How Secure are iPhone and Android Apps

Apr 01, 2010 by John Messina weblog
The Android smartphone and iPhone handle application security radically different.

(PhysOrg.com) -- Today's smartphones are pocket size computers that can be customized by downloading applications. This is what makes a smartphone vulnerable to cybercriminals. In this article we will examine how an iPhone and Android phone handles security. Both phones handle security radically different.

In order for iPhone application to get listed in ’s , developers must create an account and pay an annual fee. All applications are evaluated by a team at Apple and approve each version of the software before it’s made available in Apple’s App Store. Apple roughly disapproves about 10% of all applications submitted to the App Store because the applications would steal or pose a threat in some other way to the user.

In Android’s Marketplace, applications are not evaluated by . Android users are protected in a completely different way by using a security model based on “capabilities”. Each Android app that is installed must tell the phone’s OS what capabilities it requires.

When an application is installed, the Android OS lists all the “capabilities” that is required in order for the application to run. This allows the capabilities-based system to be governed by the OS and preventing the application from doing more than what it’s supposed to.

The capabilities-based system has its flaws. For instance, there is no way of knowing that the application will act the way it’s supposed to with the trust that it’s given. This system also can’t tell the difference if the privileges it grants the application is for legitimate use or not. For example, some applications will ask for a user name and password to communicate over the internet with a remote host.

Other security features for the iPhone and Android phones is that they both can be set to lock after a length of inactivity; a password is then required to unlock the phone. The iPhone however has an additional security feature where 10 failed password attempts can erase all data on your phone. The iPhone also supports remote wipe. The Android OS has neither of these features making it less secure.

No matter what security features are deployed in the or Android smartphones there are other ways of obtaining personal information from smartphones. Manufactures can only try to make it harder for cybercriminals obtaining your personal information.

Explore further: 'NBA 2K15' drafts 3D face mapping for latest game

More information: Via: TechnologyReview

Related Stories

Apple App Store downloads top three billion

Jan 05, 2010

Apple on Tuesday announced that more than three billion mini-applications for iPhone and iPod Touch devices have been downloaded from the firm's online App Store.

Modified iPhones Are Compromised By New Worm

Nov 25, 2009

(PhysOrg.com) -- Several research security firms have reported a new worm attack against jail broken iPhones, dubbed "Ikee.B or "Duh", this worm searches for personal and banking information.

Recommended for you

Hit 'Just Dance' game goes mobile Sept. 25

8 hours ago

Smartphone lovers will get to show off moves almost anywhere with the Sept. 25 release of a free "Just Dance Now" game tuned for mobile Internet lifestyles.

Indie game developers sprouting at Tokyo Game Show

10 hours ago

Nestled among the industry giants at the Tokyo Game Show Thursday are a growing number of small and independent games developers from Asia and Europe, all hoping they are sitting on the next Minecraft.

Review: Ambitious 'Destiny' lacks imagination

11 hours ago

Midway through "Destiny," the new science fiction epic from "Halo" creators Bungie, a smug prince is musing on the hero's desire to visit a mysterious site on Mars.

User comments : 4

Adjust slider to filter visible comments by rank

Display comments: newest first

El_Nose
3 / 5 (1) Apr 01, 2010
it would so suck if your friends at a bar tried to access your iPhone and then you were drunk and entered the password wrong and cleared the memory... with my friends I could so see that happening
infogulch
not rated yet Apr 01, 2010
This article starts off acting neutral and unbiased but it ends up being no better than Microsoft IE's recent hypocritical bash against chrome.

Of course the author overlooked that the app store reviewers have been *known* to overlook *major* security problems within some apps, and that the app store isn't the rainbows and butterflies it's made out to be.

What the "capabilities" model does is put the judgement into the users hands as to whether they would want a particular app to have a certain ability instead of the hand-holding and babysitting Apple forces on it's users and developers.

And no matter *what* OS it is, iPhone, Android, or even a desktop OS like Windows, Linux or OSX, a user only installs a shady application at their own risk. The "capabilities" model just gives the user the information needed to make a sound decision.
vkelman
not rated yet Apr 02, 2010
"The iPhone ...can erase all data on your phone."

For Android phone this capability just isn't bundled with OS. However, there are several security applications which can do it.
Amymartin
not rated yet Apr 02, 2010
I don't know about you, but my Nokia e63 mobile is a champ. Even their mobile online support is great. I'll take my Nokia over an iPhone any day. As many blogs on http://www.dozenmobile.com say, there's a wealth of cool new phones out there. But if I want to change phone companies, no jailbreaking here, I just have to change the sim. Take that apple!!