Smartphones are big business, prompting fierce competition between providers. One major concern for consumers is whether a smartphone will keep their private data safe from malicious programs. To date, however, little independent research has been undertaken to compare security across different platforms.
Now, Jin Han and co-workers at the A*STAR Institute for Infocomm Research and Singapore Management University have conducted the first systematic comparison of the two biggest operating systems in mobile software1 — Apple’s iOS and Google’s Android. The two companies take markedly different approaches to security.
Apple famously maintains complete control over iOS security, promising that all applications are thoroughly screened before release and security patches are smoothly applied across all their phones. However, malicious software has appeared in the iTunes store.
Android, in contrast, displays everything that an application will need to access so that users can decide themselves whether to go ahead with an installation. Some critics argue that handing such control to unqualified users could present a security risk in itself.
To compare these two security models, Han and co-workers identified 1,300 popular applications that work identically on both iOS and Android. These applications, such as Facebook, often access code libraries on smartphones called security-sensitive application programing interfaces (SS-APIs), which provide private user data or grant control over devices such as the camera.
“We needed to establish a fair baseline for the security comparison between Android and iOS,” says Han. “We achieved this goal by examining the SS-API usage of cross-platform applications.”
The researchers found that 73% of iOS applications, especially advertising and analytical code, consistently accessed more SS-APIs than their counterparts on Android. Additionally, the SS-APIs invoked by iOS tended to be those providing access to sensitive resources such as user contacts.
The results imply that by allowing users to control permissions, Android may be better at preventing stealthy applications from getting hold of private information. Notably, Android also intentionally avoids using SS-APIs if non-security-sensitive APIs can be used to achieve the same functions.
To avoid jumping to conclusions about the risk to Apple users from the iOS process, Han urges caution in interpreting the results. “Mobile platforms are constantly evolving,” he says. “Our experiments were mainly conducted on iOS 5, but iOS 6 has enhanced its privacy protection so that users will be notified when an app is trying to access their contacts, calendar, photos or reminders. This may encourage developers to modify their apps so that they access less private data.”
The A*STAR-affiliated researchers contributing to this research are from the Institute for Infocomm Research
Han, J., Yan, Q., Gao, D., Zhou, J. & Deng, R. Comparing mobile privacy protection through cross-platform applications. The 20th Annual Network & Distributed System Security Symposium, 26 February 2013.
Europe’s Demographic Future. Where the Regions Are Heading after a Decade of Crises
10.08.2017 | Berlin-Institut für Bevölkerung und Entwicklung
Scientists reveal source of human heartbeat in 3-D
07.08.2017 | University of Manchester
Physicists at the University of Bonn have managed to create optical hollows and more complex patterns into which the light of a Bose-Einstein condensate flows. The creation of such highly low-loss structures for light is a prerequisite for complex light circuits, such as for quantum information processing for a new generation of computers. The researchers are now presenting their results in the journal Nature Photonics.
Light particles (photons) occur as tiny, indivisible portions. Many thousands of these light portions can be merged to form a single super-photon if they are...
For the first time, scientists have shown that circular RNA is linked to brain function. When a RNA molecule called Cdr1as was deleted from the genome of mice, the animals had problems filtering out unnecessary information – like patients suffering from neuropsychiatric disorders.
While hundreds of circular RNAs (circRNAs) are abundant in mammalian brains, one big question has remained unanswered: What are they actually good for? In the...
An experimental small satellite has successfully collected and delivered data on a key measurement for predicting changes in Earth's climate.
The Radiometer Assessment using Vertically Aligned Nanotubes (RAVAN) CubeSat was launched into low-Earth orbit on Nov. 11, 2016, in order to test new...
A study led by scientists of the Max Planck Institute for the Structure and Dynamics of Matter (MPSD) at the Center for Free-Electron Laser Science in Hamburg presents evidence of the coexistence of superconductivity and “charge-density-waves” in compounds of the poorly-studied family of bismuthates. This observation opens up new perspectives for a deeper understanding of the phenomenon of high-temperature superconductivity, a topic which is at the core of condensed matter research since more than 30 years. The paper by Nicoletti et al has been published in the PNAS.
Since the beginning of the 20th century, superconductivity had been observed in some metals at temperatures only a few degrees above the absolute zero (minus...
Researchers from the University of Miami (UM) Rosenstiel School of Marine and Atmospheric Science, the Italian Space Agency (ASI), and the Instituto Geofisico--Escuela Politecnica Nacional (IGEPN) of Ecuador, showed an increasing volcanic danger on Cotopaxi in Ecuador using a powerful technique known as Interferometric Synthetic Aperture Radar (InSAR).
The Andes region in which Cotopaxi volcano is located is known to contain some of the world's most serious volcanic hazard. A mid- to large-size eruption has...
16.08.2017 | Event News
04.08.2017 | Event News
26.07.2017 | Event News
16.08.2017 | Physics and Astronomy
16.08.2017 | Materials Sciences
16.08.2017 | Interdisciplinary Research