Symantec has released a new 23-page whitepaper titled "A Window into Mobile Device Security: Examining the security approaches employed in Apple's iOS and Google's Android" (PDF). It is a technical evaluation of the two predominant mobile platforms (Apple's iOS and Google's Android) with the goal of helping corporations understand the security risks of deploying such devices in the enterprise. In short, Symantec says that while they offer improved security over traditional desktop-based operating systems, both iOS and Android are still vulnerable to many types of attacks.

iOS and Android devices are increasingly being connected to and synchronized with an entire ecosystem of third-party cloud and desktop-based services outside the enterprise's control, which complicates matters significantly as it could potentially expose key enterprise assets. The same can be said for when iOS and Android users synchronize their devices with third-party cloud services and with their home desktop computers: sensitive enterprise data stored on these devices can be potentially exposed to systems outside the enterprise.

Symantec says iOS' security model offers strong protection against traditional malware, primarily due to Apple's rigorous app certification process and the company's developer certification process, which vets the identity of each software author and weeds out attackers. Google has opted for a less rigorous certification model, permitting any software developer to create and release apps anonymously, without inspection. Symantec believes this lack of certification has led to an increasing volume of Android-specific malware.

Of course, as a security company, Symantec has a vested interest in declaring platforms as insecure. If you keep that in mind though, the report is a very interesting read.