Enterprise security shoot-out: iPad vs. Android
Davey Winder investigates the relative IT sec pros and cons of iOS and Android tablets…


The tablet wars are being fought by two sides at the minute: the iPad vs. every Android device.
According to the Good Technology Device Activations Report Q3 2011, the number of Android tablet activations seen by the company remain "in the realm of a rounding error" compared with the continuing dominance of the iPad within the realm of the enterprise.
The iPad actually accounted for 96 per cent of all tablet activations during the quarter, with Android mopping up a measly four per cent. If you incorporate smartphones into the equation then the overall dominance of Apple drops, but only to 70 per cent.
This leaves IT Pro wondering if, from a purely security-focused perspective, the enterprise is choosing the right platform. Here's 10 points businesses need to look at when comparing the safety of iOS and Android.
1. Trustworthy ecosystem considerations
The iPad comes with a very positive security plus in that it has a trustworthy application ecosystem in iOS. The walled garden approach taken by Apple with the App Store means there is less chance of a rogue app getting to market when compared to the more open-door submission process for Android apps.
iOS wins out for having a secure application sandbox which, unlike Android, prevents apps from being able to intercept SMS messages.
Get the ITPro daily newsletter
Sign up today and you will receive a free copy of our Future Focus 2025 report - the leading guidance on AI, cybersecurity and other IT challenges as per 700+ senior executives
Eldan Ben-Haim, VP for R&D at Trusteer, points out that applications on iOS are subject to a no-brainer permissions system which imposes "preset security policy dictating what they may or may not do on the device." Few security choices are deferred to device users.
Android users, meanwhile, are faced with "a plethora of permissions, the security implications of which are not always obvious," Ben-Haim said. However, Android's less restrictive nature does mean there are more third-party security tools offering real-time malware protections.
But iOS wins out for having a secure application sandbox which, unlike Android, prevents apps from being able to intercept SMS messages or replace the platform default browser, for example, and thus reduces the attack surface of installed applications.
2. Alien Android invasion threat
IT threat mitigation specialists Cryptzone warn that running Android apps on iPads via the Dalvik virtual machine from the Android OS opens the doors of the enterprise to extreme risk. On-device security measures will likely no longer protect them from malware introduced in ported Android apps.
The Dalvik port creates a software wrapper around the Android apps, tweaked to handle Android I/Os on iOS. This also creates a very real risk of black hat hackers taking the opportunity to circumvent the Apple walled garden when it comes to app distribution, and with it the opportunity to introduce Trojans and the like.
3. Too many Android variants
The success of Android as a platform is, partly, down to the fact that it's not tied to any particular device manufacturer. This is also a distinct security disadvantage as far as the enterprise is concerned. Effectively, it introduces too much inconsistency into the data protection mix.
"The wide variety of the number of Android tablets and the Android version they are running could be a cause for concern," said Andrew Wild, CSO at Qualys. "While some versions of the Android tablet are capable of running full encryption, not all versions are, which could mean that some tablets are not encrypted, potentially putting the data at risk. The bottom line of this is that I'm not sure we can consider all Android tablets the same."
4. Full disk encryption options
Although the full disk encryption mode is not switched on by default, at least it does come as standard with iOS and can be configured using mobile device management software to protect corporate data on a business' iPad.
As already mentioned, Android exists on a wide variety of device hardware from myriad vendors. This means that you are leaving OS updates to the mercy of the hardware manufacturer or network provider, the end result of which is a real mishmash of Android OS versions out there.
"This means many devices are several versions behind and potentially missing key features," warns Sophos product specialist Chris Pace. "For example only versions of Android 3.0 and above have full disk encryption."
Davey is a three-decade veteran technology journalist specialising in cybersecurity and privacy matters and has been a Contributing Editor at PC Pro magazine since the first issue was published in 1994. He's also a Senior Contributor at Forbes, and co-founder of the Forbes Straight Talking Cyber video project that won the ‘Most Educational Content’ category at the 2021 European Cybersecurity Blogger Awards.
Davey has also picked up many other awards over the years, including the Security Serious ‘Cyber Writer of the Year’ title in 2020. As well as being the only three-time winner of the BT Security Journalist of the Year award (2006, 2008, 2010) Davey was also named BT Technology Journalist of the Year in 1996 for a forward-looking feature in PC Pro Magazine called ‘Threats to the Internet.’ In 2011 he was honoured with the Enigma Award for a lifetime contribution to IT security journalism which, thankfully, didn’t end his ongoing contributions - or his life for that matter.
You can follow Davey on Twitter @happygeek, or email him at davey@happygeek.com.
-
Intune flaw pushed Windows 11 upgrades on blocked devices
News Microsoft is working on a solution after Intune upgraded devices contrary to policies
By Nicole Kobie
-
Asus ZenScreen Fold OLED MQ17QH review
Reviews A stunning foldable 17.3in OLED display – but it's too expensive to be anything more than a thrilling tech demo
By Sasha Muller
-
Capita tells pension provider to 'assume' nearly 500,000 customers' data stolen
Capita told the pension provider to “work on the assumption” that data had been stolen
By Ross Kelly
-
Gumtree site code made personal data of users and sellers publicly accessible
News Anyone could scan the website's HTML code to reveal personal information belonging to users of the popular second-hand classified adverts website
By Connor Jones
-
Pizza chain exposed 100,000 employees' Social Security numbers
News Former and current staff at California Pizza Kitchen potentially burned by hackers
By Danny Bradbury
-
83% of critical infrastructure companies have experienced breaches in the last three years
News Survey finds security practices are weak if not non-existent in critical firms
By Rene Millman
-
Identity Automation launches credential breach monitoring service
News New monitoring solution adds to the firm’s flagship RapidIdentity platform
By Praharsha Anand
-
Neiman Marcus data breach hits 4.6 million customers
News The breach took place last year, but details have only now come to light
By Rene Millman
-
Indiana notifies 750,000 after COVID-19 tracing data accessed
News The state is following up to ensure no information was transferred to bad actors
By Rene Millman
-
Pearson fined $1 million for downplaying severity of 2018 breach
News The SEC found the London-based firm made “misleading statements and omissions” about the intrusion
By Rene Millman