Are iPhones more secure than Android phones?

Staying safe in a digital world can be difficult. It can be hard to understand how to avoid phishing scams, or if WhatsApp is a safer choice than Signal or Telegram. And it turns out the choice of phone you have can impact how safe you are, with Android and Apple handsets both being susceptible to hacking, if not to varying degrees.

That’s why we asked around the stratosphere to find out what leading security experts think, and what you should watch out for so you can keep your phone out of harm’s way.

Up your cybersecurity with NordVPN – Now 62% off plus a random gift of either 3 months or 1 year extra subscription with every purchase. 

Are iPhones more secure than Android phones?

Chris Hauk, consumer privacy champion at Pixel Privacy, told Trusted Reviews that Android phones are targeted more often than iPhones as there are more of them in the wild, making them a bigger target.

“Android handsets are usually targeted more than iPhones, due to their larger installation numbers, so targeting Android devices offers a larger attack surface,” Hauk says.

“iPhones are also not as susceptible to attacks as Android devices, as Apple controls both the devices and the operating system. Meanwhile, Android is adapted by numerous smartphone makers, which usually customize the mobile operating system for the devices they sell, introducing possible security flaws by installing their third-party software.”

That doesn’t mean that iPhones are immune to attacks or vulnerabilities. Recently Apple just patched up two significant security holes that could have allowed third-party apps to see your private Apple ID. In a similar vein, a Safari 15 bug was discovered that could disclose your recent browsing history from the app, showing that Apple is not invincible, even if it is less common to see it struggling with big security vulnerabilities.

Security advisor at F-Secure, Fennel Aurora, explained to Trusted Reviews how Android is more targeted, even though iPhone malware is more valuable, as it requires more complicated tricks to get into the iOS system.

“In general iOS and Mac users are more valuable targets and can be more profitable if the crime company is able to put in the effort to develop more complex malware,” Aurora notes.

“These targets are generally profitable either from the generally richer users paying up for ransomware, or by working for governments and corporations with deep pockets behaving criminally to target protesters, journalists, opposition leaders, union organizers, whistleblowers, and anyone else inconvenient to their continuing abuses of power.”

Aurora goes on to say that Phones bigger weakness is that, since the software is so homogeneous, one good attack could hack the whole system.

“Meanwhile, as Android gradually catches up to iOS in terms of security by design, the fragmentation of the Android ecosystem compared to one very homogeneous ecosystem for iOS can in some ways make it easier and more valuable to attack iOS – one good attack can give you access to every device, rather than needing to develop for each specific flavour of Android,” explained Aurora.

What sort of threats affect regular consumers more?

Principal security researcher at Kaspersky, David Emm, explained to Trusted Reviews how the goal of a lot of malware is to steal people’s personal information.

“Most malware, for whatever platform, relies on social engineering, i.e. tricking someone into doing something that jeopardises their security,” Emm remarked.

“Hence the number of phishing attacks designed to try and persuade people to click on links to fake sites hosting malware (this could be adware, a banking Trojan designed to steal their money, malicious crypto-currency miners or any other type of malware) or capturing personal information such as passwords.”

It’s important that you keep your passwords secure. Small preventative measures, such as using a password manager or installing a VPN will make it harder for hackers to get into your accounts. Also, make sure that you never click on a link that’s emailed to you by an unfamiliar contact and if you’re unsure of what to do, ask for advice.

Hank Schless, senior manager of security solutions at Lookout, also told Trusted Reviews that phishing and malicious malware are the biggest concerns to consumers, with Android being more vulnerable.

“Mobile phishing and malicious apps are two massive threats to the everyday consumer. Mobile phishing attacks can occur on any platform that has messaging functionality, which means we’re highly vulnerable on these devices if they aren’t protected with a mobile security solution,” Schless says.

“The risk of malicious apps tends to be higher on Android because it’s a more open operating system. It’s incredibly difficult to download an app that isn’t from the Apple App Store on an iOS device, which is one of the benefits of the company’s walled garden approach.

“Malicious mobile apps usually appear innocuous, but run malicious code in the background that can spy on the individual and everything they do on their device,” Schless went on to say.

Is one more secure than the other?

Paul Bischoff, privacy advocate at Comparitech, told Trusted Reviews that iPhones are inherently more secure as it’s harder to download dangerous apps, as any service that wants to sell on Apple’s platform has to be vetted by the App Store.

“iPhones are more secure by default. Disk encryption is enabled by default, apps from the App Store go through a stricter vetting process, and Apple doesn’t gather users’ personal details for advertising purposes,” Bischoff says.

Since it is very difficult to download apps on Apple that aren’t on the App Store, you’re less likely to download a malicious app. The control Apple has over its hardware and software makes it harder for hackers to enter, similar to how a burglar would struggle when faced with a locked door with a deadbolt. Android still has a locked door, but the lack of a deadbolt makes it easier for some attacks to slide through.

Schless went on to say that iPhones have a better handle on system updates, with one iOS update being rolled out to every user at once, while Android security patches are more staggered since each handset needs to be tested.

“The fundamental difference between iOS and Android is that only one device manufacturer has devices that run iOS, while there are dozens that build Android-enabled devices,” Schless explains.

“On iOS, security patches can be pushed to every single iPhone user at once. On the other hand, every device manufacturer that produces an Android device has to test updates before pushing it to mobile users.”

Schless said this is dangerous as users traditionally don’t take even basic measures to protect themselves on mobile.

“This can create a significant lag between when security issues are discovered and when users actually receive the updates to protect against them. Regardless of the operating system, everyone should protect their mobile devices with a security solution,” Schless told Trusted Reviews.

“We’re conditioned to run antivirus software on our PCs and laptops, so why would it be any different on mobile? Arguably, smartphones and tablets now have more access to sensitive data than computers do, so from a personal and enterprise security perspective, every mobile user should secure these devices.”

What advice would you give both users to stay safe?

Hauk suggests that you should avoid clicking on rouge links from contacts you don’t recognise.

“Never click on links in emails or text messages, and don’t sideload apps from outside of the App Store on the iPhone or the Google Play Store on Android. Sideloading can introduce viruses and malware to your device. Use a VPN when connected to public Wi-Fi hotspots, as they are a favourite target for the bad actors of the world,” Hauk concluded.

Emm also suggests that users should ensure that their devices are up to date, and links back to Hauk by claiming that you shouldn’t download apps that don’t come from the dedicated Apple or Google store.

“Apply updates to operating systems and applications and back up your data regularly. Think PUB – protect, update, backup. Only use trusted sites, use ‘https’ and always type in the address yourself or use bookmarks/favourites rather than click on links. For mobile devices, protect your device using a unique, complex password or biometric, only download apps from Google Play or the App Store and check the permissions that an app asks for when you install it.,” Emm went on to say.

It’s also important that you understand how most scams operate, as the more familiar you are with the scam the less likely you are to fall for it, backed up by Aurora.

“Try to understand how some basic scams work. Just like with malware, scammers are mostly recycling the same tricks in slightly different wrapping paper. A lot of avoiding scams comes down to taking a breath and pausing when you feel yourself being pressured or suddenly excited by a too-good-to-be-true opportunity. This applies to websites your visit, emails you receive, text messages, social media, phone calls, and even while outside face-to-face. Scammers find you where you are and try to use things that are familiar to you to gain your confidence,” Aurora noted.

Up your cybersecurity with NordVPN – Now 62% off plus a random gift of either 3 months or 1 year extra subscription with every purchase.