Smartphones are big business, prompting fierce competition between providers. One major concern for consumers is whether a smartphone will keep their private data safe from malicious programs. To date, however, little independent research has been undertaken to compare security across different platforms.
Now, Jin Han and co-workers at the A*STAR Institute for Infocomm Research and Singapore Management University have conducted the first systematic comparison of the two biggest operating systems in mobile software1 — Apple’s iOS and Google’s Android. The two companies take markedly different approaches to security.
Apple famously maintains complete control over iOS security, promising that all applications are thoroughly screened before release and security patches are smoothly applied across all their phones. However, malicious software has appeared in the iTunes store.
Android, in contrast, displays everything that an application will need to access so that users can decide themselves whether to go ahead with an installation. Some critics argue that handing such control to unqualified users could present a security risk in itself.
To compare these two security models, Han and co-workers identified 1,300 popular applications that work identically on both iOS and Android. These applications, such as Facebook, often access code libraries on smartphones called security-sensitive application programing interfaces (SS-APIs), which provide private user data or grant control over devices such as the camera.
“We needed to establish a fair baseline for the security comparison between Android and iOS,” says Han. “We achieved this goal by examining the SS-API usage of cross-platform applications.”
The researchers found that 73% of iOS applications, especially advertising and analytical code, consistently accessed more SS-APIs than their counterparts on Android. Additionally, the SS-APIs invoked by iOS tended to be those providing access to sensitive resources such as user contacts.
The results imply that by allowing users to control permissions, Android may be better at preventing stealthy applications from getting hold of private information. Notably, Android also intentionally avoids using SS-APIs if non-security-sensitive APIs can be used to achieve the same functions.
To avoid jumping to conclusions about the risk to Apple users from the iOS process, Han urges caution in interpreting the results. “Mobile platforms are constantly evolving,” he says. “Our experiments were mainly conducted on iOS 5, but iOS 6 has enhanced its privacy protection so that users will be notified when an app is trying to access their contacts, calendar, photos or reminders. This may encourage developers to modify their apps so that they access less private data.”
The A*STAR-affiliated researchers contributing to this research are from the Institute for Infocomm Research
Han, J., Yan, Q., Gao, D., Zhou, J. & Deng, R. Comparing mobile privacy protection through cross-platform applications. The 20th Annual Network & Distributed System Security Symposium, 26 February 2013.
Self-organising system enables motile cells to form complex search pattern
07.05.2019 | Westfälische Wilhelms-Universität Münster
Mouse studies show minimally invasive route can accurately administer drugs to brain
02.05.2019 | Johns Hopkins Medicine
Physicists at the University of Basel are able to show for the first time how a single electron looks in an artificial atom. A newly developed method enables them to show the probability of an electron being present in a space. This allows improved control of electron spins, which could serve as the smallest information unit in a future quantum computer. The experiments were published in Physical Review Letters and the related theory in Physical Review B.
The spin of an electron is a promising candidate for use as the smallest information unit (qubit) of a quantum computer. Controlling and switching this spin or...
Engineers at the University of Tokyo continually pioneer new ways to improve battery technology. Professor Atsuo Yamada and his team recently developed a...
With a quantum coprocessor in the cloud, physicists from Innsbruck, Austria, open the door to the simulation of previously unsolvable problems in chemistry, materials research or high-energy physics. The research groups led by Rainer Blatt and Peter Zoller report in the journal Nature how they simulated particle physics phenomena on 20 quantum bits and how the quantum simulator self-verified the result for the first time.
Many scientists are currently working on investigating how quantum advantage can be exploited on hardware already available today. Three years ago, physicists...
'Quantum technologies' utilise the unique phenomena of quantum superposition and entanglement to encode and process information, with potentially profound benefits to a wide range of information technologies from communications to sensing and computing.
However a major challenge in developing these technologies is that the quantum phenomena are very fragile, and only a handful of physical systems have been...
Working group led by physicist Professor Ulrich Nowak at the University of Konstanz, in collaboration with a team of physicists from Johannes Gutenberg University Mainz, demonstrates how skyrmions can be used for the computer concepts of the future
When it comes to performing a calculation destined to arrive at an exact result, humans are hopelessly inferior to the computer. In other areas, humans are...
29.04.2019 | Event News
17.04.2019 | Event News
15.04.2019 | Event News
23.05.2019 | Materials Sciences
23.05.2019 | Materials Sciences
23.05.2019 | Physics and Astronomy