Should malware risks factor into the iPhone vs. Android debate?
In this edition of Ask Maggie, CNET's Marguerite Reardon offers advice about whether the risk of malware should factor into a reader's decision about which smartphone OS to buy.
As Google's Android operating system gains momentum in the smartphone market, some long-time Apple iPhone fans are considering a switch to Android. But should these former iPhone fans worry that Android alternatives won't be as secure?
With cyberattacks and malicious apps targeting Android smartphones increasing in frequency, some former Apple devotees are nervous about making the switch. In this edition of Ask Maggie, I shed some light on whether Android security should be a deal breaker or not.
I also explain why you may have to pay twice for an app you love if you decide to ditch the iPhone for an Android device.
Switching from the iPhone to Android: Is malware a concern?
Dear Maggie,
I have been reading your posts on switching from iOS to Android, and honestly am quite interested. I have been submerged in the iOS ecosystem since 2008 and have loved it. But I am now worried about the direction Apple appears to be taking. Couple this with the maturation of the Android OS and you have one curious person.
My biggest concern is all the malware reports that have been cropping up with Android. I am fairly tech-savvy, but it seems like everywhere I read, I see new Android malware. I regularly handle private and sensitive data, so is the ability to tweak the Android OS worth the security risks?
Thanks,
Curious Will
Dear Curious Will,
You are correct that studies suggest that malware is on the rise when it comes to smartphones. And because of the open nature of the Android operating system, plus the sheer number of Android devices on the market, this particular operating systems is often a target for hackers.
But you need to keep things in perspective. CNET Senior Editor Seth Rosenblatt, who specializes in software and app testing, said that even though malware threats are increasing, it hasn't yet reached the same level of threat as malicious code found on desktop computers.
"There's no doubt that malware exists and is growing," he said. "But it's also like comparing the surface area of a sheet of paper to the surface area of a piece of dental floss."
That said, Google Android devices may be more vulnerable to attacks than the iPhone. The reason is that Apple's App store is considered to be more secure due to the fact that each app must be approved to be listed in the store for download. By contrast, apps in the Google Play store don't need to be approved by anyone. But that doesn't mean that the store is flooded with malicious apps. The Google Android community has stepped up efforts to actively police the store in an effort to remove apps that may cause harm.
And the truth is that most of the reports about Android malware come from apps that were downloaded from third-party app stores.
One easy way to reduce the risk of downloading a virus on your smartphone is to only download apps from trusted app distributors, such as the Google Play Store or Amazon's app store. In other words the same common sense you use when surfing the Net on your PC applies to your mobile phone: don't download apps from random Websites and don't click on links from unknown sources.
But even this level of caution may not be enough to fully protect you. Malware has been known to slip through the cracks of all app stores. There have been reports of malicious software showing up in the Google Play Store as well as in Apple's well-protected iTunes App store. So even if you find an app you want to download in one of these stores, you should check out the source and vendor of the app you are installing before downloading it onto your phone.
Rosenblatt also recommends that anyone with a smartphone download a security app to their device. Apps from Lookout, Avast or AVG are all good options for Android security, he said. These apps will scan applications when you install them to make sure they are not known malware or try to do things on your phone that would be considered characteristics of malware.
Privacy concerns
But malware is only one potential security threat. You should also be concerned about protecting your private information. While there's no question that key-loggers can gain access to your sensitive data, there are also legitimate applications that track your GPS location, automatically tag photos with timestamps and geolocation information, and read your contacts. These apps may not be malware per se, but they compromise your privacy and there is always a risk that the information gathered could be misused.
The Android OS offers you some protection in this department, since it tells you when you're installing an application if it will be doing these things. But sometimes people just press "accept" and install the software anyway because they want a free app. That is why it's important to pay attention to those alerts when you are installing apps. And if you don't want that information gathered and shared with anyone, then don't accept the terms and do not download that application.
Beware of theft
If you're concerned about security and privacy, which it sounds like you are, then you should also make sure that the information on your phone is encrypted and that you know how to remotely wipe your device of data if it's lost or stolen.
While I understand that your question was specifically about malware, you are probably far more likely to have your phone lost or stolen than you are to have it infected with malware. Because mobile devices are small and portable, they can be easily stolen and resold, making theft much more of a threat than it would be for a desktop computer or even laptops.
Following this line of thought, Rosenblatt reasons you may put your data at greater risk by owning an iPhone than an Android device. Why?
"Since iPhones tend to retain the highest resale value, it stands to reason that if you own an iPhone, you're a more appealing target for theft," he said.
He recommends that it's just as important to have location detection and anti-theft capabilities built into the security software you have on your device as it is to have functionality that scans your device for malware. (Of course, turning on a location tracker exposes you to privacy risks, so you should weigh the pros and cons of doing this.) Premium versions of security software, such as Lookout, can also provide this protection, which includes back-up features and restore features as well as remote wiping of the device.
The bottom line is that I don't think malware risks should be a major factor in choosing your next smartphone OS. There are security risks associated with any device operating system. And there are privacy and security concerns that come with owning any smartphone. The best advice I can offer you is to make sure you are protecting your device, whether it's an iPhone or an Android smartphone, by doing these four things:
• Install security apps on your device that scan for malware, track lost devices, backs-up data, and remotely wipes lost handsets.
• Download apps only from trusted and legitimate app stores and app developers.
• Encrypt data stored on your device.
• Decline to download apps that access and share your personal information, such as location or contacts.
I hope this advice was helpful. And good luck.
