Smartphones are big business, prompting fierce competition between providers. One major concern for consumers is whether a smartphone will keep their private data safe from malicious programs. To date, however, little independent research has been undertaken to compare security across different platforms.
Now, Jin Han and co-workers at the A*STAR Institute for Infocomm Research and Singapore Management University have conducted the first systematic comparison of the two biggest operating systems in mobile software1 — Apple’s iOS and Google’s Android. The two companies take markedly different approaches to security.
Apple famously maintains complete control over iOS security, promising that all applications are thoroughly screened before release and security patches are smoothly applied across all their phones. However, malicious software has appeared in the iTunes store.
Android, in contrast, displays everything that an application will need to access so that users can decide themselves whether to go ahead with an installation. Some critics argue that handing such control to unqualified users could present a security risk in itself.
To compare these two security models, Han and co-workers identified 1,300 popular applications that work identically on both iOS and Android. These applications, such as Facebook, often access code libraries on smartphones called security-sensitive application programing interfaces (SS-APIs), which provide private user data or grant control over devices such as the camera.
“We needed to establish a fair baseline for the security comparison between Android and iOS,” says Han. “We achieved this goal by examining the SS-API usage of cross-platform applications.”
The researchers found that 73% of iOS applications, especially advertising and analytical code, consistently accessed more SS-APIs than their counterparts on Android. Additionally, the SS-APIs invoked by iOS tended to be those providing access to sensitive resources such as user contacts.
The results imply that by allowing users to control permissions, Android may be better at preventing stealthy applications from getting hold of private information. Notably, Android also intentionally avoids using SS-APIs if non-security-sensitive APIs can be used to achieve the same functions.
To avoid jumping to conclusions about the risk to Apple users from the iOS process, Han urges caution in interpreting the results. “Mobile platforms are constantly evolving,” he says. “Our experiments were mainly conducted on iOS 5, but iOS 6 has enhanced its privacy protection so that users will be notified when an app is trying to access their contacts, calendar, photos or reminders. This may encourage developers to modify their apps so that they access less private data.”
The A*STAR-affiliated researchers contributing to this research are from the Institute for Infocomm Research
Han, J., Yan, Q., Gao, D., Zhou, J. & Deng, R. Comparing mobile privacy protection through cross-platform applications. The 20th Annual Network & Distributed System Security Symposium, 26 February 2013.
Further Reports about: Android-SDK > Apple iPhone > Apple’s iOS > Google’s Android > operating system > private data > security-sensitive application programing interfaces > smartphone applications > SS-API
More articles from Studies and Analyses:
Development near Oregon, Washington public forests
04.12.2013 | USDA Forest Service - Pacific Northwest Research Station
Mammography screening intervals may affect breast cancer prognosis
04.12.2013 | Radiological Society of North America
Quantum entanglement, a perplexing phenomenon of quantum mechanics that Albert Einstein once referred to as “spooky action at a distance,” could be even spookier than Einstein perceived.
Physicists at the University of Washington and Stony Brook University in New York believe the phenomenon might be intrinsically linked with wormholes, hypothetical features of space-time that in popular science fiction can provide a much-faster-than-light shortcut from one part of the universe to another.
But here’s the catch: One couldn’t actually ...
A star is formed when a large cloud of gas and dust condenses and eventually becomes so dense that it collapses into a ball of gas, where the pressure heats the matter, creating a glowing gas ball – a star is born.
New research from the Niels Bohr Institute, among others, shows that a young, newly formed star in the Milky Way had such an explosive growth, that it was initially about 100 times brighter than it is now. The results are published in the scientific journal, Astrophysical Journal Letters.
The young ...
EPFL scientists have shown how to achieve a dramatic increase in the capacity of optical fibers; Their simple, innovative solution reduces the amount of space required between the pulses of light that transport data
Optical fibers carry data in the form of pulses of light over distances of thousands of miles at amazing speeds. They are one of the glories of modern telecommunications technology.
However, their capacity is limited, because the pulses of light need to be lined up one after the other in ...
NASA's Hurricane and Severe Storms Sentinel airborne mission known as HS3 wrapped up for the 2013 Atlantic Ocean hurricane season at the end of September, and had several highlights. HS3 will return to NASA’s Wallops Flight Facility in Wallops Island, Va., for the 2014 Atlantic hurricane season.
During the 2013 mission, two unmanned Global Hawks flew from Wallops for the first time. The mission highlights included studying the Saharan Air Layer, following the genesis of a tropical storm, finding a unique hybrid core or center circulation in a redeveloped storm, obtaining measurements on the strongest side of ...
Nanosponges that soak up a dangerous pore-forming toxin produced by MRSA (methicillin-resistant Staphylococcus aureus) could serve as a safe and effective vaccine against this toxin.
This "nanosponge vaccine" enabled the immune systems of mice to block the adverse effects of the alpha-haemolysin toxin from MRSA—both within the bloodstream and on the skin. Nanoengineers from the University of California, San Diego described the safety and efficacy of this nanosponge vaccine in the December 1 issue of ...
04.12.2013 | Health and Medicine
04.12.2013 | Materials Sciences
04.12.2013 | Ecology, The Environment and Conservation
04.12.2013 | Event News
12.11.2013 | Event News
29.10.2013 | Event News