Apple or Android?

Apple or Android?

As a digital forensics analyst, I am often asked what type of cell phone is the most secure.  This topic is often debated, but here is my opinion based on my experience analyzing Apple and Android devices (notice I left out Blackberries and Windows phones since they are not commonly used currently).

If you recall from the summer of 2016, there was a legal debate (and Federal court case) in which the FBI wanted Apple to provide them with access to a PIN locked iPhone used by one of the San Bernardino shooters. Apple stated there was no “back door” access into a PIN locked iPhone (4s or newer), and IF they could create one, it would leave all current iPhones vulnerable to misuse of this theoretical key.  Apple was concerned the security of their devices, a major marketing point, would be severely damaged.  The two battled it out in court, but before a judge could resolve it, the FBI pulled their case.  Rumors in the forensics world were that the FBI found someone who could break in, and sure enough, the leading mobile device forensics software company did in fact develop a technique to break into these secure devices.  This technique is only available to law enforcement, and the technology will be retained by the company – not released in software upgrades.

Additionally, unless an Apple device is “jailbroken,” the user can only download apps from the Apple App Store.  All apps are screened by Apple engineers to make sure they only perform as advertised and do not introduce a security vulnerability into the phone.  Jailbreaking a phone allows the user to bypass Apple’s security and obtain apps from third party sources.  This also can void your warranty!

And finally, Apple users can encrypt the phone’s data via iTunes sync, adding another layer of protection.

Android based devices, are more free-wheeling and do not afford the same level of data protection.  Using the same software as law enforcement, I can break into a large percentage of Android phones – even most of the recently released devices. Additionally, Android devices are permitted to install apps from third party sources without the need to jailbreak the device.  While some of the more sensitive areas of the operating system are hidden, a simple google search will instruct users how to gain access to this area and open the phone up to even more security issues.

So here is the bottom line:

If I am given an Apple device that is PIN locked (and not provided the PIN), I cannot access the device even with the most powerful mobile device forensics software available.  If I am given the PIN and the data is encrypted (and I am not provided the encryption password), I can only gain limited access to the data.  The same holds true if your device is lost or stolen!

If I am given an Android device that is PIN locked, chances are VERY GOOD that I will still be able to access all the data on the phone.

Another way to put it, I only use Apple devices that are always PIN locked and the data is encrypted.

Written by: David Gallant, President, Gallant Computer Investigative Services, LLC



Leave a Reply

Your email address will not be published. Required fields are marked *