such fear tactics used for profit; now, Trend Micro's little threat is another. Who needs enemies when you've got "friends" like these, working to steer you away from free and open source software and toward their expensive products?

Lest anyone get fooled by the dramatic headlines, let's take a cold, rational look at Android vs. iPhone security.

'Security Through Obscurity'

"Android is open source, which means the hacker can also understand the underlying architecture and source code," is what Trend Micro's Steve Chang originally told Bloomberg Businessweek.

Basically, what he's doing there is falling back upon the tired old argument--highly popular among closed-source vendors and those that make a living off of their products--that open source software's openness makes it less secure. It's called the old "security through obscurity" claim, and those of us who have been watching this industry for more than a few minutes know it well.

"If hackers can't see the code," the old argument goes, "then it's harder for them to create exploits for it."

The reality, however, is that it just doesn't work that way--as evidenced by the ever-increasing parade of (often incomplete) patches coming out of Redmond. First, even developers for Windows or the iPhone, say, have to understand the underlying architecture in order to create their applications. It's by no means a Big Secret.

A Misplaced Trust

Second, no closed-source company's limited set of developers--each of which is bound to have its own timetable and agenda--can possibly do a better job of finding and eliminating vulnerabilities than the worldwide mass of developers and users, which is who's at work 24/7 for open source software's security.

Zooming in more specifically on Android, the software draws many security advantages from the Linux operating system that underlies it. Much the way Linux users are not typically given the "root," or administrator, privileges that would be required in order for a virus to do widespread harm, so Android apps are isolated in separate "silos," unable by default to read or write data or code to other applications.

With Android, users are explicitly asked for permissions right up front, when the app is installed. On the iPhone, users can only blindly trust Apple to keep things secure for them--a trust that seems misplaced at best given the threats that have slipped into Apple's "walled garden" anyway.

'Most Vulnerable' of 2010

Then, too, there's the data.

Security research firm Lookout, for example, recently reported through its App Genome Project that Android applications are more secure than iPhone apps are because they're less likely to be capable of accessing a user's contact list or retrieving their location. It also found that nearly twice as many free iPhone apps can access the user's contact data.

Security firm Secunia, meanwhile, declared that Apple products now have more security vulnerabilities than any others--including even Microsoft's. Apple, in fact, topped Secunia's ranking of the top 10 vendors with the most vulnerabilities in 2010.

Even more recently, researcher McAfee fingered Apple products as growing targets for malware this year.

Government Users

Would companies far and wide be placing increasing trust in open source applications, and would this country's Departments of Defense and Homeland Security be among the U.S. government's biggest users of open source technology, if openness made technology less secure? I don't think so.

It was a nice try, Trend Micro--all's fair in love and marketing, right? But next time, it might be a good idea to pay attention to the facts, too.

Follow Katherine Noyes on Twitter: @Noyesk.

Tags online securityopen sourcetrend microAndroidPhonesCell PhonessoftwareAppleGoogleapple iphoneconsumer electronics

Recommended

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Katherine Noyes

PC World (US online)

Comments

Comments are now closed.

Most Popular Reviews

Follow Us

Best Deals on GoodGearGuide

Shopping.com

Latest News Articles

Resources

GGG Evaluation Team

Kathy Cassidy

STYLISTIC Q702

First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni

STYLISTIC Q572

For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Steph Mundell

LIFEBOOK UH574

The Fujitsu LifeBook UH574 allowed for great mobility without being obnoxiously heavy or clunky. Its twelve hours of battery life did not disappoint.

Andrew Mitsi

STYLISTIC Q702

The screen was particularly good. It is bright and visible from most angles, however heat is an issue, particularly around the Windows button on the front, and on the back where the battery housing is located.

Simon Harriott

STYLISTIC Q702

My first impression after unboxing the Q702 is that it is a nice looking unit. Styling is somewhat minimalist but very effective. The tablet part, once detached, has a nice weight, and no buttons or switches are located in awkward or intrusive positions.

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?