Which is More Secure—Android or iPhone?

Mobile security is, without a doubt, an area of concern for insurance CIOs, especially as smartphone use increases among not only executives but field employees and insurance agents as well.

Mobile security company, Lookout, recognizes the security concerns for all smartphone users, and has developed the App Genome Project, an ongoing effort to map and study mobile applications in order to identify security threats in the wild, and provide insight into how applications are tapping into personal data and accessing other phone resources.

The App Genome Project has already scanned nearly 300,000 free applications available in both the Android Market and iPhone App Store, and fully mapped nearly 100,000. Early findings show differences in the sensitive data that is typically accessed by Android and iPhone applications and a proliferation of third-party code in applications across both platforms.

While there aren’t that many vendor-provided smartphone applications out there right now for insurance, Chad Hersh, a principal at New York-based Novarica, previously told INN, insurers have embraced the apps world for their customers.

Nationwide Mutual released a mobile application that assists iPhone users after an auto accident. And Progressive has released a number of apps for smartphones, using the Google Android operating system and for the iPhone.

Results from Lookout’s App Genome Project found that applications on Android are generally less likely than applications on iPhone to be capable of accessing a person’s contact list or retrieving their location, with 29% of free applications on Android having the ability to access a user’s location, compared with 33% of free applications on iPhone. Additionally, nearly twice as many free applications have the capability to access people’s contact data on iPhone (14%) as compared to Android (8%).

“The App Genome Project is an important step in securing our mobile phones against threats,” says John Hering, CEO of Lookout. “With a real-time database, we can quickly identify threats in the wild and swiftly move to protect consumers. Early results point to the need for developers to be more aggressive about protecting consumers’ personal information, including what information is accessed, what is sent off the phone and how it is stored.”

The project also found that a large proportion of applications contain third-party code with the capability to interact with sensitive data in a way that may not be apparent to users or developers. This third-party code is generally for advertising or analytics. The project found that 47% of free Android applications included this third-party code, while that number is just 23% on iPhone. Third-party code is difficult to globally update and creates potential cross-platform vulnerability.

“The ability for applications to easily access personal data has opened up a world of possibilities for mobile applications, but also places a greater burden of responsibility on both developers and users,” says Kevin Mahaffey, CTO of Lookout and co-author of the study. “As we continue building the App Genome Project, we’re committed to providing the insight about mobile applications necessary to keep phones and sensitive information safe.”