iOS apps have more vulnerabilities than Android, says new report

iOS apps have more vulnerabilities than Android, says new report
Because of how the platform is designed, whenever we hear about malware or security threats in the mobile world, it tends to be pointed at Android, despite there being little evidence of anyone being at real risk outside of users in Russia or China who use a third-party app store. Now, a new report is claiming that the majority of app vulnerabilities exist in iOS apps, and they tend to be more severe as well.

The traditional thinking has been that because Apple locks down what apps are able to do on the platform and has a more strict app review process (not to mention a relative lack of malware), that the platform is safer overall, but mobile application security vendors Checkmarx and AppSec Labs say that isn't necessarily true. Their report claims that 40 percent of vulnerabilities in iOS apps were critical or high severity, compared to 36 percent of the Android vulnerabilities. 

The report didn't give exact figures but said the average mobile app had nine vulnerabilities, and iOS apps had more than Android apps. 

Leaking personal information was the most common vulnerability, at 27 percent of all flaws found. ID authentication and authorization problems were next with 23 percent. Plenty of other vulnerabilities were found, including cryptography weaknesses, disclosure of technical information such as application logs, and more.

source: Checkmark via CSO Online

FEATURED VIDEO

52 Comments

62. HumbleJ06

Posts: 102; Member since: Aug 10, 2015

Read the full report and it clearly states iOS has a higher percentage of vulnerability to high or critical attacks than Android. The difference was 40% to 36%. I think people are missing the whole point of the report though. The report is about how developers are not taking the correct steps to make their apps secure. Instead of defending or cheering your team we should be telling devs to stop being lazy! If you chose to be a developer do your job and follow the proper steps to make sure your app is secure.

43. Raito

Posts: 82; Member since: Aug 15, 2014

All OSes are vulnerable!!that's the main point!!of course iFans and Fandroids with their lack of mind gonna bash every article that mention their Crapdroids & CrapiOS things,, Thanx God i'm using Windows :D

42. jeroome86

Posts: 2314; Member since: Apr 12, 2012

I know I use to think PA was redirected me. But maybe I had adware, malware or something. Hasn't happen since switching to iOS. Always have to be careful with all this tech. Remember when my PLayStation network was hack. That was a headache.

41. kabhijeet.16

Posts: 895; Member since: Dec 05, 2012

Sick & tired of such articles. Every now & then one article pops up claiming android is vulnerable, other claims iOS is vulnerable... Waste...

39. Be_Mine unregistered

"The Fappening" :D

40. FluffyBled unregistered

Everyone is grateful to apple for that! :D

35. strudelz100

Posts: 646; Member since: Aug 20, 2014

SOURCES, SOURCES, SOURCES! Note the source: MOBILE APPLICATION SECURITY VENDORS Checkmarx and AppSec Labs. Their products have no reason to exist without current security hysteria that is Android and clearly benefit from trying to spread to iOS. If you took the bait without checking the sources: You're a fool. And judging by the comments above this, there are plenty of fools here.

37. tedkord

Posts: 17532; Member since: Jun 17, 2009

Wow, I've seen mental contortions before, but you just tied logic into an infinite knot.

51. AlikMalix unregistered

Ted, but he's right. Can you come up with one thing that these claims show that can at least point to what the problem really is? That's what I was trying to say. Where's any specifics? Just a blanket insinuation that iOS apps are volnurable, and.... That's it! Proof? Extreemity? Numbers? Cases? Complaints? Seems fishy... Do these firms looking for ways to sell antivirus or anti malware apps on iOS and looking for a way to persuade people to purchase vapor ware?

54. marorun

Posts: 5029; Member since: Mar 30, 2015

Same could be said for most Android security hole news they all come from such security firm.

60. AlikMalix unregistered

Actually stagefright pointed directly to the problem, so did stagefright 2, and the latest app volnirability said hoe many apps are affected, which software was responsible, and a list of apps as an example Remember that recently there were a few apps on the App Store that were built with third party apk (or something) - Apple removed those apps and helped app feces rebuild apps with proper software. That was specific, and had proof, and solution was made instantly. but this bit of news is so broad you can't even prove that it's fake/false because it's not pointing out what the problem is.

61. AlikMalix unregistered

Reply to moron runs post #54And I defended android when mcaffee or kasperskiy made allegations which was obvious PR move.

33. bucky

Posts: 3797; Member since: Sep 30, 2009

Next week there will be an article stating the opposite. I don't believe any of this for either side.

32. 99nights

Posts: 1152; Member since: Mar 10, 2015

Well the iflock can't claim they're apps are free of security flaws now, as many claim and still will on this site.

34. flipjzn

Posts: 257; Member since: Jun 22, 2012

*their

36. 99nights

Posts: 1152; Member since: Mar 10, 2015

Blame it on autocorrect. Correcting grammar and spelling is the typical isheep thing to do though.

