Security is always a hot topic with mobile platforms, but most of the time the focus is on Android and the malware issues that exist for the platform if you don't use the Google Play Store. But, a new study shows that maybe we should pay more attention to the iPhone's security issues, because the study claims that the iPhone has more security vulnerabilities than Android, BlackBerry, and Windows Phone combined.
The study was conducted by SourceFire, which analyzed vulnerabilities from the Common Vulnerabilities and Exposures (CVE) data and National Vulnerability Database (NVD) over the past 25 years. Yves Younan, senior research engineer at SourceFire's Vulnerabilities Research Team and author of the report, said that the results were "surprising", especially since despite Apple constantly releasing security fixes with each update, CVE continue to grow year over year.
According to the study, the iPhone has 210 vulnerabilities, which adds up to 81% of mobile phone platform vulnerabilities in the four platforms studied. Android has just 24 known vulnerabilities, Windows has 14, and BlackBerry has 11, which combined rounds out the remaining 19%. The study didn't extend to fringe systems like Symbian, bada, and the rest. To be fair, these numbers are a cumulative total since 2007
, but even removing 2007 from the mix, iPhone still has 205 vulnerabilities to Android's 24.
Younan's theory to explain the results is that cybercriminals can't get at users through the iTunes App Store, and have to work harder to find iPhone vulnerabilities, so more are found. Whereas, because Android is an open platform, that makes it easier for criminals to attack the platform.
Of course, he doesn't mention that only 0.5% of malware
comes through the Google Play Store, so criminals still have to find ways to get Android users to sideload infected apps. It is still very possible that Android simply has fewer vulnerabilities because it is open-source (which tends to be more secure), and the only real serious vulnerability with Android is that users are allowed to screw things up if they aren't careful.