For a considerably long time—over 40 years—Apple has staked the claim that their devices are pretty much hack-proof, that most hackers wouldn’t even try breaking into their security measures. Law enforcement was so repeatedly rebuffed by the company as they sought workarounds to get into their devices, that these law enforcement agencies figured it out for themselves.
In doing so, they uncovered a few things that even the most ardent Apple fans may be surprised to hear.
What Has Been Discovered About Mobile Security
After having nagged Apple for years to share access to their OS, law enforcement finally figured it out in 2020, and in 2021, a position paper entitled Data Security on Mobile Devices: Current State of the Art, Open Problems, and Proposed Solutions explored three questions:
- What security measures are currently in place to help deter unauthorized access to user data?
- How do modern devices allow unauthorized access?
- How can mobile security be improved to prevent unauthorized access?
Researchers dug into both of today’s major platforms—Android and iOS alike—and discovered that neither of the two offered a superior security foundation when compared to the other.
While the researchers did “find a powerful and compelling set of security and privacy controls, backed and empowered by strong encryption” in the iOS platform, these tools simply weren’t being used with enough consistency to really deliver the security benefits they should have been. Android’s issues were derived from the fact that so many manufacturers have the capability to build devices that run Android and—since many of these devices would only communicate with Google HQ so often—updates were often slow to be implemented and some controls could be inconsistent.
Of course, the report included a few specific examples of the issues that were discovered:
Apple’s Security Issues
There is an argument to be made that an Apple user’s ability to securely store their data in iCloud is one of the best features of the platform. However, the researchers also uncovered that this data isn’t all that is taken in by Apple. Activating iCloud also sends a litany of other data to Apple… where other entities (like hackers and now law enforcement) can now access it.
With Apple’s security defenses less effective than they were once believed, this problem is made to be even bigger. Apparently, the researchers also have reason to believe that a tool like theirs has existed since 2018 that could allow attackers to guess user passcodes.
Android’s Security Issues
As for Android, its shortcomings were largely in its local data protection. Android has no solution that could be analogous to Apple’s Complete Protection encryption, leaving it more vulnerable as a result.
What Does This All Mean?
In so many words: neither is the perfect defense that either platform wants you to think it has.
You really shouldn’t ever assume that your data is safe to begin with. The onus falls to you and your organization to manage your data’s security. Fortunately, there are solutions available today to help, like mobile device management platforms and Bring Your Own Device policies that help ensure that your organization isn’t inviting in additional threats.
Setton Consulting can help you put these tools and more in place. Give our team of experts a call at (212) 796-6061 to get started.