iOS users take on Android while Android users criticise Apple — But which OS is actually secure?
According to security experts, Apple’s devices are more secure and reliable in the context of data protection and spying evasion than the Android or Windows operating systems. In fact, it is being stated that out of the three main operating systems, it the Apple’s iPhone that is highly reliable due to the much talked about “Erase Data” feature.
This week, we were introduced to a new debate, which was largely focused on the iPhone’s strong encryption abilities and data protection features. The FBI wanted to check Syed Rizwan Farook’s phone to get information about his alleged actions and activities, which prompted the mass killings in December. Farook and his wife Tashfeen Malik went on a mass shooting spree in 2015 and both were killed soon after.
Apple was issued an order by a federal court judge on Tuesday, to create software that can disable the Erase Data feature. Erase Data feature in iPhone wipes the data after ten failed passcode entry attempts. This security feature is so unique that it distinguishes Apple’s iPhones from all other available smartphones in the market.
Tim Cook’s Response:
Apple’s CEO Tim Cook, as a response, posted an open letter on the company website stating that this request was similar to asking for creating a “backdoor” on all iPhones. Disabling this feature would allow the FBI to enter as many passcodes as the agency wants to, using a “brute force” attack until the correct passcode is identified. This, obviously, would lead to gaining access to the phone’s data.
Apple Leading the Game At The Moment:
Avast Software is a computer security firm based in Prague. According to its Director of Threat Intelligence, Filip Chytry, it is possible to add this function to Windows and Android devices. But, the issue is that it is complicated and designed for system admins, not normal users.
Chytri explained that on an Android smartphone, you need to have “device administrator permission,” whereas the users are required to get a special app and follow some additional steps. Generally, users aren’t familiar with such intricate procedures. Chytri added that Windows phone users also need to download special software.
No response was received from the creator of Android OS, Google and neither did Microsoft facilitate requests for a response.
Trend Micro’s global threat communications manager Christopher Budd explains that Apple is currently leading the game as far as encryption capabilities are concerned. There is although a Remote Wipe option present in Android phones with which it is possible to erase the contents of the phone remotely. Moreover, a number of third-party apps are available that equip Windows and Android phones with this ability. However, the users would need to perform additional tasks considering that this isn’t a built-in feature like the case is with iPhone. Thus, Apple is far ahead in encryption since the contents of its iPhone remain hidden unless you have the correct code keys.
Apple enabled default encryption on its iPhones since the 3Gs while Android started offering this facility only recently whereas Windows phones still lag behind in this regard, informs Chytri. The new devices being shipped with the Android 6.0 Marshmallow, the full disk encryption has been made mandatory but in upgraded devices, encryption is still optional. More so, some low-cost Android smartphones cannot even support encryption.
Senior vice president and GM at security company Sophos, Dan Schiappa, states that “unless you have somebody’s credentials — username and password — or the actual encryption key, there’s no way you can break it.”
Schiappa finds the situation dissimilar to what is usually shown in sci-fi and spy movies “where someone sits down and bangs on a keyboard for 10 minutes and breaks encryption. You can’t do that.”
The Dilemma Continues…..
Regarding the debate that is going on between the FBI and Apple, Tripwire’s senior security researcher Travis Smith states that none of the main manufacturers are supporting backdoor creations in consumer devices.
Smith believes that in the case of issuance of a warrant, the decision to give access to the device should be “up to the manufacturer to determine if or how to comply with the warrant.”
It may be possible that backdoors are enabled in phones that are sold elsewhere in the world most specifically in regions where individual privacy isn’t given much importance.
In this context, security firm Armor’s director of threat intelligence Chase Cunningham states that any telecommunication or electronic technology manufactured in China or any other nation-state adversary “has the potential to have a backdoor built into it at the hardware layer.”
He added that such a backdoor would be impossible to detect and would be much more powerful than any other software. “There are huge companies within China that work directly with their government, ensuring they can have direct access to user data,” said Cunningham.