How Secure are iPhone and Android Apps

Apr 01, 2010 by John Messina weblog
The Android smartphone and iPhone handle application security radically different.

( -- Today's smartphones are pocket size computers that can be customized by downloading applications. This is what makes a smartphone vulnerable to cybercriminals. In this article we will examine how an iPhone and Android phone handles security. Both phones handle security radically different.

In order for iPhone application to get listed in ’s , developers must create an account and pay an annual fee. All applications are evaluated by a team at Apple and approve each version of the software before it’s made available in Apple’s App Store. Apple roughly disapproves about 10% of all applications submitted to the App Store because the applications would steal or pose a threat in some other way to the user.

In Android’s Marketplace, applications are not evaluated by . Android users are protected in a completely different way by using a security model based on “capabilities”. Each Android app that is installed must tell the phone’s OS what capabilities it requires.

When an application is installed, the Android OS lists all the “capabilities” that is required in order for the application to run. This allows the capabilities-based system to be governed by the OS and preventing the application from doing more than what it’s supposed to.

The capabilities-based system has its flaws. For instance, there is no way of knowing that the application will act the way it’s supposed to with the trust that it’s given. This system also can’t tell the difference if the privileges it grants the application is for legitimate use or not. For example, some applications will ask for a user name and password to communicate over the internet with a remote host.

Other security features for the iPhone and Android phones is that they both can be set to lock after a length of inactivity; a password is then required to unlock the phone. The iPhone however has an additional security feature where 10 failed password attempts can erase all data on your phone. The iPhone also supports remote wipe. The Android OS has neither of these features making it less secure.

No matter what security features are deployed in the or Android smartphones there are other ways of obtaining personal information from smartphones. Manufactures can only try to make it harder for cybercriminals obtaining your personal information.

Explore further: Blink, point, solve an equation: Introducing PhotoMath

More information: Via: TechnologyReview

Related Stories

Apple App Store downloads top three billion

Jan 05, 2010

Apple on Tuesday announced that more than three billion mini-applications for iPhone and iPod Touch devices have been downloaded from the firm's online App Store.

Modified iPhones Are Compromised By New Worm

Nov 25, 2009

( -- Several research security firms have reported a new worm attack against jail broken iPhones, dubbed "Ikee.B or "Duh", this worm searches for personal and banking information.

Recommended for you

Report: Better shields needed for private tax data

45 minutes ago

Federal investigators say the IRS and the states should improve how they protect the security of confidential tax information of people getting benefits under the 2010 health care law.

Some online shoppers pay more than others, study shows

1 hour ago

Internet users regularly receive all kinds of personalized content, from Google search results to product recommendations on Amazon. This is thanks to the complex algorithms that produce results based on users' profiles and ...

Comcast wins more Internet customers, ad sales up

2 hours ago

Comcast Corp.'s third-quarter net income jumped 50 percent in the third quarter, helped by a one-time tax settlement, growth in Internet subscribers and fewer defectors from its cable service.

Christian Bale to play Apple's Steve Jobs

3 hours ago

Oscar-winner Christian Bale—best known for his star turn as Batman in the blockbuster "Dark Knight" films—will play Apple co-founder Steve Jobs in an upcoming biopic.

Netflix to stream new online TV series, 'Bloodline'

3 hours ago

Fresh from commercial and critical success with hit shows "House of Cards" and "Orange is the New Black," Netflix on Thursday announced a new online series, "Bloodline," set for release in March.

User comments : 4

Adjust slider to filter visible comments by rank

Display comments: newest first

3 / 5 (1) Apr 01, 2010
it would so suck if your friends at a bar tried to access your iPhone and then you were drunk and entered the password wrong and cleared the memory... with my friends I could so see that happening
not rated yet Apr 01, 2010
This article starts off acting neutral and unbiased but it ends up being no better than Microsoft IE's recent hypocritical bash against chrome.

Of course the author overlooked that the app store reviewers have been *known* to overlook *major* security problems within some apps, and that the app store isn't the rainbows and butterflies it's made out to be.

What the "capabilities" model does is put the judgement into the users hands as to whether they would want a particular app to have a certain ability instead of the hand-holding and babysitting Apple forces on it's users and developers.

And no matter *what* OS it is, iPhone, Android, or even a desktop OS like Windows, Linux or OSX, a user only installs a shady application at their own risk. The "capabilities" model just gives the user the information needed to make a sound decision.
not rated yet Apr 02, 2010
"The iPhone ...can erase all data on your phone."

For Android phone this capability just isn't bundled with OS. However, there are several security applications which can do it.
not rated yet Apr 02, 2010
I don't know about you, but my Nokia e63 mobile is a champ. Even their mobile online support is great. I'll take my Nokia over an iPhone any day. As many blogs on say, there's a wealth of cool new phones out there. But if I want to change phone companies, no jailbreaking here, I just have to change the sim. Take that apple!!