Security researchers at John Hopkins University studied the security measures of Android and iOS, specifically encryption. They found that both systems could be better (via Wired).
The researchers wanted to find out how law enforcement can sometimes bypass your phone’s encryption. With iOS, the level of encryption it offers depends on which state the phone is in. These two states are referred to as Before First Unlock (BFU) and After First Unlock (AFU).
When your iPhone has been turned off and you turn it on, it resides in a state that Apple calls “Complete Protection”. This is before you first unlock it, or BFU. Security protections are high and it’s difficult for third-parties to extract meaningful data from the device. Once you unlock your phone though, it enters the AFU state.
In AFU, a lot of the device’s encryption keys are stored in quick access memory for faster retrieval. Using certain vulnerabilities in iOS, a third-party could grab these keys and use them to decrypt parts of your data. Developers do have the option for their apps to always remain in the Complete Protection mode after AFU.
Android doesn’t have that option, due to the complexity of the ecosystem with many Android device manufacturers and how implement Android. Tushar Jois, the researcher who led the Android analysis, talked about this to Wired:
Google has done a lot of work on improving this, but the fact remains that a lot of devices out there aren’t receiving any updates. Plus different vendors have different components that they put into their final product, so on Android you can not only attack the operating system level, but other different layers of software that can be vulnerable in different ways and incrementally give attackers more and more data access. It makes additional attack surface, which means there are more things that can be broken.
In response to Wired, an Apple spokesperson pointed out that the type of analysis the researchers carried out is expensive. It relies on the attacker having physical access to your device, and only works until Apple patches vulnerabilities they use. Apple also wants to strike a balance between ultimate security and convenience.