Which platform would a typical IT guy be more on guard against?

While Windows has been known for decades to be a hot pot for all PC malware, Android phones are much more ubiquitous and personalized, and (as far as I know) aren’t hardened against malware in any way. I mean, it literally takes just two taps to install a rogue apk and that is notwithstanding that most OEM implementations and apps on the Play Store are ad-ridden privacy nightmares by themselves. At least when it comes to Windows, Administrators have greater control over client machines and can put in restrictions. How would someone handling infosec in an organization control security on people’s personal phones?

  • アルケミー船長
    link
    fedilink
    2
    edit-2
    1 year ago

    By far windows, windows lacks or doesn’t fully utilize features like full verified boot, sandboxing which means even if a program installs itself it still has to ask for permission for mic, camera, etc. Adding on to the issues even the programs themselves can be unsafe. Running a program that uses a memory safe programming language is pretty rare and a lot of vulnerabilities come from memory allocation and buffer overflow bugs. Android attempts to mitigate these issues by sandboxing every app, all phones ship with verified boot and full disk encryption, and usually have a memory allocator of sorts. And if you run a degoogled ROM you’ll mitigate the privacy issues by not having Google play services installed.

    If you need some way to monitor these devices as an admin there are apps on android that allow this functionality, iOS has similar admin features.

    edit: typos edit 2: added information