I'm an Android user. My only iOS device is a first-generation iPad. But I have to commend Apple on the fact that in 10 years, its paradigm-shifting smartphone has never had a major security problem.
Hundreds of new pieces of Windows malware are found every day. Android Trojans routinely make their way into the Google Play app store. Mac malware is still sparse, but it's steadily increasing (and trust me, Windows 10 has better security).
Meanwhile, with hundreds of millions of iPhones and iPads sold in the past decade, you can count the amount of iOS malware found in the wild on the fingers of a single hand. That's a truly remarkable achievement.
There are two main reasons the iPhone is so secure.
- Apple has this ship locked down tight. Nothing gets in or out of iOS without the say-so of Apple security engineers. The App Store is rigidly controlled. Each update to iOS brings new security implementations. Any flaws made public by third parties are quickly fixed.
- Apple understands that its users are morons. Technological morons, that is. Most of them don't know how an iPhone works, and don't care. They don't know the difference between Apple Messages and text messaging. They don't know how to manually install software updates. They don't want to be suspicious of apps in the App Store. And, honestly, they shouldn't have to know any of that.
So Apple takes care of everything for them. Like a benevolent parent or deity — take your pick — it assumes total but loving control of the entire iOS universe, from hardware design to software updates.
Apple makes sure that the iOS user experience is as seamless and worry-free as possible. It keeps the bad people out of the playground, but it also makes sure that the kids don't wander out of sight — no unauthorized modifications, no jailbreaking, no customized home screens.
Some people resent this state of affairs. They're called Android users. I'm one of them.
But we Android users have to put up with delayed (or never implemented) security updates; a half-assed Google Play screening system (sorry, Bouncer, you're doing a lousy job); thousands of malware and adware developers trying to get their junk into our phones; and devices that have safe working lives of at most three years, and sometimes as little as 18 months. (By contrast, an iPhone is good for five years.)
Plus, there's the ridiculous Android ecosystem, in which phone makers, wireless carriers and Google itself have all tried to pass the buck about who has to take responsibility for security issues. The burden often falls on the end user, who's usually the least qualified person to make those decisions.
On that last point, Google is at least making changes that give it greater control. With the upcoming Android O, Google will be able to push out security updates to more phones without having to run the updates past the phone makers and carriers.
But Android is always going to be far behind iOS in terms of security. Android is like a big-city hospital; there are a dozen different entrances, and no matter how many security guards you put on staff, people will always be rushing in and out. iOS is an isolated fort with very thick walls and one very heavily guarded main gate.
That's not to say that the iOS fort is impregnable. There are also a couple of hidden side doors for developers and enterprises, and iOS malware creators know where they are. But it's still one of the safest operating systems that has ever seen wide use.
There's no better testimony to iOS' security success than the fact that Windows Phone, Windows 10 S and Chrome OS have all replicated iOS' "walled garden" structure, limiting their applications to a pre-screened selection available from a single source. (Chrome OS is deviating from this a bit now by allowing Android apps from Google Play.) Even macOS is trying to go down this road with the Mac App Store.
These new OSes are an admission that Apple was right: Users need to be treated like children, not like security experts. It's the only way to keep them safe.