An important thing to know before diving into this question is that modern mobile phones very effectively isolate Apps from each other. For example: a WhatsApp application has by default no access to other resources on a user’s phone. If a user wants to send a picture using WhatsApp, he will need to give permission to WhatsApp to access the camera. (Same for microphone, files, ...). The app permissions are managed by iOS and Android, we can check them in the corresponding Settings App.
But that doesn't mean you're absolutely safe and that no viruses can get onto your device. Sometimes we ourselves let viruses into our devices by installing untrustworthy apps. How can you prevent this? By only installing apps from official application stores (App Store for iPhone or Google Play for Android devices). Even then, there are differences between the two stores.
iOS is much more restrictive than Android in terms of what the user can download and execute on his phone:
How to install Apps?
- Android: the user can download apps from the Google Play Store (or the manufacturer's Play Store) by default. The user can also download application files from the Internet and install them on their phone. This is called sideloading.
- iOS: the user can only download apps from the App Store. It is not possible to download apps from another source.
App provenance security checks
- Android: App developers are not required to prove their identity to Google before uploading an App. Google asks developers for a $25 fee using their credit card to upload their app on the Google Play store. Unfortunately, Malicious developers can use stolen credit cards to do this operation.
- iOS: Developers must first register with Apple before uploading their app to the store. After that, Apple carries out strict security and privacy controls before the developer can sign its application and publish it on the App Store.
Antivirus software
Antiviruses work by observing the behavior of other applications present on the system and then detecting suspicious behavior from them. AVs therefore need to have access to information from other applications on the system in order to work properly. This behavior is of course disabled by default, but there is an important difference between iOS and Android.
- Android: it is possible to give an application the permissions necessary for its operation (i.e. to have access to information from other applications on the system).
- iOS: It is by design not possible to give permission to an app to access information from another app. This feature therefore makes the performance of AVs on iOS very limited.
In summary
- Android: Users can download apps from the Internet on their phone if they want to.
Android gives warning messages that the app is not trusted, but there are still a lot of incautious users who install malicious applications and give full permissions to these.
- iOS: Apple performs more extensive checks on the developers who publish applications on its platform and on the security of these. Also, it is not possible to install apps from other sources.
- Android: An antivirus can help to protect your Android smartphone, but it is not a top priority. While having an antivirus on your phone might protect you from malicious apps, the best protection is still to never download something that does not come from the official Play Store.
- iOS: Since Apple carries out much stricter controls on what gets published on their store AND the fact that it is not possible to give sufficient permissions to an AV app to work properly, AV software on mobile phones is not recommended.