Smartphones are big business, prompting fierce competition between providers. One major concern for consumers is whether a smartphone will keep their private data safe from malicious programs. To date, however, little independent research has been undertaken to compare security across different platforms.
Now, Jin Han and co-workers at the A*STAR Institute for Infocomm Research and Singapore Management University have conducted the first systematic comparison of the two biggest operating systems in mobile software1 — Apple’s iOS and Google’s Android. The two companies take markedly different approaches to security.
Apple famously maintains complete control over iOS security, promising that all applications are thoroughly screened before release and security patches are smoothly applied across all their phones. However, malicious software has appeared in the iTunes store.
Android, in contrast, displays everything that an application will need to access so that users can decide themselves whether to go ahead with an installation. Some critics argue that handing such control to unqualified users could present a security risk in itself.
To compare these two security models, Han and co-workers identified 1,300 popular applications that work identically on both iOS and Android. These applications, such as Facebook, often access code libraries on smartphones called security-sensitive application programing interfaces (SS-APIs), which provide private user data or grant control over devices such as the camera.
“We needed to establish a fair baseline for the security comparison between Android and iOS,” says Han. “We achieved this goal by examining the SS-API usage of cross-platform applications.”
The researchers found that 73% of iOS applications, especially advertising and analytical code, consistently accessed more SS-APIs than their counterparts on Android. Additionally, the SS-APIs invoked by iOS tended to be those providing access to sensitive resources such as user contacts.
The results imply that by allowing users to control permissions, Android may be better at preventing stealthy applications from getting hold of private information. Notably, Android also intentionally avoids using SS-APIs if non-security-sensitive APIs can be used to achieve the same functions.
To avoid jumping to conclusions about the risk to Apple users from the iOS process, Han urges caution in interpreting the results. “Mobile platforms are constantly evolving,” he says. “Our experiments were mainly conducted on iOS 5, but iOS 6 has enhanced its privacy protection so that users will be notified when an app is trying to access their contacts, calendar, photos or reminders. This may encourage developers to modify their apps so that they access less private data.”
The A*STAR-affiliated researchers contributing to this research are from the Institute for Infocomm Research
Han, J., Yan, Q., Gao, D., Zhou, J. & Deng, R. Comparing mobile privacy protection through cross-platform applications. The 20th Annual Network & Distributed System Security Symposium, 26 February 2013.
WAKE-UP provides new treatment option for stroke patients | International study led by UKE
17.05.2018 | Universitätsklinikum Hamburg-Eppendorf
First form of therapy for childhood dementia CLN2 developed
25.04.2018 | Universitätsklinikum Hamburg-Eppendorf
So-called quantum many-body scars allow quantum systems to stay out of equilibrium much longer, explaining experiment | Study published in Nature Physics
Recently, researchers from Harvard and MIT succeeded in trapping a record 53 atoms and individually controlling their quantum state, realizing what is called a...
The historic first detection of gravitational waves from colliding black holes far outside our galaxy opened a new window to understanding the universe. A...
A team led by Austrian experimental physicist Rainer Blatt has succeeded in characterizing the quantum entanglement of two spatially separated atoms by observing their light emission. This fundamental demonstration could lead to the development of highly sensitive optical gradiometers for the precise measurement of the gravitational field or the earth's magnetic field.
The age of quantum technology has long been heralded. Decades of research into the quantum world have led to the development of methods that make it possible...
Cardiovascular tissue engineering aims to treat heart disease with prostheses that grow and regenerate. Now, researchers from the University of Zurich, the Technical University Eindhoven and the Charité Berlin have successfully implanted regenerative heart valves, designed with the aid of computer simulations, into sheep for the first time.
Producing living tissue or organs based on human cells is one of the main research fields in regenerative medicine. Tissue engineering, which involves growing...
A team of scientists of the Max Planck Institute for the Structure and Dynamics of Matter (MPSD) at the Center for Free-Electron Laser Science in Hamburg investigated optically-induced superconductivity in the alkali-doped fulleride K3C60under high external pressures. This study allowed, on one hand, to uniquely assess the nature of the transient state as a superconducting phase. In addition, it unveiled the possibility to induce superconductivity in K3C60 at temperatures far above the -170 degrees Celsius hypothesized previously, and rather all the way to room temperature. The paper by Cantaluppi et al has been published in Nature Physics.
Unlike ordinary metals, superconductors have the unique capability of transporting electrical currents without any loss. Nowadays, their technological...
02.05.2018 | Event News
13.04.2018 | Event News
12.04.2018 | Event News
18.05.2018 | Power and Electrical Engineering
18.05.2018 | Information Technology
18.05.2018 | Information Technology