Are Smartphones Superior to Computers When It Comes to Malware Protection?

I’ve worked with computer security for over 30 years. Lately, I’ve been many times asked this question: “Which is more secure, a smartphone or a real computer?” The answer is a smartphone, but the underlying reasons for this may not be obvious.

The popularization of modern mobile operating systems has been the largest information security improvement in everyday life of the past 15 years. The iPhone, launched in 2007, has never been subjected to a widespread malware epidemic. This is an astonishing achievement, for which Apple deserves our congratulations. The rare cases that we have seen on iPhone have typically been targeted attacks done with tools like Pegasus. These tools are very expensive and typically only available for law enforcement and intelligence agencies. Google’s Android has had a few more issues, but it is also much more secure than traditional computers.

Mobile operating systems (iOS, iPadOS, and Android) are therefore more secure than desktop operating systems (Windows and macOS). This is because they are more limited for users, even if the limits are less than obvious.

Mobile devices and computers may seem similar. For example, fitting a keyboard to an iPad Pro makes it similar to Apple’s Macbook laptop. They can both be used for the same things: browsing the web, using Photoshop, playing games, paying bills online, processing documents, and so forth.

The only major difference concerns users who are also programmers. The Macbook is a computer. Any coder can write and run software for their Macbook and give the software to a friend, who can also run it on their computer. This has not been possible on an iPad. In the iPad world, owners have not been allowed to program their own devices, a limitation that may sound harsh, but is familiar from another environment—game consoles. Internally, the iPad is a computer, just like the PlayStation and Xbox, but you cannot program a PlayStation after buying it: you can only purchase ready-made game software to run on your device.

To run your own software on iPad, you must first send the program for approval—to Apple in California. So, you can run your software only if it is approved by Apple. Similarly, Sony approves all software run on PlayStations, and Microsoft approves all Xbox software.

Such architecture is very limited but also very secure, which is the main reason for the absence of malware epidemics on iPad, iPhone, PlayStation, or Xbox. Android has a very similar but slightly more open system. The checks run by the Google Play app store are somewhat less strict, which explains why we do see some malware on Android. Of course, Android is more secure than Windows or macOS, as the latter are fully open environments programmable by anyone.

I know of companies which have recovered from company-wide outbreaks by replacing their Windows laptops with iPad Pros or with Google Chromebooks. This is improving security by removing functionality.

In other words, if you are doing something particularly important, do it on a mobile device rather than a desktop computer. For example, online banking is more secure on a smartphone than on a “real” computer. Smartphones do have their risks, however. For example, few of us leave a computer on the back seat of a taxi after a night on the town, but quite a few smartphones end up in such places.

Mikko Hypponen is a global security expert and author of “If It’s Smart, It’s Vulnerable” (Wiley, 2022).

Editor’s note: The views expressed in this op-ed are the author’s own and do not necessarily reflect those of Total Security Advisor.