Well, that is true to an extent, and I still maintain that iOS is more secure than Android overall, but you can’t ignore the fact that hackers manage to jailbreak iOS–often within a day or two of a new version being released. Jailbreaking, in and of itself, is not malicious. It is designed to break down the Apple walls and give users more open access to work with their iOS devices as they choose without needing permission from Apple. The reality, though, is that if benign hackers can jailbreak iOS and gain full control over the mobile OS, then so can malicious attackers–leaving iPhones and iPads exposed to significant security risk.

The recent JailbreakMe 3.0 tool can wirelessly jailbreak iOS devices–including the iPad 2, using a flaw in the way iOS manages PDF files. Apple is working on a fix, but in the meantime I recommend being very careful about opening PDF files on an iOS device–unless you are intentionally trying to jailbreak the device.

For those who may be out of the loop, “jailbreak” is the term used for circumventing the security controls of iOS and gaining root access to hack the device and let you customize and configure it in ways that Apple would never allow.

Many people swear by jailbreaking, and consider it a “right” of sorts that they should be able to modify their iGadget of choice to fit their needs without getting Steve Jobs approval. Fair enough. But, the fact that iOS is so easily hacked to gain root access is not a great sign for the security of the mobile OS overall.

As organizations embrace smartphones and consider deploying tablets en masse, the security and stability of the platform are important factors to consider. There are a growing number of enterprise tools coming to market to enable IT admins to configure, monitor, and maintain remote devices like smartphones and tablets, and some of those are able to identify devices that have been jailbroken.

That is at least a band-aid, or a step in the right direction. But, Apple should be looking seriously at what it can do to protect iOS and prevent jailbreaking. No software is perfect, but iOS 4.3 was hacked in under 24 hours. Breaking into the OS should at least be a challenge requiring some effort and not just a trivial walk in the park.

ASLR (address space layout randomization) randomize the location of core system functions to make them more difficult to locate and exploit. That is, when it works. Charlie Miller was able to bypass the ASLR protection and hack an iOS to win the iPhone portion of the Pwn2Own competition using a security hole in the iOS version of the Safari Web browser.

Miller has shared the details of the flaw with Apple, and Apple is reportedly working on an incremental update for iOS 4.3. Expect to see an iOS 4.3.1 update very soon.

Some might say it is controlling, or that Apple policies and restrictions within iOS and for iOS app developers lean toward draconian. But, sometimes there are benefits to the “walled garden” approach.

Android users have been hit by more than 50 malicious Trojan apps that somehow made their way into the official Google Android Market. What is even worse is that these DroidDream malicious apps are able to bypass Android security controls and gain root access to the system–granting the malware almost limitless power to further infect or compromise the Android smartphone.

Well, not only would the stringent app review process at Apple be more likely to uncover hidden malicious code like DroidDream, but the success of DroidDream is largely a result of the fragmented Android landscape. Google is on Android 2.3 Gingerbread for smartphones, and recently launched Android 3.0 Honeycomb for tablets. The vulnerabilities exploited by DroidDream to root Android were fixed in Gingerbread–which has been available for nearly three months. However, only about one percent of all Android devices have actually received the update to Gingerbread, and the rest are at the mercy of individual smartphone manufacturers to determine when–or if–they will get it.

Meanwhile, more than 90 percent of the iOS devices out there are running the latest version and anxiously awaiting the release of iOS 4.3 later this week. When iOS 4.3 is released, it will be available to virtually all iPhone, iPad, and iPod Touch devices (Verizon iPhones are already running a more current version of iOS than other devices and are excluded from the iOS 4.3 update for now).

The diversity of hardware, and the open software platform of Android are a double-edged sword. There are certainly benefits, but there is a problem when known vulnerabilities still exist in 99 percent of the Android devices because of device and OS fragmentation.