Apple's iPhone and iPad and Google's Android are winning the smartphone and tablet wars, but new information says operating systems for the products have major security gaps.

Symantec (NASDAQ: SYMC) said in its Window Into Mobile Device Security white paper that all mobile devices today are increasingly being connected to and synchronized with an entire ecosystem of third-party cloud and desktop-based services outside the enterprise's control, potentially exposing key enterprise assets to increased risk.

That's one reason companies like Wells Fargo have been reluctant to allow employees to plug their own smartphones, including Apple iPhones and Google's Android into the IT system.

The most popular smartphones, Apple's iPhone and Google's Android offer improved security over traditional desktop-based operating systems, the white paper noted, but they are still at risk to many areas of attack. The report said that Apple's iOS security model provides strong protection against traditional malware, due to Apple's rigorous app certification process and their developer certification process that eliminates attackers at the source by determining the identity of each software author.

The white paper said Google uses a less rigorous certification model with Android, allowing any software developer to create and release apps anonymously, without inspection, leading to more Android-targeting malware causing the issues.

Also, the white paper noted that owners of smartphones including Apple's iPhone and Google's Android now routinely synchronize their devices with home computers and other third party cloud devices, exposing data stored on the smartphones to attacks beyond a direct hit on the device.