Ask Jerry: Is iOS more secure than Android?

Android statues
(Image credit: Android Central)

Welcome to Ask Jerry, where we talk about any and all the questions you might have about the smart things in your life. I'm Jerry, and I have spent the better part of my life working with tech. I have a background in engineering and R&D and have been covering Android and Google for the past 15 years. 

Ask Jerry

Android Avatar of Jerry

(Image credit: Future)

Ask Jerry is a column where we answer your burning Android/tech questions with the help of long-time Android Central editor Jerry Hildenbrand.

I'm also really good at researching data about everything — that's a big part of our job here at Android Central — and I love to help people (another big part of our job!). If you have questions about your tech, I'd love to talk about them. 

Email me at askjerryac@gmail.com, and I'll try to get things sorted out. You can remain anonymous if you like, and we promise we're not sharing anything we don't cover here.

I look forward to hearing from you!


Which is more secure, Android or iOS?

OnePlus 12 vs. iPhone 15 Pro Max

(Image credit: Apoorva Bhardwaj / Android Central)

A lot of people have asked:

Which is more secure — Android or iOS?

A lot of the questions I get are about malware (and how to avoid it), mobile security, privacy, and which phones do it best. Most of them are basically asking the same thing — which is more secure?

You might think this is an easy one-word answer, but it's not because nothing about Android is easy or simple regarding how it's made or created. Android isn't what you think it is.

Android starts as a bunch of lines of code that anyone — even you — can download and compile to make an operating system. It's fairly complete, providing everything you need to connect to a wireless network and use a platform for other applications.

It's very secure and acts as the base for the most secure operating systems available that you might not know about; operating systems like Graphene or Copperhead are built using the Android Open Source Project.

AOSP

(Image credit: Future)

Technically, this isn't Android. Android is a trademarked name "owned" by Google, and to use it as a description for your product requires compliance with the Android Compatibility Program. Google makes this clear, saying "The use of the "Android" trademark on hardware, packaging or marketing materials of the device is restricted to Android-compatible devices only."

If you ignore these details and say that any operating system based on the original code is Android, then Android is more secure and private than iOS. But you probably should consider these operating systems more of a specialty for enthusiasts versus a regular consumer product. Maybe that should change, but companies with deep pockets aren't going to let that happen easily.

So, back to square one: Which is more secure, Android or iOS? I'm going to say iOS, but for one specific reason—there is only one iOS, while there are hundreds of different types of Android, each with its unique services and exploits in addition to the potential security flaws in "Android" itself. 

This is me being pedantic. Out of the box, there isn't any practical difference between an iPhone and a Galaxy phone when it comes to security. Both have flaws, and when those flaws are found, both are promptly patched. As long as you keep your software up to date, either will serve you well.

That's not the end of the conversation, though, because you will install other applications on your phone. Apps can make even the most secure phone "unsafe," and we see that all the time on both Android and iOS. Apple and Google do a good job keeping bad apps out of their stores, and tools like Google Play Protect help a lot, but it still happens. My advice is only to install apps you trust, from developers you trust, sourced from a place you trust. Sideloading willy-nilly can ruin even an ultra-secure phone.

Don't forget about privacy

Pixel 6 Pro Privacy Dashboard

(Image credit: Jerry Hildenbrand / Android Central)

One last thing that usually gets left out of these conversations is that security is not privacy and it's possible to have one without the other. I'll start by saying Apple is more private, but not for the reasons you think.

Apple collects all sorts of information about you whenever you use an iPhone or iPad, just like Google or Samsung does. Certainly, more than you would be comfortable with once you know it's happening. The difference is that Apple seemingly doesn't do anything with it.

Google uses this information to try to sell you things. It tracks you, builds a profile about you, and references it to show you the "right" ads. It works, and Google makes a lot of money because it can do this better than other companies that do the same thing, like Amazon or Walmart.

Apple holds this information and probably only uses it to determine what to work on next. If Apple sees everyone using one particular feature, it knows to keep working on ways to improve it. It also knows which features everyone puts in a trash folder on the home screen. This sort of information tells Apple how to allocate future resources. Google and companies like Samsung do this, too, and it's a mostly harmless collection of data.

Still, Apple is collecting it, and you should know about it. You shouldn't be surprised because every other company that makes connected devices or services is doing the same. I feel that Google's use of your data for profit is just more intrusive, even if the company is quick to tell us that no people are doing any of the tracking and that it's all done by computers and algorithms.

In the end, you're safe to consider one just as secure as the other as long as you're willing to keep your phone's software up to date and be sensible when it comes to installing apps.

Buy whichever you like the best!

Jerry Hildenbrand
Senior Editor — Google Ecosystem

Jerry is an amateur woodworker and struggling shade tree mechanic. There's nothing he can't take apart, but many things he can't reassemble. You'll find him writing and speaking his loud opinion on Android Central and occasionally on Threads.

  • notforhire
    as usual, well said
    Reply
  • cribble2k
    Apple has their own advertising service as well. All that info they collect can offer curated ads to their users in the same way Google does.
    Reply
  • Laura Knotek
    Excellent explanation.
    Reply
  • daggre
    I worked in the mobile security industry for years, and I agree in general that both iOS and Android at the OS level are roughly the same, but there are some key differences that make Android devices much less secure in practice. Most (all?) of these come from the fact that it is much easier for rogue developers to get away with things on Android than on iOS, and the consequences when a developer does breech a policy are much less severe on Android. Generally speaking, Apple is proactive in their review process and extremely punishing for violators, where Google is reactive after products are already released, and relatively forgiving for violators. I can't give specific examples because of potentially violating proprietary information agreements, but social media companies in particular harvest as much information as they are allowed to, and sometimes more than they are allowed to, especially on Android. With TikTok in particular, this is unnerving because they are partially controlled by a foreign nation who has access to all that data, whether they intend to use it maliciously or not.

    There's also just a lot more an Android app is allowed to do than an iOS app, such as capturing IP traffic, running the background 100% of the time, collecting and reporting information about what other apps are installed, and the list goes on... While it makes for some amazing experiences that can only be had on Android devices (such as having 3rd party voice assistants without running the app in the foreground) it also allows malicious developers to have more attack vectors.

    I'm not sure where they cite their "recent reports" but this is consistent with what I've personally experienced in the Mobile Threat Detection and Prevention industry (that an Android device is about 50x more likely to be infected with malicious software than iOS): https://silentbreach.com/BlogArticles/cybersecurity-matchup-apple-vs-android/#:~:text=According%20to%20recent%20reports%2C%20Android,all%20malware%20targets%20Android%20users.
    Reply