All Things Techie With Huge, Unstructured, Intuitive Leaps

Is Android Safer Than iOS for Mobile Banking?

First of all, total disclosure:  I am a registered Apple, Android and Nokia developer.  I have no real preferences.  There are good and bad points for all platforms.  This article is my opinion only.

The Android OS is developed using Java, an interpreted language that runs on a virtual machine within the mobile device.  In spite of the wide array of Android devices they all run Java Virtual Machines with their standard Java runtimes.  They are far more vulnerable for exploits for several reasons.  Here are a few.

A Java exploit could be used that is intrinsic to the development libraries.  (Libraries are mini-programs that execute functions like creating an encrypted tunnel to the banking server, and another is used to connect to the account database.)  Exploits utilizing the core libraries are easier to surreptitiously embed on Android, because Android can load programs from email, attachments or pernicious websites without the convoluted encryption process that Apple uses through iTunes.  iOS like iPad and iPhone will not accept binary executables unless they come from iTunes or a corporate server having an encryption certificate certified by Apple that is iTunes compatible.  Unless an iPhone is "jail broke" (illegally altered), you cannot just load any old program on it.

It is technically much harder to get an exploit to be seen and executed by the iOS than by Android.

Many development frameworks are cross-platform that work on iPhone, Android and Blackberry.  They are actually kludges (the deus ex machina of programming if you will), in the fact that each of these devices has a browser widget.   All browser widgets will execute javascript code, so they use that to emulate a native running app (ie with the intervention of a browser widget).  Browser widgets (a browser widget is a window that behaves and operates like a web browser, but doesn't look like one) can do a lot of things including uploading and downloading dangerous files.  The Apple browser widget is more crippled than the Android ones ( because of Apple's operating system is akin deranged control freak marital partner that watches everything that you do and doesn't permit basic functions like using the browser to upload pictures through the browser to a web page.  You need Apple's intermediate app to do that which they vent.

So, all in all, Apple is still safer than Android. Using their native Objective C language with the XCode development environment, it is the rocket science of app design, and coding exploits is an incredible difficult thing to do with Apple.  Whereas with the Android development system, it is fairly easy to find java keylogger libraries on the internet and deploy them on an Android mobile device in a surreptitious manner.

Having said all of this, I am a firm believer that mobile banking can be quite safe.  What has not flown, is the NFC or Near Field Communications (tap 'n go chips) which is being taken off many mobile devices because they are very easy to exploit.

No comments:

Post a Comment