What if the FBI were dealing with an Android?

An employee demonstrates a Motorola Moto E android smartphone in the Lenovo Group Ltd. pavilion at the Mobile World Congress in Barcelona, Spain.
Simon Dawson | Bloomberg | Getty Images
An employee demonstrates a Motorola Moto E android smartphone in the Lenovo Group Ltd. pavilion at the Mobile World Congress in Barcelona, Spain.

Apple's tight control over its hardware, software and app developer ecosystem means that when a government agency wants to crack into a device it needs help from the iPhone maker.

The situation would likely be very different with an Android phone.

As the drama unfolds between the FBI and Apple over whether the government can access data from an iPhone used by the San Bernadino gunman, the public is getting a glimpse into what a 21st-century terrorist investigation entails. And how the type of device matters.

In the U.S., Android is the most popular platform with 53 percent market share, topping Apple at 43 percent, according to comScore. Apple charges a premium for its phones, with a promise of reliability and security. Android phones are sold by an array of handset manufacturers, mostly out of Asia, and often at very low margins from mass manufacturers.

"The security of Android devices pales in comparison because Google ultimately doesn't control devices sold to consumers," said Chris Soghoian, principal technologist at the American Civil Liberties Union. "Google made a deal with the devil. To get market share, it allowed hardware partners and carriers to have control over the devices."

Apple CEO Tim Cook said Wednesday in a letter to customers that the FBI has requested help unlocking a phone used by one of the perpetrators of the Dec. 2 terrorist attack, which killed 14 people.

Apple's Dilemma: Customer Privacy or Help the Fed
Apple's Dilemma: Customer Privacy or Help the FBI   

To crack the password, the FBI needs a "backdoor to the iPhone," with Apple developing software "circumventing several important security features," Cook wrote. He said the company is challenging the court order because in creating the technology for a single phone, the tools would exist to access any phone and the knowledge of how to do it would spread.

This is a familiar argument from Cook. The CEO has loudly beaten the drum on consumer privacy, criticizing ad-supported companies that build their business on user data. Google, of course, makes almost all its money from advertising, while giving away its operating system for manufacturers to build upon freely.

Read MoreApple CEO lashes out at app developers

Because Apple's revenue comes from device sales, it has a very different relationship with customers.

IPhones released in the recent years have what's called a Security Enclave, which is effectively a separate processor that limits the frequency and number of times an incorrect password can be entered. Critically, the process creates a separate ID that "is not known to Apple," according to its security guidebook.

The FBI has asked Apple for a way to circumvent the password limitations for one particular phone.

With Android, every manufacturer handles privacy and security separately, and there's only so much Google can add to the operating system without slowing down the phone.

According to Zuk Avraham, founder and chief technology officer of mobile security provider Zimperium, the quality varies dramatically from one Android vendor to the next. While Avraham wouldn't say which do well and which perform poorly, the top Android sellers in the U.S. are Samsung, LG, Motorola and HTC.

"The boot process looks different in each vendor of Android, which is an opportunity to have a more secure phone but also an opportunity to have a more vulnerable phone, depending on how much time you spend with it," said Avraham. "Some make it better and some make it much worse."

A Google representative didn't respond to requests for comment.

In the latest versions of Android dubbed Lollipop and Marshmallow, the operating system bolstered so-called full disk encryption, which is encryption at the hardware level that requires a virtual key to access. But it's only effective on new devices, not older phones with upgraded operating systems.

Aside from Google, with its own Nexus phones, there's no guarantee that the other Android manufacturers will take such dramatic hardware measures, especially if it means sacrificing performance.

All of this fragmentation creates a potential headache for law enforcement. Should the FBI or another government body need help to tap an Android phone, the initial question will be — Who do we call?

It could be Google, a manufacturer or even the carrier, like AT&T or Verizon.

In the San Bernadino case, the FBI wants access to a specific device. But the discussion goes way beyond just gadgets and wades into the apps and services that are popularly used to communicate.

Read MoreWhat can Anonymous really do to ISIS?

For example, in the Paris attacks late last year, the terrorists were said to be chatting via WhatsApp and Telegram, often using encrypted communications.

Like Apple, app developers are setting out to protect consumer privacy, but the tradeoff with greater protection is that it makes law enforcement's job more challenging.

"It's a broader set of technological capabilities that we're all trying to implement to make computing more secure and safer," said Malcolm Harkins, chief information security officer at security software vendor Cylance. "As we do that you've got malicious individuals that are then using those capabilities to try and hide their communication."