Android Phones Might Be More Secure Than iPhones Now
What the market for zero-day exploits tells us about our phones
--
In all the heated debates between iOS and Android fanboys, privacy is not a war that Android often wins. Apple’s walled garden approach to apps has its problems, but Google Play has historically been flooded with unsafe apps. The open source nature of Android has given hackers leeway to find security loopholes, and there’s still has no default encrypted messaging app on the platform. Plus, less than 10% of Android users have updated to the latest version of the OS. In other words, nearly all its users run outdated software which almost certainly has bugs and security loopholes.
Apple, meanwhile, puts the spotlight on its privacy centric features at every opportunity it gets. Its well-enforced App Store guidelines have weeded out millions of unsafe apps and the company’s regular OS updates are quickly installed by most of its users. Apple’s encrypted messaging app, iMessage, and its famous blue bubbles are now a status symbol, and the company’s opposition to creating back-door access for law-enforcement agencies is headline-grabbing news that reinforces its image as the protector of your privacy.
But things could be changing. By studying the market for iOS and Android zero-day exploits, we can get a decent idea of the security of each platform.
The zero-day marketplace
A zero-day (0-day) is a vulnerability in a software or hardware that has been discovered but not yet patched. These pose a severe threat because they can be exploited to spread malware, steal sensitive data, take control of the targeted device, or worse.
It gets its name from the fact that the vendor had zero days to issue an update to fix the vulnerability. Antivirus, firewall, and other security features are ineffective against them, making them powerful weapons and lucrative commodities.