Antivirus software is commonly used for desktop and laptop computers. You install software, always keep it running, and let it prevent viruses from executing upon your computer. However, antivirus software gets a little tricky on mobile devices.
While mobile devices still use operating systems and software applications, software runs slightly different on mobile devices than it does on desktops and laptops. Therefore, antivirus software works slightly differently on mobile devices too.
What makes this situation more confusing is that Apple and Android mobile devices are built extremely differently from each other, and that affects the antivirus approach for each type. Let’s look at the similarities and differences between each device.
Apple Mobile Devices
The myth that you often hear about Apple’s mobile devices is that they don’t get viruses. Be careful here. It’s a fool’s game to think you are 100% safe! Yes, Apple devices are a closed ecosystem—both the hardware and software—but as long as there is a connection to the internet or a means to connect to a device, you’re at risk. There is no magical way that Apple avoids viruses.
Without getting too technical, Apple constructs its devices like a heavily guarded building. Think of Apple devices like the White House. It may annoy some people that they cannot just walk into this building. However, the White House is incredibly secure. Similarly, Apple devices are heavily locked down by Apple so that they operate and work in the same way for everyone.
Because of this tight security, a few unique things occur on your Apple device:
- Hardware manufacturers and software developers cannot mess with the iOS operating system or change it without breaking or considerably weakening the device.
- Apps are “sandboxed” by default. This means that even if you upload a malware app (or even a legitimate security app!) to your iPhone or iPad, that malware app is prevented from accessing your city email app or banking app. All apps are walled off from interacting with other apps on your Apple device (unless you give permission).
- You can only download apps from the Apple App Store, with no exceptions.
As a result, such tight security doesn’t mean your Apple device cannot get a virus at all. But it’s like the White House—the chance of someone allowed inside the White House who can pose a security risk is greatly lowered.
This means your Apple “antivirus” strategy really comes down to your security updates—which you should be doing for your devices anyway. Apple releases frequent security updates that are consistent across all devices, and they are aggressive at getting users to update.
The only way to increase your chance of getting a virus on an Apple device is to “jailbreak” it. Such an activity is highly technical, but essentially it means you or someone else has removed Apple’s restrictions that are coded within the operating system and you’re now able to bypass those restrictions. However, that’s a huge, huge risk. If you get a virus, it’s likely that your device will not be fixed by a legitimate Apple security update because that update probably will not work on what Apple considers to be a broken phone.
Android Mobile Devices
If Apple devices are like the White House, Android devices are like a stadium or mall—an open ecosystem. Still secure, but in entirely different ways. The biggest difference is that the Android operating system is based on an open source platform. As a result, various hardware manufacturers and software developers create different versions of the Android operating system to suit their needs. They are also in control of how and when to release security updates, which may vary wildly across different manufacturers. Individuals can also alter their phones more.
Because anyone can see how the Android operating system works and because different versions exist that vary in security, just remember that hackers can also see this operating system as they develop viruses and malware to infect Android devices. The Google Play store is also less strict than the Apple App Store, and many virus- and malware-infested apps can be downloaded by users. In addition, you can download apps from non-Google Play stores. Some of these stores feature legitimate apps, such as Amazon or Samsung. But other sketchy third-party stores may be full of virus- and malware-infested apps.
Security updates can protect your Android devices, but it also helps to have antivirus software on them. An Android antivirus solution would:
- Automatically scan for viruses, conduct periodic scans, and give the ability for your IT provider to manage the antivirus software.
- Block access to malicious websites and attachments.
- Scan apps for security vulnerabilities (such as an app that may leak sensitive or confidential information).
Security Best Practices for Both Apple and Android Devices
If you have an Apple device, you might think, “Wow, I don’t have to worry!” Yet, if you have either device, there are still some security best practices you should follow. As you can see, even your Apple device cannot prevent the following risky situations.
- Apply operating system security updates when they are released. Both Apple and Android security updates are the most important updates you can apply to your mobile devices. These updates patch major security vulnerabilities.
- Apply app updates regularly. Apps are notorious for being updated constantly, and some of those updates are security-related. Set your mobile devices so that your apps automatically update.
- Be careful when installing apps (especially when giving permissions): Use discretion when installing apps. Many organizations invite you on their websites to install their mobile app “for a better experience" or some other enticing promise. Many people just go ahead and download them. While these apps may be legitimate, they also often ask you to allow access to your contacts, camera, calendar, etc. When you say “yes” to all these permissions, you may open yourself up to potential risk. Sometimes, apps legitimately need these permissions. But remain skeptical. Ask yourself, “Why does this app need access to my contacts?” For example, if you put sensitive information in your contact notes (which we don't recommend), then an app you install that requires access to your contacts will have access to that sensitive information.
- Do not use jailbroken phones. While you may bypass the hardware manufacturer’s restrictions in some way, you open your phone to severe security vulnerabilities. We recommend that you don’t buy mobile devices used or from an untrusted seller.
- Follow your city’s password policy. Many people do not protect their mobile devices with passwords. That’s a mistake. Use strong passwords. We recommend using passphrases (which are long phrases that are easy for you to remember but difficult for a hacker to guess). You can also use complex passwords (a long string of letters, numbers, and symbols).
- Continue to be vigilant against phishing. No matter what device you use, phishing can still bypass all your security. Be careful what websites you go to, what links you click on, and what attachments you download. Especially be careful of phishing emails or unsecured wireless access points.
No matter your device, it helps to have your IT support managing those devices and ensuring they are secure. Apple and Android devices may have key differences, but each can be exploited by hackers in different ways.
Need help securing your mobile devices? Reach out to us today.
Original Date: 4/24/2019