iOS 13 vs. Android 10: Which is more secure?

id=”article-body” class=”row” section=”article-body”> iOS 13’s walled garden, or Android 10’s open-source sandbox?

Jason Cipriani/CNET For years, iOS has maintained an iron grip on its reputation as the most secure mobile operating system, but Android 10’s granular controls over app permissions and increased efforts toward security updates are a noticeable improvement. Plus, the upcoming Android 11 (currently available as a developer preview) further shows Google is making more headway with its latest privacy-focused features.

Both Android 10 and iOS 13 have security features that up the ante by giving you more control over how often apps can access your location, ways to stop apps from scanning nearby Bluetooth and Wi-Fi networks to guess your location, and a new sign-in method for third-party apps.

Read more: 3 new Android 11 privacy features are giving iOS a run for its money

Here’s how the two measure up. 

Updates
Winner: iOS 13

When it comes to keeping your mobile device secure, your first and easiest line of defense is to keep your OS up to date. This defense alone, as Kaspersky Labs notes, can stop entire families of malware in their tracks. 

When it comes to getting updates from the mothership to your palm, Apple still maintains the kind of control over its manufacturing chain, carrier network contracts and underlying code to make it happen quickly and effectively. While some users still uphold the tradition of complaining about iOS’ notorious lack of customization, Apple’s highly patrolled walled garden has also ensured iPhone users largely stay ahead of malware without having to think about it.

A hopeful sign, however, came for security-minded Android fans in May 2019, when Google Senior Director for Android Stephanie Cuthbertson told Google I/O attendees that Android security updates will finally be automated. 

“Your Android device gets regular security updates already, but you still have to wait for the release and you have to reboot when they come,” she said. “We want you to get these faster.”

The process will happen in the background much like Google updates its apps, and will no longer require you to reboot your phone. 

While it’s great to hear Android security modules will get updates even if your OS isn’t, that still doesn’t solve Google’s enormous problem with delayed OS updates. 

Manufacturers and carrier networks release their own customized versions of Android on their own schedule (often not at all), meaning people generally aren’t updating their Android phones. With surges in mobile malware in the Google Play Store, Google’s moves to push security updates couldn’t come sooner. 

But letting AT&T or Verizon stall on giving your OS an update is the tradeoff Google made long ago in exchange for a dominant US market share that’s now eroding as people flee from escalating security threats.

Now playing: Watch this: Android 10 privacy settings: Everything to know 1:55 Permission control 
Winner: Android 10 

Outside of keeping your OS updated, the biggest threat to your mobile security comes from apps that demand excessive permissions to access your phone’s data — and then leak it. 

While the velvet rope of the strictly controlled App Store is largely credited with keeping out the malware riff-raff that affects a disproportionate number of Android users, iPhone users are not immune to attacks. 

In June 2019, researchers from Positive Technologies found more iOS apps than Android apps had security weaknesses. In August, after taking a year-long beating in the press for pervasive malware in its Play Store, Google got to push back when it found security flaws in the iPhone which it said let websites hack away for years. 

But iOS 13’s mandatory privacy tool, Sign In, goes a long way to help Apple save face and maintain its reputation. The security feature uses your Apple ID, not your email address, to verify your credentials while logging into your apps. It also means no more using Facebook to log into a shady-looking quiz you found online, and no more creating fake email addresses to try new services (Sign In will create a throwaway for you).

But Android 10 isn’t out of the race here

It’s got an entirely new dedicated Privacy section in its Settings app where you can monitor and then block permission requests from any app. Why does Facebook need your location data? It doesn’t. Permission denied. 

Previously, tracking Android app permissions was frustratingly difficult. But a one-click reject button for each item in a condensed list? That’s the kind of control I want if I’m working in Google’s open-source playground. 

Not-quite-buried in the new Android 10 menu is the Advanced section. The intuitive grouping puts common security concerns in one place to control instead of spread out across multiple menus: Lock screen information display, Google’s Autofill service, Activity information and how you want your device to handle advertising requests.

While this control over permissions is an improvement, malware apps with no permissions are still able to piggyback on other apps you’ve afforded permissions. That alone led researchers in July 2019 to discover more than 1,000 apps in Google Play Store stealing users’ data. 

It begs the question: How good are Android 10’s permission controls if Google Play Store apps are the problem?