"Enterprise security managers need to know that Apple's vaunted iOS mobile security reputation hinges on its app distribution control, not on any inherent superiority of its operating system," said Marble Security Founder and CTO David Jevans.
Attackers have found ways to publish malicious apps, or to attack mobile users, over SMS or through compromised Wi-Fi hotspots on both platforms.
Both Android and iOS apps routinely require privacy-risky permissions like reading contacts, email messages and text messages; once uploaded to the app provider, this data is no longer controlled by the mobile device or the enterprise and represents a significant potential threat to security.
There is no significant difference in the risk of jailbreaking iOS versus rooting Android devices: "jailbreak jammer" apps on both platforms can prevent detection by mobile device management (MDM) systems, and new versions are rapidly brought to market following releases of either mobile operating platform and the leading MDM systems.
Some threats are different between the two platforms, though. For example, new iOS threats such as hostile configuration profiles, unencrypted email attachments and backup hijacking can open very effective attack opportunities for hackers.
"We broke it down in our labs against 14 leading attack vectors for mobile devices, and aside from their app distribution control, iOS and Android are equally at risk to the mobile security threatscape facing the enterprise”, said David Jevans. “The take-away for network security managers is you cannot take iOS device security on faith and allow those users unfettered access to corporate resources."
For tablet news and trends, sign up for TabTimes' free Tablet Business/Productivity newsletter