Security Architecture, Endpoint/Device Security, Endpoint/Device Security, Endpoint/Device Security, Endpoint/Device Security, Endpoint/Device Security

Study finds iOS apps to be riskier than Android

Security concerns surrounding the Android platform have always taken a back seat to that of iOS, but a new study challenges that notion.

According to a report published by mobile application analyst Appthority, iOS apps pose greater risks and privacy issues to users than Android.

The bi-annual “App Reputation Report” analyzed the top 50 free apps on both platforms and examined the differences in behavior that affects user privacy. The study focused on free apps because they commonly collect more user data which is then shared with third-parties, a method used by developers to generate revenue.

The research team behind the study utilized Appthority's cloud-based platform to examine “risky” app behaviors that include sending data without encryption, sharing information with third-parties, and gaining access to users' calendars, the report said.

In nearly all of the categories, iOS apps proved to access the most information. Of the 50 apps examined on each platform, 100 percent sent and received unencrypted data on iOS compared to 92 percent on Android. Sixty percent of apps tracked user location on iOS, compared to 42 percent on Android, and 60 percent of the iOS apps shared user data with third parties, as opposed to 50 percent running on the Android platform.

However, the most alarming figure was that 54 percent of iOS apps accessed user contact lists on iOS, as compared to 20 percent on Android, Domingo Guerra, founder and president of Appthority, said.

“In a BYOD environment, the corporate address books are a big thing,” Guerra said on a call Tuesday with SCMagazine.com. “There's a lot of data that could be proprietary to a company that could be obtained.”

Although Android is known its malware issues, from a privacy angle, its “all or nothing” download model could prove to be beneficial for users, Guerra said. Before downloading an app, users are notified what content on the device the app would like to access, the user then has the choice to download or not. This differs on iOS, as permissions can be edited once the app is downloaded. 

Many of the top 50 applications examined on the iOS platform were the same as those on the Android platform, though they didn't share the same permissions, Guerra said. He believes iOS apps access more information, because ad networks pay developers more for the data.

“[iOS] users are known to spend more money,” Guerra said. “They're more of a premium.”

As the bring-your-own-device (BYOD) phenomenon continues to gain momentum in the enterprise, the results of the study may be alarming. Guerra said that organizations looking to adopt a (BYOD) environment should take note of the “surprising” findings. He said the findings may answer the question of why developers ask for so much information from consumers.

“If the permissions don't correlate between the platforms then it's not a function, it's a matter of targeting a specific user base," he said.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.