Should malware risks factor into the iPhone vs. Android debate?

As Google's Android operating system gains momentum in the smartphone market, some long-time Apple iPhone fans are considering a switch to Android. But should these former iPhone fans worry that Android alternatives won't be as secure?

With cyberattacks and malicious apps targeting Android smartphones increasing in frequency, some former Apple devotees are nervous about making the switch. In this edition of Ask Maggie, I shed some light on whether Android security should be a deal breaker or not.

I also explain why you may have to pay twice for an app you love if you decide to ditch the iPhone for an Android device.

Switching from the iPhone to Android: Is malware a concern?

Dear Maggie,
I have been reading your posts on switching from iOS to Android, and honestly am quite interested. I have been submerged in the iOS ecosystem since 2008 and have loved it. But I am now worried about the direction Apple appears to be taking. Couple this with the maturation of the Android OS and you have one curious person.

My biggest concern is all the malware reports that have been cropping up with Android. I am fairly tech-savvy, but it seems like everywhere I read, I see new Android malware. I regularly handle private and sensitive data, so is the ability to tweak the Android OS worth the security risks?

Thanks,
Curious Will

Dear Curious Will,
You are correct that studies suggest that malware is on the rise when it comes to smartphones. And because of the open nature of the Android operating system, plus the sheer number of Android devices on the market, this particular operating systems is often a target for hackers.

But you need to keep things in perspective. CNET Senior Editor Seth Rosenblatt, who specializes in software and app testing, said that even though malware threats are increasing, it hasn't yet reached the same level of threat as malicious code found on desktop computers.

"There's no doubt that malware exists and is growing," he said. "But it's also like comparing the surface area of a sheet of paper to the surface area of a piece of dental floss."

That said, Google Android devices may be more vulnerable to attacks than the iPhone. The reason is that Apple's App store is considered to be more secure due to the fact that each app must be approved to be listed in the store for download. By contrast, apps in the Google Play store don't need to be approved by anyone. But that doesn't mean that the store is flooded with malicious apps. The Google Android community has stepped up efforts to actively police the store in an effort to remove apps that may cause harm.

And the truth is that most of the reports about Android malware come from apps that were downloaded from third-party app stores.

One easy way to reduce the risk of downloading a virus on your smartphone is to only download apps from trusted app distributors, such as the Google Play Store or Amazon's app store. In other words the same common sense you use when surfing the Net on your PC applies to your mobile phone: don't download apps from random Websites and don't click on links from unknown sources.

But even this level of caution may not be enough to fully protect you. Malware has been known to slip through the cracks of all app stores. There have been reports of malicious software showing up in the Google Play Store as well as in Apple's well-protected iTunes App store. So even if you find an app you want to download in one of these stores, you should check out the source and vendor of the app you are installing before downloading it onto your phone.

Rosenblatt also recommends that anyone with a smartphone download a security app to their device. Apps from Lookout, Avast or AVG are all good options for Android security, he said. These apps will scan applications when you install them to make sure they are not known malware or try to do things on your phone that would be considered characteristics of malware.

Privacy concerns
But malware is only one potential security threat. You should also be concerned about protecting your private information. While there's no question that key-loggers can gain access to your sensitive data, there are also legitimate applications that track your GPS location, automatically tag photos with timestamps and geolocation information, and read your contacts. These apps may not be malware per se, but they compromise your privacy and there is always a risk that the information gathered could be misused.

The Android OS offers you some protection in this department, since it tells you when you're installing an application if it will be doing these things. But sometimes people just press "accept" and install the software anyway because they want a free app. That is why it's important to pay attention to those alerts when you are installing apps. And if you don't want that information gathered and shared with anyone, then don't accept the terms and do not download that application.

Beware of theft

If you're concerned about security and privacy, which it sounds like you are, then you should also make sure that the information on your phone is encrypted and that you know how to remotely wipe your device of data if it's lost or stolen.

While I understand that your question was specifically about malware, you are probably far more likely to have your phone lost or stolen than you are to have it infected with malware. Because mobile devices are small and portable, they can be easily stolen and resold, making theft much more of a threat than it would be for a desktop computer or even laptops.

Following this line of thought, Rosenblatt reasons you may put your data at greater risk by owning an iPhone than an Android device. Why?

"Since iPhones tend to retain the highest resale value, it stands to reason that if you own an iPhone, you're a more appealing target for theft," he said.

He recommends that it's just as important to have location detection and anti-theft capabilities built into the security software you have on your device as it is to have functionality that scans your device for malware. (Of course, turning on a location tracker exposes you to privacy risks, so you should weigh the pros and cons of doing this.) Premium versions of security software, such as Lookout, can also provide this protection, which includes back-up features and restore features as well as remote wiping of the device.

The bottom line is that I don't think malware risks should be a major factor in choosing your next smartphone OS. There are security risks associated with any device operating system. And there are privacy and security concerns that come with owning any smartphone. The best advice I can offer you is to make sure you are protecting your device, whether it's an iPhone or an Android smartphone, by doing these four things:

• Install security apps on your device that scan for malware, track lost devices, backs-up data, and remotely wipes lost handsets.

• Download apps only from trusted and legitimate app stores and app developers.

• Encrypt data stored on your device.

• Decline to download apps that access and share your personal information, such as location or contacts.

I hope this advice was helpful. And good luck.

In switching from iOS to Android, do I have to repurchase my apps?

Dear Maggie,
I have an iPhone 4S on Verizon Wireless. And I was thinking of switching to the Samsung Galaxy Note 2 on Verizon, but my issue is the apps. A lot of the apps that I have downloaded onto my iPhone are available in the Google Play Store. However, some of the apps I have on my iPhone were ones I had to purchase. So will I have to rebuy all the apps I have already bought on my iPhone for the Galaxy Note 2?

Thanks,
Nick

Dear Nick,
Unfortunately, the answer to this question is "yes." Even though the apps you have on your iPhone may also be available on Android devices, the software itself is not the same. So if you switch from an iPhone to an Android smartphone or tablet, you will have to re-download the app. And if it's one that costs money, you will have to pay for it again.

The reason why is that both Apple and Google get a cut of each app purchase. So when you switch from iOS to Android, you are starting over with a different ecosystem. And if you purchase that app for an Android device through the Google Play store, Google wants a piece of the action, just as Apple got a cut when you purchased that app from the Apple App Store.

That said, there may be some ways around this situation. I've read on some forums about people who have contacted the individual app developer to see if they could re-download the app for a different OS for free. I have never tried this so I can't verify that this actually works, but it couldn't hurt to try. Still, if the app only costs 99 cents it may not be worth the hassle of contacting the app developer. Depending on how many purchased apps you have on your phone, it might just be easier to re-download them and pay for them again. This may be annoying, but it's likely your easiest and fastest way to make the transition.

The other thing to keep in mind is that many apps that you paid for in the Apple App store could be available for free on Android. Sometimes developers will charge for an app in the Apple App Store and won't charge for it in the Google Play Store. There are also many more free apps on Android than there are in Apple's App Store.

I hope this advice was helpful and I'm sorry I didn't have better news to offer you regarding your question. Perhaps, one of the Ask Maggie readers will post alternatives I haven't considered. So make sure you check out the comment section following this story.

Ask Maggie is an advice column that answers readers' wireless and broadband questions. The column now appears twice a week on CNET offering readers a double dosage of Ask Maggie's advice. If you have a question, I'd love to hear from you. Please send me an e-mail at maggie dot reardon at cbs dot com. And please put "Ask Maggie" in the subject header. You can also follow me on Facebook on my Ask Maggie page.