Select your localized edition:

Close ×

More Ways to Connect

Discover one of our 28 local entrepreneurial communities »

Be the first to know as we launch in new countries and markets around the globe.

Interested in bringing MIT Technology Review to your local market?

MIT Technology ReviewMIT Technology Review - logo


Unsupported browser: Your browser does not meet modern web standards. See how it scores »

{ action.text }

Capabilities can’t protect users from this kind of attack because the rogue application asked for the same privileges that a legitimate application would–that is, the ability to accept a person’s username and password and to communicate that information over the Internet with a remote server.

Another problem with the capability-based system is that it requires users to think carefully about security. Many users are unable to properly evaluate the risks of the software that they want to download and run–even when they suspect that the software might be malicious.

There are other important security differences between the iPhone and Android-based phones. Both can be set to automatically lock after a period of inactivity and require a passcode before they can be used again. But the iPhone can be set up to erase all of the data that it contains after 10 failed passcode attempts. The iPhone also supports remote wipe. Google’s Android has neither of these features, making the system fundamentally less secure. (A third-party application called Wave Secure offers some of these features, but I’ve found them to be poorly integrated with the Android system.)

Another important iPhone security advantage is a user-settable delay for the lock code. If you set an “unlock pattern” with an Android phone, you need to provide that pattern every time you turn on the phone’s screen. With the iPhone, you can set a delay so that the unlock code does not need to be entered if the phone has only been asleep for one minute, five minutes, 15 minutes, one hour, or four hours. The shorter the time period, the more secure your data, of course. But being able to set the delay for five minutes or even 15 minutes makes it far less onerous to actually use this feature. With my Android phone, I am constantly entering the unlock code, even at the end of a one-minute phone call. It’s so annoying that I am seriously considering turning it off.

I wish that the iPhone had Android’s capabilities-based security architecture, because that extra layer of protection provides important security guarantees. But even without it, the iPhone’s range of security features make it a better choice for people who need to keep sensitive information on their phone. That said, I’m hopeful that Google will make big improvements with the next release of the Android operating system.

7 comments. Share your thoughts »

Credit: Technology Review

Tagged: Computing, Communications, security, iPhone, Android, mobile devices, cell phones, cell phone security

Reprints and Permissions | Send feedback to the editor

From the Archives


Introducing MIT Technology Review Insider.

Already a Magazine subscriber?

You're automatically an Insider. It's easy to activate or upgrade your account.

Activate Your Account

Become an Insider

It's the new way to subscribe. Get even more of the tech news, research, and discoveries you crave.

Sign Up

Learn More

Find out why MIT Technology Review Insider is for you and explore your options.

Show Me