A fresh look at the ever-present market for zero-day exploits could portend a shift in security rankings, with Android coming out on top over iOS. In fact, a shift is already happening, based on recent reports citing the experts. For example, According to Zerodium founder Chaouki Bekrar, iOS zero-day exploits are on the rise. Android, conversely, has seen those diminish.
The market, Mr. Bekrar indicates, is supply-and-demand-based. If there is a growth in exploits that haven’t been patched yet — zero-day exploits — prices for those, fall. And that’s also an indication that the security of the given product is dropping. Or, at the very least, that’s often among the strongest indicators.
Another likely scenario is that a disproportionate number of bad actors and researchers are actively seeking iOS exploits over Android exploits. However, that might be a stretch considering Android’s global market dominance.
As exploits become rarer or harder to obtain, the prices for them skyrockets much higher. With Android 10, as of September, Android holds the honor of having the highest-priced exploit at a maximum payout of $2.5 million. That arrived alongside a rapid decline in prices for iOS exploits. In May, Zerodium was forced to stop buying exploits for iOS altogether due to an overabundance of submissions.
Distribution tells a deeper story but that’s shifting too
Now, the full extent of the differences and the gradual slip of iOS security and hardening is detailed over at the source via Medium — expertly pooled and compared by Sarvesh Mathi. But, as noted by the source, distribution plays the bigger role. 70-percent of iOS users across the board are able to update to the latest version of iOS. Just under 10-percent of Android users could even access Android 10 — the latest variant of Android.
Just over 30-percent are able to access Android 9, even. And that’s a big problem since the biggest changes to security are occuring at the OS level. Although some OEMs are making a concerted effort to provide more, including those like Samsung and TCL, the overwhelming majority of OEMs aren’t.
So the end result is that Google may not actually have the upper hand just yet. And that leaves the question as to what Google needs to do to bring its conglomerate of OEMs and providers onto the same page. In effect, beating out Apple’s iOS on security and making Android the best in one fell swoop. The answer to that question is that the tech giant is already making progress there.
Google is already looking to rectify the differences in its own way
In addition to work to update seamlessly starting from Android 11, Google already has a number of changes in the works that could rewrite how security on Android really works. Not only has it begun shifting towards policies that are more enforceable. It’s also started work to try and strip back some of the power over updates held by OEMs and carriers. Both of which serve as bottlenecks in the process.
Back in 2019, Google announced Project Mainline. As its branding hints, the project is designed to make updating security work via the Google Play Store. If component manufacturers are to update their components via a standard update via Android’s sole official app marketplace, the system could become more secure. That’s even if OEMs don’t update their devices.
Most of the vulnerabilities in Android are at the component-level rather than software issues with Android itself. If Google continues working and eventually enforces a policy around that, then Android could feasibly and quickly become the most secure mainstream mobile platform around.
The post Is Android A Policy Enforcement Away From Better Security Than iOS? appeared first on Android Headlines.
 
Source: ndroidheadlines.com
