As Android's market share continues to grow, it is inevitable that it will become a target for viruses and other malware. Indeed Steve Chang, the chairman of Trend Micro, a provider of security software, cautioned that Android is far more susceptible to malware attacks than iOS.

In an interview with Bloomberg, Chang claimed that Android's open source infrastructure allowed hackers to better understand the underlying architecture and source code. In contrast, Chang gave Apple credit because he believed that they were very careful about malware and that it was "impossible for certain types of viruses to operate on the iPhone." He explained that Apple uses a "sandbox concept" which isolates the platform, preventing viruses from replicating themselves or decomposing and recomposing to avoid virus scanners.

Nevertheless, Chang accepted that iOS is not completely immune to security threats as the user is still vulnerable to social engineering attacks, whereby he or she is tricked into installing an infected app or visiting a malware ridden website.

It seems unlikely that merely having an open environment enables hackers to create more destructive malware. In fact, security by obscurity, which is a security principle that uses secrecy of certain components to achieve security (not to be confused with security through minority), is often criticized by security experts for providing false sense of confidence. The fact that iOS is not open-source and Android is may create an initial bump for iOS hackers, but in the end, a closed system is just as vulnerable as an open one, if not more. An open system like Android benefits from thousands of eyes of security experts all over the world that may examine the source and alert Google of potential vulnerabilities, thus making it more secure overall. No such crowd-sourcing effort is possible with a closed-source project, such as iOS.

It may be Google's lack of a formal app approval process that allows viruses masquerading as legitimate apps to pepper the Android Market, misleading the unsuspecting user into installing them. For example, one of the early viruses on the Android OS appeared to be a media player app that, unbeknownst to the user, would start sending premium-rate messages from the user's phone, leaving the creator of the virus with a healthy revenue stream generated by those messages.

Google acknowledges that Android users must necessarily entrust some of their information to the developer of the application they are using; however, Android ensures that the user can view permissions granted to a particular app and make a relatively informed decision about installing it. On the other hand, Apple's rigid, often draconian app approval policies do have the benefit of filtering out most potential malware.

It is unsurprising Chang has warned users of smartphones to be wary of malware, since Trend Micro offers antivirus suites for both Android and iOS.

image image

Credit: Bloomberg