Are Android apps easier targets for cybercriminals?

Mobile devices are vulnerable to cyber threats just like any other connected device today. While mobile phone operators continue to develop security features to secure devices, mobile apps are another problem altogether.

When it comes to smartphones, Google’s Android and Apple’s iOS are the two main operating systems used today. China’s Harmony OS is still new to the industry and has yet to establish itself as a major player, compared to the other two giants.

Android remains the most popular operating system in the world. With over 2.5 billion active users, Android OS’s flexibility and openness have made it a popular operating system for most mobile manufacturers today.

Meanwhile, there are about 1.46 billion active iPhone users worldwide today. Despite being considered a pricier mobile device as compared to cheaper Android models, iPhones account for 21.67% of the world’s total smartphone population.

Samsung has held a lead in market share since the early days of Android and has continued to perform well. Chinese manufacturers superseded HTC, LG, and others in the mid-2010s, and are now responsible for over 50% of Android device sales.

The image below shows the global market share between iOS and Android.

App development: All devices are vulnerable 

Despite both operating systems being successful, they are still vulnerable to cyber threats. The general belief most users have is that iOS is the most secure mobile operating system in the world and is almost unhackable by cybercriminals.

The reality is though, while iOS may have better security features compared to Android, it does not mean the device is hack-proof. Over the years, there have been cases of Android devices being infected with malware or even spyware.

In fact, one of the biggest spyware incidents in the world involved both Android and iOS. The Pegasus spyware was able to exploit vulnerabilities in Apple’s iMessage, giving it backdoor access to hundreds of millions of iPhones. While Apple has dealt with the spyware, the damage was already done and it also proved to many that iOS can be vulnerable to cybercriminals as well.

Despite this, Apple devices definitely have an edge when it comes to app security as compared to Android devices. It all comes down to how they operate.

The root of the problem is malware. Malware is becoming increasingly sophisticated and is able to penetrate most security tools today. In order to control the spread of malware, app developers are constantly advised to prioritize security when developing their apps – be it for Android or iOS.

Android apps vs iOS apps

Here’s where it gets interesting. When it comes to app development, iOS has much stricter rules in play for developers as compared to Android. For one, iOS is a closed operating system – meaning Apply has tight controls on the apps that are available on its App Store by vetting all apps to avoid allowing malware through.

At the same time, whenever Apple releases a new version of their iOS, every user will have to update their devices to it as well. Failure to do so will result in their devices not being able to function properly. When a new version is released, not only are iOS users getting new features but they are also getting updated security patches to ensure their iPhones remain secured.

“iOS is a much more closed operating system while Android is a much more open operating system. There’s one version of iOS and it’s controlled by Apple while there are many different versions of Android OS. Android OS will release its version and then device makers can basically play with it, make it better, or tune it to whatever their needs are. It’s still based on the main major Android release, but they can go do whatever they want.

iOS forces people to upgrade. They really make it hard for people to stay on an old operating system. However, for Android OS, there are still people running Android six, or even Android five. Why? Because there are cheap device makers. However, the problem of dealing with older operating systems is that they are at the end of life. Meaning, they don’t get any updates from Google anymore. The older operating systems have no idea what to do with modern malware,” commented Jan Sysmans, Mobile App Security Evangelist of Appdome.

The image below shows the different versions of Android OS still being used by some devices.

Sysmans also pointed out that this is not the fault of the customer. Device makers and app makers that continuously allow people to run on devices running old operating systems are at fault. This is because there’s absolutely no need to allow this.

Many of them just want to keep customers happy, especially since not everybody is fond of changing their devices after two or three years. But the reality is, that using older devices and older operating systems simply means the app developers are just playing with fire.

Moreover, Android’s open system means there are not many security barriers in place for apps in the Play Store. There are currently hundreds of malicious apps in the Play Store, which Android is trying to remove but because of the ease of developing apps for Android, fake apps are easily mushrooming in the Play Store.

An important point Sysmans also highlighted is that while users using old operating versions of Android are no longer managed by Google, those who use the latest version are going to have much better protection. In fact, he believes that the security of the newer Android OS is as good as iOS, especially if a user continuously updates their apps with the latest security features and such.

“If there are attacks against iOS devices, those attacks tend to be a lot more sophisticated and a lot more difficult. And the reason for that is that is the operating system. As the operating system is more closed, it’s more difficult to do things against it. If there are attacks against iOS users and iOS apps, those attacks tend to be a lot more sophisticated and a lot more dangerous.”

Case in point – the Pegasus spyware. Apple has continued to urge iPhone and other Apple device users to install the latest security updates after two vulnerabilities were found to have been exploited in tandem to deploy spyware.

What can developers do?

While it’s been established that both iOS and Android have their weaknesses, app developers need to change their approach to developing new apps. For starters, businesses need to understand that developing mobile apps is not just about joining the bandwagon of every other app but also about having an app that can actually work and comply with the security standards of both the iOS and Play Store.

In the second part of the article, Sysmans discusses more about the need to improve the process of app development as well as the role cybersecurity professionals play in ensuring the security features are built into apps.

---

---

---

---