Last year android had 1400 vulnerabilities to iOSā 482.
402 of androids were above a CVSS score of 7 & 221 for iOS.
Android is less secure than iOS on average and Apple is widely known to be more secure than android. Thatās not to say Iām a fan of things apple does. Iām purely speaking vulns for one OS to another.
The more used OS will always have more people looking for ways to break it. Same shit happened with windows and Mac. The old picture of the house in the city with bars on the windows vs a house in the country with unlocked doors still applies.
The only vulnerabilities you even really need to worry about are zero days which wonāt be in the threat tracking databases.
Right but thatās a contributingfactor to iOSā strength
Their risk surface isnāt massiveā¦
Their App Store is on a tighter leash too so less risk there and less opportunities for persistence/c2 activity which encourages and enables further vuln discovery and valuable data mining on devices
Just recently it was discovered that apples m1 silicon has a security vulnerability that exposes encryption keys under certain conditions and itās a hardware vulnerability which is unpatchable without buying the newer models.
You canāt compare those two. First of all, Appleās walled garden makes it significantly harder to perform security research. Second, Android has a way larger ecosystem and is not a monolith, so of course thereās gonna be more.
If you had any idea about how it works, you would not compare them. If you had any idea about how hard Apple makes security research, especially without a Mac, you would not compare them.
But you donāt know what itās about. Being a consumer does not make you an expert.
Second off, I am fully aware of how difficult apple makes testing their product, given that theyāre proprietary software and not using something easily reversed or cracked (encryption, not license keys of course) which is part of their defense for using a walled garden for security (security by obscurity isnt security though, and itās only a matter of time before the public builds up enough of a knowledge base to not need docs from the manufacturer.
Private companies exist (plenty of em too) whoās sole purpose is to find exploits for ācops and policeā to access perpetrators data.
I work in cybersec, Iām fully aware but thanks for making a random assumption about me, someone you donāt know, kinda hypocritical donāt you think?
Idk why I feel the need but here we are - Iām tired of people in this thread trying to switch gears and move goal posts. Weāre talking about major consumer use of OS which means mainstream OSās - apple has historically lower vuln rates. Partly due to obscurity, which will evaporate more as time goes on unless apple continues to change things behind the scenes which could get costly.
Google has their perverbial ass hanging out so that people can analyze it more easily for vulns (youāll notice I said more easily, because people can and do test iOS for vulns all the fucking time) and will constantly have shit to patch. Which means more vulns are known more consistently whereas apple has phases where people are still figuring shit out. Which gives apple time to patch fairly quickly id say if youād like to look at those specific metrics.
Iām not interested in words, I want you to point out numbers and metrics if you have them. Fact is that apple is, on average, more secure than a typical end-user android OS.
Last year android had 1400 vulnerabilities to iOSā 482.
402 of androids were above a CVSS score of 7 & 221 for iOS.
Android is less secure than iOS on average and Apple is widely known to be more secure than android. Thatās not to say Iām a fan of things apple does. Iām purely speaking vulns for one OS to another.
So we both agree that proprietary operating systems need to be outlawed and dismantled.
Outlawed?
Not at all
Think itās a bad idea?
Yea
The more used OS will always have more people looking for ways to break it. Same shit happened with windows and Mac. The old picture of the house in the city with bars on the windows vs a house in the country with unlocked doors still applies.
The only vulnerabilities you even really need to worry about are zero days which wonāt be in the threat tracking databases.
Right but thatās a contributing factor to iOSā strength
Their risk surface isnāt massiveā¦
Their App Store is on a tighter leash too so less risk there and less opportunities for persistence/c2 activity which encourages and enables further vuln discovery and valuable data mining on devices
Iām confused what youāre arguing here
Just recently it was discovered that apples m1 silicon has a security vulnerability that exposes encryption keys under certain conditions and itās a hardware vulnerability which is unpatchable without buying the newer models.
Iām not saying that apple is invincibleā¦
I think you may be misunderstanding if you thought my view was really that shallowā¦
You canāt compare those two. First of all, Appleās walled garden makes it significantly harder to perform security research. Second, Android has a way larger ecosystem and is not a monolith, so of course thereās gonna be more.
Apple = Apple, but Android ā Android.
So fine, do you wanna look at specific numbers for the pixel, Samsung, huwaeii, etc against iOS? Bc we can!
Also, I hope you see the irony in you saying we canāt compare apple(s) to oranges (android as a whole ecosystem).
You definitely can, and I did so fairly.
If you had any idea about how it works, you would not compare them. If you had any idea about how hard Apple makes security research, especially without a Mac, you would not compare them.
But you donāt know what itās about. Being a consumer does not make you an expert.
When have I claimed to be an expert?
Second off, I am fully aware of how difficult apple makes testing their product, given that theyāre proprietary software and not using something easily reversed or cracked (encryption, not license keys of course) which is part of their defense for using a walled garden for security (security by obscurity isnt security though, and itās only a matter of time before the public builds up enough of a knowledge base to not need docs from the manufacturer.
Private companies exist (plenty of em too) whoās sole purpose is to find exploits for ācops and policeā to access perpetrators data.
I work in cybersec, Iām fully aware but thanks for making a random assumption about me, someone you donāt know, kinda hypocritical donāt you think?
Idk why I feel the need but here we are - Iām tired of people in this thread trying to switch gears and move goal posts. Weāre talking about major consumer use of OS which means mainstream OSās - apple has historically lower vuln rates. Partly due to obscurity, which will evaporate more as time goes on unless apple continues to change things behind the scenes which could get costly.
Google has their perverbial ass hanging out so that people can analyze it more easily for vulns (youāll notice I said more easily, because people can and do test iOS for vulns all the fucking time) and will constantly have shit to patch. Which means more vulns are known more consistently whereas apple has phases where people are still figuring shit out. Which gives apple time to patch fairly quickly id say if youād like to look at those specific metrics.
Iām not interested in words, I want you to point out numbers and metrics if you have them. Fact is that apple is, on average, more secure than a typical end-user android OS.