News Release

Symantec Analysis of Apple’s iOS and Google’s Android Platform Cites Improved Security over PCs, but Major Gaps Remain

The mass adoption of both consumer and managed mobile devices exposes enterprises to new security risks

Symantec Corp. (Nasdaq: SYMC) today announced the publication of “A Window into Mobile Device Security: Examining the security approaches employed in Apple’s iOS and Google’s Android” (PDF). This whitepaper conducts an in-depth, technical evaluation of the two predominant mobile platforms, Apple’s iOS and Google’s Android, in an effort to help corporations understand the security risks of deploying these devices in the enterprise.

Chief among the findings is that while the most popular mobile platforms in use today were designed with security in mind, these provisions are not always sufficient to protect sensitive enterprise assets that regularly find their way onto devices. Complicating matters, today’s mobile devices are increasingly being connected to and synchronised with an entire ecosystem of third-party cloud and desktop-based services outside the enterprise’s control, potentially exposing key enterprise assets to increased risk.

The paper offers a detailed analysis of the security models employed by Apple’s iOS and Google’s Android platforms, evaluating each platform’s effectiveness against today’s major threats, including:
• Web-based and network-based attacks
• Malware
• Social engineering attacks
• Resource and service availability abuse
• Malicious and unintentional data loss
• Attacks on the integrity of the device’s data

This analysis has led to some important conclusions:
• While offering improved security over traditional desktop-based operating systems, both iOS and Android are still vulnerable to many existing categories of attacks.
• iOS’s security model offers strong protection against traditional malware, primarily due to Apple’s rigorous app certification process and its developer certification process, which vets the identity of each software author and weeds out attackers.
• Google has opted for a less rigorous certification model, permitting any software developer to create and release apps anonymously, without inspection. This lack of certification has arguably led to today’s increasing volume of Android-specific malware.
• Users of both Android and iOS devices regularly synchronise their devices with third-party cloud services (e.g., web-based calendars) and with their home desktop computers. This can potentially expose sensitive enterprise data stored on these devices to systems outside the governance of the enterprise.
• So-called “jailbroken” devices, or devices whose security has been disabled, offer attractive targets for attackers since these devices are every bit as vulnerable as traditional PCs.

Quotes:
“Today’s mobile devices are a mixed bag when it comes to security,” said Carey Nachenberg, Symantec Fellow and Chief Architect, Symantec Security Technology and Response. “While more secure than traditional PCs, these platforms are still vulnerable to many traditional attacks. Moreover, enterprise employees are increasingly using unmanaged, personal devices to access sensitive enterprise resources, and then connecting these devices to third-party services outside of the governance of the enterprise, potentially exposing key assets to attackers.”

Click to Tweet: Symantec analysis finds iOS and Android security better than that of PCs, but major gaps remain: http://bit.ly/ieywwW

Related
• White Paper: A Window into Mobile Device Security: Examining the security approaches employed in Apple’s iOS and Google’s Android (PDF)
• Blog Post: New Symantec Research: The Current State of Mobile Device Security
• Infographic: Top Threats Targeting Mobile Devices
• SlideShare Presentation: Mobile Device Security
• Expert Biography: Carey Nachenberg
• Symantec Mobile Solutions

Connect with Symantec
• Follow Symantec ThreatIntel on Twitter
• Follow Symantec on Twitter
• Join Symantec on Facebook
• Join Norton on Facebook
• Read Industry Trends on Delicious
• View Symantec’s SlideShare Channel
• Subscribe to Symantec News RSS Feed
• Visit Symantec Connect Business Community

About Security Technology and Response
The Security Technology and Response (STAR) organisation, which includes Security Response, is a worldwide team of security engineers, threat analysts and researchers that provides the underlying functionality, content and support for all Symantec corporate and consumer security products. With Response centres located throughout the world, STAR monitors malicious code reports from more than 130 million systems across the internet, receives data from 240,000 network sensors in more than 200 countries and tracks more than 25,000 vulnerabilities affecting more than 55,000 technologies from more than 8,000 vendors. The team uses this vast intelligence to develop and deliver the world’s most comprehensive security protection.

About Symantec
Symantec is a global leader in providing security, storage and systems management solutions to help consumers and organisations secure and manage their information-driven world. Our software and services protect against more risks at more points, more completely and efficiently, enabling confidence wherever information is used or stored. More information is available at www.symantec.com.

###

NOTE TO EDITORS: If you would like additional information on Symantec Corporation and its products, please visit the Symantec News Room at http://www.symantec.com/news. All prices noted are in U.S. dollars and are valid only in the United States.

Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners.

Technorati Tags
Symantec, cybercrime, malicious code, hackers, internet security

ENDS

BUDGET 2012:
Parliament Debate Live - Video Of Budget 2011
Keith Ng Interactive Graphic: How the Budget Breaks Down
BUDGET 2012 - FULL COVERAGE: Reports / Analysis - Press Kit - Reaction (from everybody) - Previews (from everybody) - Pre-Budget Announcements

Gordon Campbell: On the Budget’s Spreadsheet Victories

It wasn’t as if expectations were sky high, exactly. Chances are, it was always more likely that we’d be seeing Bigfoot rampage through the Beehive lock-up than catch a glimpse of a credible growth agenda from this government. More >>

Sludge Budget Report - Short The Dollar! MEMO: To international bankers FROM: C.D. Sludge Please short the dollar! It'll be good for both you and us. And you know you want to. Greexit, Eurogeddon... watch out... flight to quality and all that. Follow your instincts. The NZ Debt Management Office has been so surprised at the unprecedentedly low interest rates that it can borrow at that it has already entirely pre-funded the 2013 fiscal deficit - all $8 billion of it! More >>

Pattrick Smellie Comment: Doddling along the best we can hope forCriticising Budgets for lacking vision or imagination is like shooting fish in a barrel, but even so, this year's Budget again feels like a missed opportunity. Perhaps it's the intrusion of real world needs that means the government couldn't make better political use of the $558.8 million it expects to gather in its first partial asset sale. More >>