Android and iOS don`t have better security models than Windows because the highest potential of their security capabilities is stronger. Indeed, Windows is actually better in that respect. They have better security models because ordinary people can use them reasonably safely.
It`s really a shame they couldn`t commit and execute well enough to draw in developers, but their own in house apps were terrible. Not a great showcase for the platform :-/
To be fair, Android and iOS also benefit from being created 20 years later with a very different app model and no backwards compatibility garbage :p
Were not gonna talk about restricting code installs to signed code only available via the vetted app stores? Thats the big win IMO.
Compile please
(Windows has a complex problem here, in that legacy compat is the major reason people use it and also the source of significant weaknesses. However, MS still could do things that would seriously cut the risk of using Windows without crippling the vast bulk of compatibility.)
As we now know, if you`re an APT using browser 0day chains to compromise devices you might in some cases prefer mobile exploitation over PC exploitation. But overall, the much greater resistance of iOS, Android, Chrome OS, etc. to non-high-end attacks is much more significant.
The "security guidance" needed for people to use an iPhone or an Android phone with a reasonable degree of security: 1. Install updates and reboot when the phone says. 2. Only install apps when they`re from reputable developers and you really need them. That`s about it.
