The iOS vulnerabilities reported by Google’s Project Zero security research team sounded the alarm for Apple users worldwide. It’s not just Android OS that is often riddled with security vulnerabilities, as Apple’s iOS also suffers from its own security holes.
Is iOS not as safe against malware as we thought? Traditionally, Apple’s iOS built-in security features have always been regarded as light-years ahead of Android’s, but Google’s revelations have shown a few chinks in Apple’s armor. In addition to the flaws in native iOS security, Apple users should also realize that they are just as susceptible to the same general types of cybersecurity threats as Android users – phishing attacks, infection via malicious apps (albeit a rarer occurrence), network data breaches, and other threats, which can arrive through social engineering, rather than from bugs in the code.
Let’s talk built-in security: Android vs iOS
In the past, Android-powered devices were more susceptible to vulnerabilities and exploits than iPhone and iPad devices, because of the more open design of the Android OS. Google – the developer of Android – has allowed Android apps to have a little extra freedom on the operating system to talk to each other more directly. Apple’s iOS architecture, on the other hand, was designed with stricter sandboxing in mind, to enforce a higher isolation between apps. This means that, when confronted with iOS, malware encountered a much more challenging environment for maneuvering into a neighboring app’s data – severely limiting the spread of infections via iOS apps and devices.
Another difference is how Android was engineered to tolerate the possibility of disarming some of its native security features. So long as an iPhone or iPad is not jailbroken, its built-in sandbox protection keeps its high-security integrity. It’s for this reason that ESET strongly advises against jailbreaking your phone or tablet.
A further complexity for Android is that there is a wide variety of carriers or device manufacturers who distribute different versions of the Android OS. When critical security patches are released, it is these device manufacturers, and not Google, who decide when to distribute the updates for the operating system. In contrast, it is Apple, rather than the carriers, who manage security patches and the timing for device owners to update their iOS software.
Where are the security apps for iOS?
The consequence of Apple’s choice for a stricter architecture is that comprehensive endpoint security apps cannot be created for iOS. A security app for iOS would need permission to access the data of other apps, in order to effectively monitor for malicious behavior and provide the appropriate protection. Since this is not possible with Apple mobile devices, no cybersecurity company can develop a true antivirus app for the App Store.
What you can find on the App Store are simply other security-enhancing features like VPNs, parental controls, ad blockers, and password managers. This is where the ESET Password Manager for iOS can further raise Apple users’ security, helping create strong and unique passwords for all their online accounts with easy-to-use autofill and autologin capabilities.
Securing Apple devices for business data
Enterprises take note: The need to manage business data is now more critical than ever, as companies strive to comply with GDPR, HIPAA, and other important privacy regulation around the world. The most important advice for businesses with mobile workforces is to use an enterprise mobility management (EMM) tool, which can supervise employee devices. ESET provides ESET Mobile Device Management for Apple iOS, which allows organizations already using the ESET Security Management Center (ESMC) console to remotely manage all iOS devices of employees.
ESET Mobile Device Management for Apple iOS allows businesses to manage key security aspects, including passcode settings, auto-lock times, iCloud settings, and camera usage. From the ESMC console, IT administrators have remote abilities to wipe the data off lost or stolen devices, and push Exchange accounts, Wi-Fi accounts, VPNs and other settings in batches.
In addition to these security features, businesses would also do well to double-protect access to business resources with an enterprise-grade, two-factor authentication (2FA) solution such as ESET Secure Authentication for iOS app. In this way, even compromised employee passwords will not give hijackers the chance to access valuable business data.
Security leaders can also integrate ESET’s proprietary EMM tool with Apple’s Device Enrollment Program (DEP), to take advantage of over-the-air enrollment of a device into supervised mode and customization of initial device setup. As Apple moves its management features into support only for devices in supervised mode, IT administrators with higher security requirements will find a greater need for DEP to get the full potential out of their chosen EMM tools.
Demonstrating cyber responsibility
The goal of all these supervision capabilities is to elevate the difficulty level for malware to gain a foothold on employee devices. Well-configured policies can detect jailbroken iOS devices with broken native security, prevent the automatic trust of malicious configuration profiles, ensure timely OS patching, enforce device authentication, and blacklist any leaky apps that are sharing their app data with third parties.
Whether you have an iPhone or an Android device, our mobile devices play a big part in today’s business world. Make sure to assess the true threats facing your mobile workforce and follow these best practices to keep your business safe.