Which platform would a typical IT guy be more on guard against?
While Windows has been known for decades to be a hot pot for all PC malware, Android phones are much more ubiquitous and personalized, and (as far as I know) aren’t hardened against malware in any way. I mean, it literally takes just two taps to install a rogue apk and that is notwithstanding that most OEM implementations and apps on the Play Store are ad-ridden privacy nightmares by themselves. At least when it comes to Windows, Administrators have greater control over client machines and can put in restrictions. How would someone handling infosec in an organization control security on people’s personal phones?
I’d say Windows. Android can be more insecure but the Android ecosystem is so fragmented that it’s difficult to write malware or exploits that are ubiquitous or even work outside a specific Android ecosystem.
Windows is just kinda a hot mess and has tons of legacy stuff that can be compromised. The attack surface is larger on Windows imo.
Don’t all Android systems (at least on the same version) have the same APIs and file systems? Don’t apps made for Android run on all Android devices running the targeted version? Why would the cosmetic layers of adware that OEMs pile on AOSP turn phones into different ecosystems that don’t interoperate?
Well, for example, Android phones need to be rooted for full system access, for example. That’s a series of hoops to jump through. Same goes for installing a malicious .apk. A windows user just needs to click through a AUC prompt and the lovely has keys to the city. That’s before we touch the wonder that is admin PowerShell.
I suppose the ratio of how much knowledge the average person knows about tech to “dangerous” behavior naturally taught by the OS is higher, I suspect, on Windows.