[lern_too_spel]

Xcodeghost alone infected an order of magnitude more users than all the malware combined on Google and Amazon Android devices, despite there being an order of magnitude more users of the latter.

https://www.macrumors.com/2015/09/20/xcodeghost-chinese-malw...

Unlike Google and Amazon, who do both static and dynamic analysis of uploaded apps for malware, Apple relies on very basic code scanning and manual review, leaving infected apps up until they were reported externally.

https://www.zdnet.com/article/xcodeghost-ios-malware-leaves-...

Even worse, Apple does not let third party security research release apps on the App Store, making it harder for them to find and report malware to Apple.

So we have that iOS is worse than Google and Amazon Android devices as a whole. Users who care about security will not randomly choose from that whole set of devices but instead choose among those that receive rapid security updates. That subset makes the difference in security even more stark meaning that iOS users give up their privacy and get worse security.

[jb1991]

I see you have cherry-picked a single malware attack from five years ago that affected a very specific and highly-populated region, and are using that as your single claim that iOS is less secure overall. But search after search I conduct, reading articles on this topic from the likes of Norton and various respected security researchers are tipping the balance in favor of iOS for overall security. It's not perfect but it is rather clear. The lack of fragmentation, and the centralized control and ease over updates, are all cited as key advantages in the iOS space in the war against malware.

Thanks for the info on XcodeGhost, I hadn't heard that before. But to stake your evidence on this one single event from over five years ago is not so convincing.

I appreciate your effort to dig up an example that is an exception, but we're talking about the industry overall here, worldwide, and in recent years.

[lern_too_spel]

That single event infected an order of magnitude more users that all the infections of Google and Amazon devices combined. I don't need to find any others. That single event also showed how ineffective Apple's malware scanning was because Apple relied on third parties to find the affected apps even after being given some examples. That process took even longer because Apple does not allow third parties to do this effectively.

> The lack of fragmentation, and the centralized control and ease over updates

As I said, if you're choosing a device to run, you don't select one at random from the set of all Android devices. You select one that receives timely updates. On the subject of ease of updates, Android is even better because system app updates do not require a reboot and instead happen silently in the background while the user continues to use the device. This is especially important for apps with large attack surfaces like web browsers, and this is why malware markets have priced mobile Safari exploits as essentially too cheap to meter.

[jb1991]

Well, it’s an interesting perspective you have. Worthy of consideration. It’s an idea that swims against the tide, as all of the objective third-party security researchers and antivirus companies that I’ve been reading seem to disagree with your assessment here. But thanks for sharing.

[saurik]

Please read this entire series of tweets, which starts off looking unrelated but is actually entirely focused on this topic. It was written by me--someone very famous in the security field--and I don't know if anyone in said field who disagreed with the Apple/security sentiments... that Apple was better than Android at malware issues ended 2-3 years ago.

https://mobile.twitter.com/saurik/status/1295024384596312064

[jb1991]

Those tweets make some valid points but it seems like a different topic than what we’ve been discussing. I guess I failed to see the connection to this particular issue.

[saurik]

The culminating moment of all of the security researcher hostility discussion was "The reality is that Apple has been so hostile to independent security research that they've lost their edge: exploits for Android now cost more than exploits for iOS, a reversal experts generally credit to Google correctly allowing researchers open access." https://www.wired.com/story/android-zero-day-more-than-ios-z...