Apple’s iPhones have a reputation for being far more secure than their Android counterparts, and a researcher has just shown what a stark difference there is between the two. However, while iOS scored an apparent victory, it didn’t come up smelling entirely of roses.
Ernestas Naprys, a journalist at Cybernews, an online publication that identifies and reports on cybersecurity threats and vulnerabilities, conducted an experiment by installing the top 100 apps in the German App Store on a fresh iPhone and a fresh Android phone. He then left the devices idle, and noted how often they contacted foreign servers, as well as where those servers were located.
Naprys left the Apple phone idle for five days and “traced every outgoing connection the iPhone made to external servers.” Interestingly, it sent out an average of 3,308 queries a day, compared to 2,323 a day for Android.
But if you think that makes Android a better bet for your privacy, think again. Although it sent out more requests, the iPhone was far more judicious when it came where those requests were sent. In fact, 60% of the iOS requests went to Apple, accounting for a huge portion of that outgoing traffic. On Android, only 24% of requests went to Google, with most going to third-party apps.
For instance, while iOS contacted a Russian server on average once per day, the Android device did so 13 times as often, for a total of 39 times over three days. And when it came to China, the iPhone never contacted any servers in the country, despite having numerous Chinese apps installed. The Android phone, in contrast, pinged Chinese servers an average of five times a day.
Apple’s device also performed better when it came to services that are known to take a questionable approach to user privacy. The iPhone contacted Facebook servers an average of 20 times a day, for example, compared to almost 200 times a day for Android. TikTok was contacted 36 times in total on iOS – and even then, it reached a ByteDance server that wasn't located in China – while the Android device pinged TikTok nearly 800 times.
What does all this mean?
If an app is contacting a server located in a country like Russia or China, that could mean your data is accessible to authorities of other bodies in those nations. Once the data has landed in another country, it can potentially come under the purview of that state.
Naprys suggested there could be several reasons for the differences in how loose-lipped iOS and Android are. For one thing, “Not a single app on the Apple App Store could be considered as blatant adware,” Naprys explained. “All the apps on the App Store represented big platforms behind them and were more useful than ad-powered flashlights, prank generators, or dubious PDF viewers on Google Play.”
As well as that, “this may also be due to stricter Apple policies for developers in its closed ecosystem regarding privacy in general.” Apple has many policies in place to limit what data developers can access, and has voiced concern that opening up its ecosystem could be a disaster for security.
So, while neither iOS nor Android got a perfect score, it’s clear that an iPhone will send out fewer requests to questionable places than an Android device. If you care about your privacy, it’s worth taking note.