Mobile security: Android versus Apple

Oct 09, 2013
Smartphone users want to know that their data is safe from malicious applications. Credit: iStock/Thinkstock

Smartphones are big business, prompting fierce competition between providers. One major concern for consumers is whether a smartphone will keep their private data safe from malicious programs. To date, however, little independent research has been undertaken to compare security across different platforms.

Now, Jin Han and co-workers at the A*STAR Institute for Infocomm Research and Singapore Management University have conducted the first systematic comparison of the two biggest operating systems in mobile software—Apple's iOS and Google's Android. The two companies take markedly different approaches to .

Apple famously maintains complete control over iOS security, promising that all applications are thoroughly screened before release and security patches are smoothly applied across all their phones. However, malicious software has appeared in the iTunes store.

Android, in contrast, displays everything that an application will need to access so that users can decide themselves whether to go ahead with an installation. Some critics argue that handing such control to unqualified users could present a security risk in itself.

To compare these two security models, Han and co-workers identified 1,300 popular applications that work identically on both iOS and Android. These applications, such as Facebook, often access code libraries on smartphones called security-sensitive application programing interfaces (SS-APIs), which provide private user data or grant control over devices such as the camera.

"We needed to establish a fair baseline for the security comparison between Android and iOS," says Han. "We achieved this goal by examining the SS-API usage of cross-platform applications."

The researchers found that 73% of iOS applications, especially advertising and analytical code, consistently accessed more SS-APIs than their counterparts on Android. Additionally, the SS-APIs invoked by iOS tended to be those providing access to sensitive resources such as user contacts.

The results imply that by allowing users to control permissions, Android may be better at preventing stealthy from getting hold of private information. Notably, Android also intentionally avoids using SS-APIs if non-security-sensitive APIs can be used to achieve the same functions.

To avoid jumping to conclusions about the risk to Apple users from the iOS process, Han urges caution in interpreting the results. "Mobile platforms are constantly evolving," he says. "Our experiments were mainly conducted on iOS 5, but iOS 6 has enhanced its privacy protection so that users will be notified when an app is trying to access their contacts, calendar, photos or reminders. This may encourage developers to modify their apps so that they access less private data."

Explore further: Apple says iOS 7 will be available Sept. 18

More information: Han, J., et al. Comparing mobile privacy protection through cross-platform applications. The 20th Annual Network & Distributed System Security Symposium, 26 February 2013. www.internetsociety.org/doc/co… latform-applications

add to favorites email to friend print save as pdf

Related Stories

Georgia Tech uncovers iOS security weaknesses

Jul 31, 2013

Researchers from the Georgia Tech Information Security Center (GTISC) have discovered two security weaknesses that permit installation of malware onto Apple mobile devices using seemingly innocuous applications ...

Security holes in smartphone apps (w/ Videos)

Apr 17, 2013

(Phys.org) —Popular texting, messaging and microblog apps developed for the Android smartphone have security flaws that could expose private information or allow forged fraudulent messages to be posted, ...

Android mug shots have no lock and key

Mar 04, 2012

(PhysOrg.com) -- If Google loyalists will persist that this Internet Goliath can do no evil, they at least need to admit, based on new evidence this week, that Google can do a lot of mindless harm. A security ...

Android suited up for C-level security

Oct 11, 2011

(PhysOrg.com) -- Android is enterprise-ready, with this week's announcement of a new security platform for Android, from Motorola Mobility's subsidiary, 3LM (stands for Three Laws Mobility). This is a potential ...

Recommended for you

Researchers jailbreak iOS 7.1.2

24 minutes ago

Security researchers at the Georgia Tech Information Security Center (GTISC) have discovered a way to jailbreak current generation Apple iOS devices (e.g., iPhones and iPads) running the latest iOS software.

Smartphones as a health tool for older adults

58 minutes ago

A team of researchers from the Universitat Politècnica de Catalunya · BarcelonaTech (UPC) and the Universitat Autònoma de Barcelona (UAB) is creating a smartphone app that will help older adults to understand ...

Can you trust that app?

1 hour ago

You're on your smartphone, browsing through Facebook. In a fit of productivity, you search for, say, a project management app to help you use your non-Instagram and cat video time more effectively. You download ...

Facebook's Internet.org expands in Zambia

Jul 31, 2014

(AP)—Facebook's Internet.org project is taking another step toward its goal of bringing the Internet to people who are not yet online with an app launching Thursday in Zambia.

Body by smartphone

Jul 30, 2014

We love our smartphones. Since they marched out of the corporate world and into the hands of consumers about 10 years ago, we've relied more and more on our iPhone and Android devices to organize our schedules, ...

User comments : 0