Remember all those reports that showed handheld devices – smartphones in particular – would be so insecure that any company letting employees use them for anything more than drink coasters would be flushing their most valuable data down the toilet to be used for nefariously criminal (and revolting) purposes by slime monsters living in the sewers?
It turns out, according to a detailed report from Symantec, that smarphones pose less of a security risk than PCs. At least, Apple's iOS and Google's Android do.
Not because they're not susceptible to attack, as Apple aficionados said about machines running the OS that has become their fetish.
Both iOS and Android are susceptible to many forms of attack, just not as many as laptop or desktop computers (whether Windows or Mac).
When they're used the way corporate users want them to be used – sync'ing or downloading data from the home office periodically to keep all the information they need up to date and at their fingertips – smartphones are more vulnerable, more valuable target because they travel more than laptops, are easier to steal and conceal and easier to break into once they're stolen, the report said.
When it comes to regular viruses and other malware, both iOS and Android repel it more effectively than Windows PCs, but iOS repels them a little more effectively than Android, primarily because of the stranglehold Apple and Steve Jobs keep on the whole Apple software/hardware stack.
By testing and certifying every application and developer who can install anything on iOS, Apple provides more protection for its customers than Android, whose certification and safety-checking processes are much less complete, the report said.
The biggest weakness in Android is the requirement that users set access permissions, rather than a safety certification staff back ad mini-OS headquarters, as is the case with iOS. It's already pretty well established that end users know nothing about security and, generally, couldn't care less.
Since users are far less aware of risks and how to mitigate them than paranoid anal-retentive designdroids in Apple's testing labs.
As a result more malware shows up in Android apps than in those for iOS, which doesn't allow users to make decisions about security at all, and wouldn't let them make decisions about choice of hardware, network, career path, wardrobe or choice of lunch venue if Jobs could figure a way to do all those things.
On the other hand, the encryption in iOS is weaker than Android's -- weak enough that an evildoer who gets his or her hands on the device can crack the password without using the master password, which a group of researchers in Germany did in less than six minutes.
Data thieves can also or sneak the data out underneath the password barrier by plugging iOS into another computer, which can read the content of its files the way it would metadata on music files.
Overall there are more than 200 vulnerabilities in iOS and Android and major areas users will have to explore their own vulnerabilities – especially while their data is in motion to or from the cloud, as users sync to keep up with the day's events.
“Today’s mobile devices are a mixed bag when it comes to security,” said Carey Nachenberg, Symantec Fellow and Chief Architect, Symantec Security Technology and Response.
Posing the greatest potential risk are end users who use secure means to sync and secure their devices, then upload some chunk of that sensitive data to Facebook or other networking sites to either share information with colleagues or clients, or to try to impress some member of the opposite sex without sending the kind of digital photo that could force them to resign from Congress.
I think we can all agree – based only on the wardrobe and diet requirements of the platform – that iOS users are far more likely to indulge in that kind of idiocy, if only because Android users are more often required by law to remain out of sight of the public during meal times and when impressionable children are playing outdoors.
Still; good news: The security of smartphones is better than PCs. Symantec damns PCs with faint praise of smartphones.