It may be the world's biggest smartphone platform but as Josean Mendez from Capgemini writes, it's got problems with security.

Android Open Platform Controversy
Android may be the world's most popular smartphone platform, but its openness brings with it huge problems - including security. (Credit: Reuters)

Think about the mobile device you use. Chances are you either use an Apple phone or a phone running Android, Google's popular mobile operating system.

However, Android's sweet spot - the openness of the platform - is increasingly under pressure to prove its security robustness amongst its entire pool of users. The number of security concerns against Android continues to grow and Google has been looking for ways to improve its platform security.

Let's take a look at the complexities involved in managing an open platform as well as understanding Apple's approach on the matter.

Android vs. iOS mobile platforms

When Google Play - formerly known as 'Android Market' - was launched towards the end of 2008, it needed to show a promising platform to attract developers. As a consequence it focused primarily on showing a high number of apps to counter Apple's established market.

Google wanted to become a runaway success like Apple, which had become known for starting the app revolution with its app store.

However, due to the desire to build its app base at a rapid pace, it transpired that many apps were overlooked when it came to proper security guidelines - with some even containing malware.

Google has been tackling this situation ever since.

Apple's operating system, iOS, is often regarded as Android's more secure rival but it certainly is not a perfect one. Recent research by Georgia Tech made headlines at the beginning of June when it was revealed that Apple iPhone devices could be taken over with a custom built charger.

This clearly reminded us that no mobile platform is fully safe from vulnerabilities. It also showed that having full control over a single channel system doesn't make security unbreakable.

The open channel question

While lack of proper security app checks is often attributed to Android's security faults, it certainly is not the main problem. An underlying and often overlooked issue is the fact that Google does not control its entire channel or rapidly growing ecosystem - so naturally there is fragmentation.

Take for example the popular Amazon Kindle Fire tablet that is owned by millions of people worldwide and was launched recently in China; under its hood it runs Android but Amazon has heavily modified the operating system linking it up to Amazon's services.

This issue is augmented when you think about the close to a billion different devices and models running on Android. Google controls the brand - which many people don't realise. However, this level of fragmentation makes security an even harder issue for Google to rein in.

When a security issue arises on the platform, a so-called 'patch' is made. Android's vendors must then incorporate these fixes into their custom platform builds and in some cases even work in collaboration with telephone carriers to certify and release a new version to its users.

Due to the convoluted ecosystem Google operates, the time it takes for Android flaws to be fixed is considerably longer than patching iOS devices. Apple can easily update millions of devices all over the world with one quick notification. Why?

Because it fully controls the channel, produces iOS and designs the hardware.

Apple also manufactures its own devices, runs the App Store and the distribution of software to its platform. Indeed, to underline this point, Apple revealed to the market during WWDC 2013 that 93% of iPhone users are running iOS 6, the latest version of iOS at this time.

App store security difficulties

When it comes to app stores, there's a distinct difference in the app approval methods between platforms. Apple has a more rigorous approval and verification process since its mobile platform and all its components work in unison. However, while Google Play and some other Android app stores have some security measures in place, the process cannot be as rigorous since it needs to consider the several versions and variations of the Android platform available on the market.

This risk is increased by the fact that it's possible to install non-curated apps that are distributed through stores other than Google Play or the second most popular destination for Android apps, Amazon's App store. Due to this, Android's security is subject to its software being distributed to multiple distribution channels while Apple only has to worry about one.

Risks to the enterprise

Security is one of the top reasons why businesses delay in adopting mobile in their organisations. As bring-your-own-device (BYOD) adoption continues to increase, data access to work servers from multiple entry points, including enterprise apps, heightens the risk of loss or breaches.

The security differences between various mobile operating systems are aspects companies must fully consider in a time of increasing mobile security breaches.

While mobile implementation within companies brings a great opportunity, the increasing complexities in securing mobile devices are causing many IT managers to re-think their mobile security strategy.

The battle between Google's open ecosystem and the closed one which Apple runs on will continue to evolve. Google is well aware of the fragmentation issues on the Android platform and is looking for ways to better manage a secure ecosystem. While each player in the ecosystem continues to perfect its security processes, mobile platforms will need to pick up the pace and stay ahead of increasingly clever mobile security attack methods.

Google and Apple must always be aware that as security technology gets smarter, so do the attacks.

Josean Mendez is one of the authors of Capgemini Group's recent research entitled: "Taking Mobile Security to the Next Level" The paper can be downloaded here.

China IPhone Android