30. Taters

Posts: 6474; Member since: Jan 28, 2013

The simpler and easier to use for developers, the easier to hack by developers. Live by the sword and die by the sword. Apple is living to 25 billion in liquid cash though so I don't think they care about security right now. Lol

25. MrElectrifyer

Posts: 3960; Member since: Oct 21, 2014

Hahaha, not surprised, it's apple's typical security by obscurity practice...more vulnerabilities, but they're swept under the rug and haven't been exploited much. betanews.com/2014/04/07/the-apple-myth-why-securit​y-through-obscurity-isnt-security/

24. TechieXP1969

Posts: 14967; Member since: Sep 25, 2013

The fact is none of this matters. I may crack some jokes, but the reality is simple. Software can never be secure from hackers. All software is vulnerable, zoom can be cool like give you advantages in games, or be bad and wipe out years of photo collections. Software is vulnerable by nature. Software is like a big city, the mores streets (lines of code), the more places crimes (hacks) can take place and no one will know. Just because your city is on an island (walled garden), doesn't make u more safe. It just means your crimes will be isolated to your city. Linux had an advantage to where issues could be worked on by many and get solved quicker. Even Apple and Microsoft with all their money, aren't Fort Knox, and they aren't quickly able to solves problems with their own stuff. The more people in your town (users) the harder it is to secure your city. I recall though with all software it's never finished; it's always work in progress; and security is a never ending battle.

15. TSMan2

Posts: 363; Member since: Aug 20, 2015

'and iOS apps had more than Android apps' Really?:) Cool story.

10. TechieXP1969

Posts: 14967; Member since: Sep 25, 2013

I have caramel, butter and cheese popcorn. I can't wait. Let's see what other things it's is bad at? Oh yeah, it's crashes more app that all versions of Android combined. iT's Obvious Security is not in iOS. i Oppose Security No one is secure. But since the Ifans have been lied too for years... Wait. Jailbreaks though lauded, are made possible by security holes. Yet Ifans aren't against it. But bash routers who want to root for more power than they already get. The most advanced insecure operating system in the world. This article should get 50 pages of comments. Anyways, has there actually been a recorded successful hack of a person actually using their phone? Not these, see if u can break out software for money contests.

38. Wiencon

Posts: 2278; Member since: Aug 06, 2014

Why do you need popcorn when you are the main troll on this site? I don't think you get the idea of "grabs popcorn"

9. AlikMalix unregistered

"The report didn't give exact figures but said the average mobile app had nine vulnerabilities, and iOS apps had more than Android apps." So basically vapor, absolutely nothing to go on, nothing to lookout for? Anything as proof? There were at least 3 android volnurabilitoes reported that also include apps that root your iPhone behind your back and makes them unusable. Those reports were specific and detailed on what is happening and who is affected. This report is buncha baloney, almost feels like damage control for all they crap happening to android. Take this article with a grain of salt - will look for real news about this - if it really exists - in next few days, otherwise I call bulls**t especially the fact that you can control app permissions and what they're allowed to access on a item by item basis. They didn't even mention ONE APP as an example, for crying out loud!

12. TSMan2

Posts: 363; Member since: Aug 20, 2015

This not even a news. This that iOS is more vulnerable than Android is known all those years. Just google 'Android Vulnerability Statistics' and 'Apple iOS Vulnerability Statistics' and you will see year by year so far.

29. engineer-1701d unregistered

apples hush money will be kicking in soon i give it 12 hours untill no story and apples reports they are the safest

50. marorun

Posts: 5029; Member since: Mar 30, 2015

Yep thats how its work. They will pay a few security firm to lash out on android OS and there we go its will be on all tech website. Ofcourse we dont get much info about what exactly is wrong with Apple iOS vulnerabilities because if they get into detail they get kicked out of the dev account they have..

53. AlikMalix unregistered

Do you and moronrun really believe your own bs, that you come up with? Is this just to convince yourself Apple is bad and android is the devine?

56. TechieXP1969

Posts: 14967; Member since: Sep 25, 2013

We have proved this is fact. Apple does pay hush money. All operating system are vulnerable. It doesn't matter if one is more vulnerable than another. The fact is they are all equal. Because all have vulnerabilities. as long as you have one, you have more than one. NO OS IS SECURE...PERIOD. I dont care who make sit, who owns it and who watches it. Apple does pay hush money. We've seen it happen as fact. PA even published an article about it. How apple threaten sites who showed their phone bending would be removed from the list of receiving devices to review. I could care less.if it was me. I'd wrote them back and tell then F#$@ your worthless piece of S$@#. I don't need or want to review them. In fact I wont even buy them to even do a review. If Google or Microsoft had lied about products to consumers, they'd be in court in a heartbeat. But its always ok for Apple to do wrong and not get called out. When we do call them out, we have to be haters and trolls. Actually you all are the haters and the trolls for believing Apple's bull$#%@ in the first place.

59. AlikMalix unregistered

Techie you're twisting it. Apple submitted the German site a device to review - not destroy!!! Given that any phone bends under some pressure some bend even under less pressure than the iPhone 6+ isn't the issue - the issue was that the iPhone 6+ was singled out from the rest making people think it's a problem - when it's just isn't as rigit as others. But instead of reviewing the device, its performance, screen, operating system, usability, feel - they just destroyed it. Apple wouldn't say a thing if the review was good or bad - but you're singling out ONE product for cheap clicks - you're going to make someone upset. It's like taking a slow car and saying its defective because there are other cars that are faster. It's not a design flaw, but a bad choice of material used. Like using four cylinders instead of six. Yeah the iPhone 6+ was easier to bend, but is it a defective device - no! Because you can still use it just gotta be more careful not to sit on it. Duh!

16. willard12 unregistered

Be safe out there.

* Some comments have been hidden, because they don't meet the discussions rules.

Latest Stories

This copy is for your personal, non-commercial use only. You can order presentation-ready copies for distribution to your colleagues, clients or customers at https://www.parsintl.com/phonearena or use the Reprints & Permissions tool that appears at the bottom of each web page. Visit https://www.parsintl.com/ for samples and additional information.
FCC OKs Cingular's purchase of AT&T Wireless