/ Technology

Is your data safer with Android or Apple?

HTC Android next to iPhone 4

Most tech journalists are excitedly reporting that Android phones share your private data without your knowledge, while their iPhones are secure. But the study that’s been used to support this might point to the opposite.

A number of articles have referenced research by Intel Labs, Penn State and Duke University, to show that Google’s Android phones fail to tell us what’s done with our personal data.

The researchers have created an Android application to detect how other apps use your private data, such as your phone book, phone number and even your location. But although some apps do share data, it appears that some of the reports may have missed the thrust of this research.

Is Android open model safer?

The researchers are in fact launching their own app (called TaintDroid) that lets a user detect where their data is going. Perhaps I’m reading between the lines, but the paper itself seems quite enthusiastic about Android. It’s open enough for them to create the app, which in turn could mean that it’s a more secure model than Apple’s.

Whether or not I’m over-interpreting what other articles are driving at, I personally think that an open model is safer than a closed one and is more likely to protect your data.

The mantra of open source is that ‘many eyes make all bugs shallow’. In my view the same applies to privacy: many eyes make naughty apps pariahs. It’s been shown time and again that blindly trusting the vendor with your data simply isn’t a good idea.

Keep an eye on your apps

Whenever you download an app from the Android Marketplace, as with Apple’s App Store, it tells you what functions it wants to have access to, such as location data, full internet access, your camera.

Although this isn’t perfect – apps that share your data innocently could also do so for nefarious reasons – it isn’t clear that something more complicated would help us make an informed decision.

It’s not as simple as saying it’s your own damn fault if you install an app that told you it would share data. Instead, it’s better to be forewarned. So functionality like TaintDroid which lets us check up on what apps are doing with our data, helps us keep them honest.

And I’m not sure if this would be possible on the iPhone, as I don’t think such an app would make it through the App Store approval process over which Apple wields total control.

I agree it’s bad that some apps share data in ways that you might not want. But I don’t think it makes sense to rush away from an ecosystem (Android) where you can find out which apps share data (and avoid them), to one where it’s unlikely you’ll ever find out. And ultimately one where you currently just have to trust Apple to protect you.

Comments
Profile photo of Al Warman
Member

Having read both this post and the BBC article my conclusion is that there is currently no such thing as a safe app store. I can either put my trust in Apple or in the Android community, and I don’t particularly want to do either!

As an Android Market user I’m shocked to learn that 15 of the 30 apps tested with TaintDroid were sending users’ location information to advertisers without their knowledge. Is this the price we must pay for free apps?

As for Google’s plea that they ‘consistently advise users to only install apps they trust’ – it seems to me that it’s utterly impossible for users to work out, prior to installation, which, if any, apps they can trust.

As one contributor says on the Modaco Android forums: “I might well trust Google to truly ‘do no evil’ – but I don’t like having to extend that trust to every App developer.”

Profile photo of Ben Ross
Member

My point is that you don’t have to extend that trust to every app developer – now you can check up on them, and see how they’re using the functions you’ve allowed them to.

More importantly, someone else will check up on them, and we’ll see that apps which play nice are rightly lauded for this, whereas apps that don’t are shunned. Contrast this with the situation with Apple where – for all we know – every single app that you’ve given full internet access and use of your geo-data could be sharing it with the world and you’d never know it!

Profile photo of Rob Reid
Member

“I agree it’s bad that some apps share data in ways that you might not want”.

I think you entirely miss the point. It is not just that they are sharing data in a way you may not want, it is that they are doing this without your prior consent.

Profile photo of Ben Ross
Member

Hi Rob,

But that doesn’t seem to be the case. In every example people have consented to allow the specific app to share data, location, make use of the camera, etc.. They may not realise that the app writer wants to share this data with, say, advertisers, but it seem to me that a blanket consent has been given. The Android Market is sensible enough to require that level of consent, and tells you which of these functions each app wants to use in bold, red letters.

The point being that with apps such as TaintDroid we now know how apps are using your data, and that simply isn’t possible with an iPhone. When you download an app from Apple’s App Store, it ask for just the same broad agreement to use various functions, but in the case of iPhones there’s no way at all to find out how this consent has been used.

I know which system seems safer to me, and which – in the long run – will end up with apps you can trust, versus the one that requires you simply to trust Apple.

Profile photo of Rob Reid
Member

Hi Ben,

The fact that users may not realise that the app writer is sharing data with third parties is the problem I have here. Implied consent is not enough. The app developer should obtain fully informed and specific consent from users allowing the developer to share their data.

In addition, it should not be the consumers’ responsibility to download an application to find out when data is being shared. The fact that an app exists on the Android Market to allow consumers to do this does not make it safer or better, just slightly more transparent if you are informed enough and engaged enough to download and use an app to follow what your other apps are up to.

The fact is that app developers sharing data with third parties without gaining prior consent to do so is an invasion of privacy and that this is true irrespective of the ‘ecosystem’.

Profile photo of wavechange
Member

Is your data safer with Android or Apple?

I suspect that this could be a trick question.

Member

2 nights ago 2 sums of money was taken from my bank account, amounting to £1600. Apparently, a call divert was put on my iphone6 plus. The fraudsters contacted my bank for forgotten bank details. The bank contacted them on my number….which obviously did not come through to me. They then changed my login details ….good job I was switched on the next day. At the time they were in contact with the bank…I was actually on my phone playing around…and also….when I went to settings-phone-call divert there was a different phone number in there. I have now put a code in my phone to prevent any call diverts.