By Kari Paul, MarketWatch
When Google /zigman2/quotes/205453964/composite GOOG -0.03% released its Pixel 3 — a new smartphone running on Android that is known for its high-quality camera — it was said to be the most secure device from Google yet, featuring a security chip that encrypts data on the device.
As the debate between Apple /zigman2/quotes/202934861/composite AAPL -1.16% and Android rages on, here are some security differences to take into account between the two operating systems when you’re considering a new phone.
Google and Apple did not respond to requests for comment.
There is a difference between “privacy” and “security,” said Jessica Ortega, a website security analyst at Scottsdale, Ariz.-based cloud-based security firm SiteLock. Privacy is how data is handled and stored, and in that realm, Apple is superior, she said.
“When it comes to privacy, Android is still the second choice,” she said. “Android’s requirement that data on mobile devices be transmitted to Google servers and used for targeted advertising and building a user profile, makes Android the more customizable, but less private mobile operating system.”
Alternatively, Apple has been vocal about its commitment to data privacy, storing more data locally on the device and sending less to its servers for ad targeting.
“The narrative that some companies will try to get you to believe is ‘I’ve got to take all of your data to make my service better.’ Well, don’t believe that. Whoever’s telling you that — it’s a bunch of bunk,” Apple CEO Tim Cook told Vice News Tonight.
Security on the device
Android collects and sells more data to advertisers, but which devices are less vulnerable to hacking? Apple once again, said Ortega. That is because Apple’s iOS has higher levels of scrutiny over what apps are allowed to be sold in the App Store.
“Because Android prides itself on being open-source to a degree, their Play store is much easier to get apps added to and this has resulted in malicious apps slipping past security screenings,” Ortega said. “Contrary to Android’s Play store, the app store for iPhones is much more restrictive, requiring in-depth security scanning of all applications before distribution.”
In August 2018, Google removed 145 Android applications from its Play app store after security firm Palo Alto Networks informed Google they were infected with malware and stealing data from users.
Google’s Android platform is considered to be open-source with a much more accessible development platform and Play store. This means web developers can more easily create content and apps for Android phones, and that users can customize their devices more easily. Apple is much more restrictive, meaning fewer malicious apps, but also less customization for the end user.
Another downside to Android? Its infrequent software updates. In July 2015, a security researcher found a bug in the code of Android devices that left more than 950 million devices vulnerable to hackers. Bugs like these are exacerbated by the company’s failure to push updates to users.
“Google still has very little control over software updates, and Android users are basically at the mercy of their carriers and phone manufacturers when it comes to getting updates or new operating system versions,” Lorenzo Franceschi-Bicchierai, a security reporter at VICE’s Motherboard, wrote in his article ‘ Goodbye, Android ,’ explaining why he switched to an iPhone.
In 2013, the American Civil Liberties Union filed a complaint with the Federal Trade Commission asking the agency to investigate wireless carriers including AT&T /zigman2/quotes/203165245/composite T +2.17% , Verizon /zigman2/quotes/204980236/composite VZ +0.49% , Sprint , and T Mobile /zigman2/quotes/204659678/composite TMUS +0.49% for failing to inform customers that Google’s Android system could be running without critical security updates.
“Android smartphones that do not receive regular, prompt security updates are defective and unreasonably dangerous,” the ACLU wrote.
Other privacy efforts to make
Although by many of these measures, Apple is more secure, users have a responsibility to do more than just choose the “smarter” smartphone, said David Ginsburg, vice president of marketing at Cavirin, a Santa Clara, Calif.-based cybersecurity company.
“Securing your phone is just one aspect of ensuring your personal cyber posture,” he said. “On the privacy front, it is what applications you install and use, and having a good understanding of their privacy policies.”
Buying a more secure phone could protect you from malware and nefarious apps, but it won’t protect you from data scandals like Facebook’s /zigman2/quotes/205064656/composite FB +1.98% breach involving Cambridge Analytica, which affected 87 million users, or phishing attacks, which are emails posing as legitimate sources to gain password information. To prevent ongoing security concerns like these, users should use basic digital hygiene like password managers and two-step verification.
The verdict? Apple is your best bet for built-in privacy, but you should take your own measures to prevent hacking of your devices even if you have faith in your phone system.
This story was republished on Jan. 5, 2019.