Apple (NASDAQ:AAPL) CEO Tim Cook recently blasted Alphabet's (NASDAQ:GOOG) (NASDAQ:GOOGL) Android over its security issues and claimed that iOS was the superior choice for enterprise customers. Speaking at Boxworks, Cook declared that "no one wants to deal with a fragmented ecosystem" and that iOS has security built in "from the start."
That comparison between Android and iOS isn't new, but it isn't as clear cut as Cook suggests. Let's take a closer look at the security issues across both platforms and how they could impact both companies' reputations among enterprise customers.
Why iOS is more secure than Android
Apple's iOS is considered more secure because the company completely controls the hardware and software in a walled-garden ecosystem. This helps Apple pinpoint vulnerabilities quickly and patch them with timely over-the-air updates.
By comparison, Alphabet's Google division doesn't really "control" Android. Roughly a thousand companies make smartphones worldwide, and most of them run on various versions of Android. When a bug emerges, Google creates patches, applies them to the Android open source project code, then sends them out to OEMs. If an OEM wants to apply the patch, it must build a brand new version of Android for every single device. The OEM then must provide carrier-specific versions to every carrier worldwide. If the OEM or carrier decide that process is too exhausting, they usually don't bother updating their versions of Android at all.
That's why Android devices are exposed to so many different security threats. For example, it was recently revealed that 95% of all Android phones could be hacked by a simple multimedia text attack called Stagefright. Security firm Zimperium zLabs identified the problem back in April, but many OEMs still haven't patched their versions of Android to deal with Stagefright yet.
Don't celebrate yet, Mr. Cook
That might sound like Apple has earned bragging rights in mobile security, but Google isn't down for the count yet. With Android 5.0 Lollipop, Google teamed up with BlackBerry (NYSE:BB) to create a more secure and enterprise-ready version of the Android OS. Google also incorporated some features from Samsung's (NASDAQOTH:SSNLF) mobile security platform, KNOX, into Lollipop. Enterprise users could split profiles for work and personal use in Lollipop while containerization tech applied separate security policies to personal and work data. Android 6.0 Marshmallow adds even more security features like fingerprint scanning.
Last month, Google finally rolled out its first monthly security update for Nexus device owners. While that didn't really solve the problem with complacent OEMs and carriers, it provides enterprise customers with a dependable core group of enterprise Android devices to choose from. Samsung, the top Android OEM in the world, also extended KNOX protection beyond its flagship devices to offer enterprise customers a wider selection of phones.
Despite Android's security flaws, it's still gaining ground against iOS in terms of worldwide mobile enterprise device activations. According to Good Technology's Mobility Index report, iOS devices accounted for 64% of all activations during the second quarter, down from 72% a year earlier. During that period, Android activations rose from 26% to 32%. That divergence can likely be attributed to the higher prices of iOS devices and Lollipop's new enterprise features.
Apple isn't bulletproof, either
While Apple's walled garden ecosystem makes it easier to apply security updates, it certainly isn't bulletproof. The humiliating iCloud hack last year exposed Apple's dependence on outdated security measures. A major security flaw in iOS and OSX, which was discovered in June, could enable hackers to steal saved passwords.
In August, fake iOS apps that installed malicious software were discovered. Those apps helped hackers steal 400GB of data from an Italian company that sells surveillance tech to governments. Last month, a video demonstrating how to bypass passcode-protected lock screens on iOS 9 was widely circulated. A new piece of iOS malware known as YiSpecter recently started attacking devices in China and Taiwan.
Apple's security problems aren't surprising considering how inconsistent its software quality has become over the past few years. The Apple Maps disaster, the bug-ridden OS X Yosemite launch, the device-crippling iOS 8 launch, and ongoing iCloud problems are just some of the many software issues that have plagued the company. If Apple is struggling so much with its core software launches, it might not be able to respond to serious security threats in a timely manner.
A $25 billion business
At Boxworks, Cook stated that sales to enterprise customers generated $25 billion in the 12 months ending in June. That sounds impressive, but it's only equivalent to about 14% of Apple's 2014 revenue and 11% of its projected revenue for 2015. Apple hopes that higher sales of iOS devices to enterprise customers can revive slumping iPad sales and soften an inevitable slowdown in iPhone sales.
Cook is right to question Android's spotty security record, but Apple's growth in the enterprise market is hardly guaranteed. Apple has a more streamlined platform for security updates, but its own software and security headaches suggest that those that it could face more problems in the near future.