In recent months we have heard or read a lot of news about new attacks and exploited vulnerabilities in Android that put users at risk. On the other hand, almost every month we see a new list of Android apps injecting new devices with malware, and this seems to be a long way from over. Learn to know about why hackers prefer Android over iOS.
The big question is… why is Android a target of cyber-attacks? Is it really less secure than iOS? Does Google need to invest more money and resources in security?
Although at first glance it might seem that iOS is more secure than Android, and that Google should invest more money in security, the reality is that all this is much more complex than it seems, since Android is classified by security firms as more secure than iOS, and Google spends more money on security than Apple.
More money can be made by attacking Android than iOS
According to the latest distribution and activation figures, Android currently has more than 2.5 billion active devices in the world, while Apple has 900 million active iPhones on the market.
This means that there are almost 3 times more Android devices than iPhones on the market, and from there it becomes much more profitable to look for a vulnerability or try to attack an Android phone with malware, since there is a higher chance of success for a cracker to steal data or spy on an Android device because there are many more devices on the market.
A very specific case of the above are all applications that run “invisible” ads with some type of malware, since the fact of being able to infect more Android devices than iOS translates into a higher probability of earnings, in addition to Android it is easier to infect a device through the installation of APK files.
So the logic to understand why Android is much more attacked than iOS is based on ‘the greater the market share, the greater the chances of success’.
Fragmentation slows down security
Fragmentation in Android is another problem that directly affects security, because despite the fact that security patches are released month after month and put into open source code, many brands take a long time to release security patches, and although We will receive an update every 3 months, when some problems require immediate attention.
Google, Nokia, Samsung (with some models) are the only brands that release monthly updates to their devices, this takes away from the teams that belong to the Android One program, which should receive security updates every month.
For this reason, vulnerabilities often take longer to be fixed on Android devices, since Google does not have control over its security updates as Apple does over all iPhones on the market.
However, Android is more secure than iOS
Despite the fact that fragmentation and the number of devices help cybercriminals to take advantage of vulnerabilities, several security firms report that today Android is already much more secure than iOS.
What are the foundations of this statement? According to security firms like Zerodium, Android is becoming much more difficult to hack, and it even costs much more work to find vulnerabilities, while iOS is much faster and easier to do so.
Zerodium is a company that pays hackers to find zero-day and zero-click vulnerabilities, and one of the most recent changes to the company is that it pays a lot more money to find a vulnerability in Android than it does in iOS, and it does so because it’s It is more difficult to find a complete chain of exploits for Android, and it is almost impossible to create one that does not require user interaction (zero click), according to Chaouki Bekrar, founder of Zerodium.
On the other hand, iOS is a “strainer” for iOS, since a huge number of bugs have recently been found with which to take advantage of iOS, while Chrome is difficult to become a gateway to iOS.
And it is that despite the fact that Apple now pays up to 1.5 million dollars to find a zero click vulnerability, Google has increased the rewards for all kinds of vulnerabilities in Android and Chrome, in addition to investing heavily in one of the security teams of today’s most important elite such as Project Zero, which just found the latest serious vulnerabilities in iOS.