U.S. Markets closed

Android devices yield their secrets to the feds more readily than iPhones

Rick Newman
Senior Columnist

Here’s a curious contrast in numbers: There have been at least 63 instances since 2012 when the government went to court seeking a tech company’s help cracking into a smartphone, according to new research from the American Civil Liberties Union. Only 9 of those cases, or 14%, involve an Android device.

Yet Android’s share of the U.S. smartphone market is 52%, according to comScore. So the proportion of Android devices in use is much larger than the portion the feds need help cracking into.

Do bad guys prefer iPhones? It’s possible, especially since the recent controversy over accessing the iPhones of criminal suspects has shown Apple’s (AAPL) products to be unusually robust against hackers. But the more likely explanation is that the bad guys own Android devices in the same proportion as the general public, and the government is just a lot better at hacking into Android devices than into iPhones.

That would make sense, since Google’s (GOOGL) Android system is open-source software accessible to anybody on the Internet. Open-source software typically encourages widespread adoption and makes it easy for anybody with an interest to develop applications and programs that work in conjunction with the software. Making the Android mobile operating system open-source helped Google become a big player almost overnight, even though Google never built a phone until 2008. (The first BlackBerry arrived in 1999, while the iPod, progenitor of the iPhone, debuted in 2001.)

But opening software to developers also opens it to hackers. “Because the source code is open, it allows mobile forensics companies to go in and exploit it a lot more,” says Patrick Siewert of Professional Digital Forensic Consulting in Henrico, Va. “Well-developed mobile forensic software can access data and sometimes spit back the passcode or swipe code for an Android device.”

There are many ads on the Internet for spyware and other tools that claim to be able to hack an Android device to, say, look for clues that a spouse might be cheating. Google polices the apps marketed in its app store, to make sure they don’t harm Android users. But monitoring apps can be "sideloaded" from other sites Google doesn’t monitor.

An Android security features monitors apps for malware and other threats, no matter where the app comes from. But Apple exerts even more control. IPhone users can only download apps directly from Apple's app store. And Apple’s iOS software is proprietary, which means only Apple knows the source code. Plus, Apple controls both the hardware and software portions of an iPhone, whereas Google’s Android software resides on devices produced by dozens of manufacturers. Some providers advertise spyware for iOS devices, but they either require consent of the iPhone user (think kids or employees using a company-owned phone) or work on earlier versions of the operating system. Apple’s iOS 9, the latest version, is considered virtually impervious to hacking.

Or was. Earlier this year, the FBI sued Apple asking for help cracking into the iPhone 5c used by one of the two shooters in last December’s San Bernardino terrorist murders. The government has since withdrawn the suit, saying a third party helped it access the phone, which runs on iOS 9. Industry experts speculate that Cellebrite, an Israeli mobile forensics company, pulled off the hack. Cellebrite is well-known for its ability to crack into smartphones, including iPhones running on Apple's older software -- a service it offers mostly to law enforcement agencies for several thousand dollars per phone. Nobody’s saying how the FBI got into the San Bernardino phone, however, and even Apple itself would like to know.

What’s clearer is that the encryption wars are intensifying. Google and the many Android phone makers are amping up their own security, while Apple will assuredly patch any holes in iOS the FBI and its contractor may have found. The hackers will counter with new breakthroughs of their own, while ordinary phone users will continue to wonder whether the good guys, or bad guys—or all of them—are checking out their info.

Rick Newman’s latest book is Liberty for All: A Manifesto for Reclaiming Financial and Political Freedom. Follow him on Twitter: @rickjnewman.