It is no secret that cyber criminals are becoming a more prominent threat to businesses. However, what many business owners fail to understand is that cybercriminals are looking to find weak links within the target’s employees, rather than their firewalls. Human error accounts for the majority of the breaches that occur so it would be safe to assume that besides email, an employee’s cellphone is a prime target.
As Google and Facebook are facing heavy scrutiny due to data privacy regulations, Apple has stepped up to bat and positioned their devices as the leading mobility products for privacy. With videos and banners (see video below) throughout the country touting headlines such as “What happens on your iPhone, stays on your iPhone” it is difficult to ignore their efforts.
As South Florida’s leading cybersecurity firm, we wanted to do some digging and see exactly how valid Apple’s statements are. Here is what we found:
Your phone is a treasure trove of your private data. From phone numbers, online bank access, messages, emails, and more, it is imperative that all of the data stored on any mobile device is encrypted. Full device encryption scrambles all of the data stored on the device making it unreadable from outside of the device. Lucky for us, today’s smartphones come with full device encryption enabled by default, making it almost impossible to steal information from the phone if it is lost or stolen.
Although the data stored on the phones is encrypted, there is still data being collected that is then sent to manufacturers, marketing companies, and more. Apple is tackling this by ensuring that their phones are encrypted with a personal postcode on the device and stripping away any identifying information before that data is sent to Apple (Reuters). Each device comes with a unique ID called an Identifier for Advertisers (IDFA), which lets advertisers track and have access to the actions and activity in the apps, but limits how much personal data other companies can access.
No matter what, your information will be sent to advertisers, but Apple does indeed try to limit what sensitive information is sent. If you want to limit the activity tracking on your phone, I recommend following this tutorial by Apple, which helps opt out of interest-based ads in the App Store and Apple News.
In comparison to Android devices, Apple tends to face less of a threat due to the nature of its App Store. Whereas Google makes APIs available to developers, Apple does not and requires complete application testing and validation before allowing an application onto the App Store. This does help to prevent widespread malware infections for Apple users and gives them peace of mind. Apple devices are not 100% safe, as noted by iOS-based malware XCodeGhost back in 2015. However, due to their security practices and walled garden App Store, Apple devices are mostly safe from malicious applications.
Effects on the Enterprises
Besides taking a stance for personal privacy, Apple has been making strides to secure users on the enterprise level, filling in a void that Blackberry devices left. In 2018, Apple announced a partnership with Cisco, Aon, and Allianze to create a cyber risk management solution for businesses. Apple will be providing ransomware defense from Cisco, resilience evaluation from Aon, and cyber insurance from Allianze, and integrating them with Apple products on iOS devices. With the partnerships, Apple hopes to protect valuable corporate data and its backend systems.
Our Final Verdict
Apple is indeed better than Android in terms of built-in privacy, and can, therefore, stake a claim that Apple devices are safer and more private. However, individuals, regardless of whether they own an Android or Apple device, should take responsibility in securing their smartphones. Measures such as two-factor authentication and password managers should be used. Users should also thoroughly vet applications before downloading and using them. Having good cyber posture means doing more than just choosing a smartphone, and must include equipping them to secure your personal and company information.