Apple last weekend made an unprecedented announcement that malware had infiltrated its iOS App Store. But scary as that sounds, the iPhone is still the safest choice when it comes to mainstream smartphones, a security expert told The Huffington Post Tuesday.
"It's not that the floodgates are open," Ryan Olson, director of threat intelligence at Palo Alto Networks, said by phone.
"There aren't going to be tremendous amounts of App Store malware now, but these techniques they used, of piggybacking malware on top of legitimate applications, that's a really interesting way of getting into the App Store," he continued.
Here's what he means by that: Palo Alto Networks reported last week that infected app-creation tools developers downloaded from non-Apple websites managed to infuse otherwise legitimate programs with malware. Those developers, completely unaware of the infection, then uploaded their programs onto Apple's App Store for people like you and me to download.
Olson posits that developers used tools downloaded from third-party websites rather than Apple itself simple due to convenience. Chinese developers, for example, might face tremendously slow download speeds from Apple's official servers when connecting over their country's so-called "Great Firewall." So, they search for iOS development tools hosted on other platforms. Unfortunately, some of the alternatives were compromised in this case.
Apple is normally very good at making sure everything is sterilized, but this particular malware -- dubbed XcodeGhost -- was able to bypass the company's security.
There's not a lot that owners of iOS devices should do to secure their gadgets, apart from making sure to completely update their iPhones and iPads, as well as all of the apps on them.
"Apple's been removing infected apps from the App Store," Olson told HuffPost. "You could look at a list of infected apps and remove them from your phone, but some of the lists we've seen are well into the hundreds. One Chinese research group, Pangu, released a tool that will scan for the apps, but I haven't been able to vet it yet."
All this aside, Apple's devices are still a considerably more secure option compared to rival Android. The reason is pretty simple: Mobile malware is most commonly spread when users try to download software from unofficial sources. It is very difficult to do this on an iPhone because you have to "jailbreak" your device first -- a time and skill-intensive process.
On the other hand, Android devices are a bit more open -- you simply need to change one little setting to install any app you've downloaded from the Internet. (It's easy enough that Amazon explicitly tells users to do this when downloading the Amazon Appstore for Android devices.)
"If you want to install applications from a third-party source, it's just a flick -- you change a setting and you're able to do this," Olson said.
Even Google's official store is sometimes less secure than Apple's App Store. Just two months ago, 1 million Android users were infected with malware when they downloaded a simple game from Google Play.
"The walled garden that Apple has set up has a lot fewer holes than what Google's set up with the Google Play store," Olson said.
In other words: If you're in the market for the most secure, mass-market smartphone (no Blackphones here), Apple's still the way to go.