• stevedidwhat_infosec@infosec.pub
    link
    fedilink
    English
    arrow-up
    2
    arrow-down
    7
    Ā·
    9 months ago

    Last year android had 1400 vulnerabilities to iOSā€™ 482.

    402 of androids were above a CVSS score of 7 & 221 for iOS.

    Android is less secure than iOS on average and Apple is widely known to be more secure than android. Thatā€™s not to say Iā€™m a fan of things apple does. Iā€™m purely speaking vulns for one OS to another.

    • TurtledUp@lemm.ee
      link
      fedilink
      English
      arrow-up
      7
      arrow-down
      1
      Ā·
      9 months ago

      The more used OS will always have more people looking for ways to break it. Same shit happened with windows and Mac. The old picture of the house in the city with bars on the windows vs a house in the country with unlocked doors still applies.

      The only vulnerabilities you even really need to worry about are zero days which wonā€™t be in the threat tracking databases.

      • stevedidwhat_infosec@infosec.pub
        link
        fedilink
        English
        arrow-up
        1
        Ā·
        9 months ago

        Right but thatā€™s a contributing factor to iOSā€™ strength

        Their risk surface isnā€™t massiveā€¦

        Their App Store is on a tighter leash too so less risk there and less opportunities for persistence/c2 activity which encourages and enables further vuln discovery and valuable data mining on devices

        Iā€™m confused what youā€™re arguing here

    • vinyl@lemmy.world
      link
      fedilink
      English
      arrow-up
      2
      Ā·
      9 months ago

      Just recently it was discovered that apples m1 silicon has a security vulnerability that exposes encryption keys under certain conditions and itā€™s a hardware vulnerability which is unpatchable without buying the newer models.

      • stevedidwhat_infosec@infosec.pub
        link
        fedilink
        English
        arrow-up
        1
        Ā·
        edit-2
        9 months ago

        Iā€™m not saying that apple is invincibleā€¦

        I think you may be misunderstanding if you thought my view was really that shallowā€¦

    • 0xD@infosec.pub
      link
      fedilink
      English
      arrow-up
      1
      arrow-down
      1
      Ā·
      9 months ago

      You canā€™t compare those two. First of all, Appleā€™s walled garden makes it significantly harder to perform security research. Second, Android has a way larger ecosystem and is not a monolith, so of course thereā€™s gonna be more.

      Apple = Apple, but Android ā‰  Android.

      • stevedidwhat_infosec@infosec.pub
        link
        fedilink
        English
        arrow-up
        1
        Ā·
        9 months ago

        So fine, do you wanna look at specific numbers for the pixel, Samsung, huwaeii, etc against iOS? Bc we can!

        • an ex android guy who switched to iOS after researching the stats

        Also, I hope you see the irony in you saying we canā€™t compare apple(s) to oranges (android as a whole ecosystem).

        You definitely can, and I did so fairly.

        • 0xD@infosec.pub
          link
          fedilink
          English
          arrow-up
          1
          arrow-down
          1
          Ā·
          9 months ago

          If you had any idea about how it works, you would not compare them. If you had any idea about how hard Apple makes security research, especially without a Mac, you would not compare them.

          But you donā€™t know what itā€™s about. Being a consumer does not make you an expert.

          • stevedidwhat_infosec@infosec.pub
            link
            fedilink
            English
            arrow-up
            1
            Ā·
            edit-2
            9 months ago

            When have I claimed to be an expert?

            Second off, I am fully aware of how difficult apple makes testing their product, given that theyā€™re proprietary software and not using something easily reversed or cracked (encryption, not license keys of course) which is part of their defense for using a walled garden for security (security by obscurity isnt security though, and itā€™s only a matter of time before the public builds up enough of a knowledge base to not need docs from the manufacturer.

            Private companies exist (plenty of em too) whoā€™s sole purpose is to find exploits for ā€œcops and policeā€ to access perpetrators data.

            I work in cybersec, Iā€™m fully aware but thanks for making a random assumption about me, someone you donā€™t know, kinda hypocritical donā€™t you think?

            Idk why I feel the need but here we are - Iā€™m tired of people in this thread trying to switch gears and move goal posts. Weā€™re talking about major consumer use of OS which means mainstream OSā€™s - apple has historically lower vuln rates. Partly due to obscurity, which will evaporate more as time goes on unless apple continues to change things behind the scenes which could get costly.

            Google has their perverbial ass hanging out so that people can analyze it more easily for vulns (youā€™ll notice I said more easily, because people can and do test iOS for vulns all the fucking time) and will constantly have shit to patch. Which means more vulns are known more consistently whereas apple has phases where people are still figuring shit out. Which gives apple time to patch fairly quickly id say if youā€™d like to look at those specific metrics.

            Iā€™m not interested in words, I want you to point out numbers and metrics if you have them. Fact is that apple is, on average, more secure than a typical end-user android OS.