Capabilities can’t protect users from this kind of attack because the rogue application asked for the same privileges that a legitimate application would–that is, the ability to accept a person’s username and password and to communicate that information over the Internet with a remote server.
Another problem with the capability-based system is that it requires users to think carefully about security. Many users are unable to properly evaluate the risks of the software that they want to download and run–even when they suspect that the software might be malicious.
There are other important security differences between the iPhone and Android-based phones. Both can be set to automatically lock after a period of inactivity and require a passcode before they can be used again. But the iPhone can be set up to erase all of the data that it contains after 10 failed passcode attempts. The iPhone also supports remote wipe. Google’s Android has neither of these features, making the system fundamentally less secure. (A third-party application called Wave Secure offers some of these features, but I’ve found them to be poorly integrated with the Android system.)
Another important iPhone security advantage is a user-settable delay for the lock code. If you set an “unlock pattern” with an Android phone, you need to provide that pattern every time you turn on the phone’s screen. With the iPhone, you can set a delay so that the unlock code does not need to be entered if the phone has only been asleep for one minute, five minutes, 15 minutes, one hour, or four hours. The shorter the time period, the more secure your data, of course. But being able to set the delay for five minutes or even 15 minutes makes it far less onerous to actually use this feature. With my Android phone, I am constantly entering the unlock code, even at the end of a one-minute phone call. It’s so annoying that I am seriously considering turning it off.
I wish that the iPhone had Android’s capabilities-based security architecture, because that extra layer of protection provides important security guarantees. But even without it, the iPhone’s range of security features make it a better choice for people who need to keep sensitive information on their phone. That said, I’m hopeful that Google will make big improvements with the next release of the Android operating system.