Researcher answers the age-old question: which platform is more secure, iOS or Android?

An experiment conducted by Cybernews journalist Ernestas Naprys (via TechRadar) was done to see which platform is more secure, iOS or Android. Cybernews writes about cybersecurity issues and Naprys installed the top 100 apps from the German App Store and Play Store on a factory reset iPhone SE and a factory reset Android phone respectively. He then left the phones idle while he checked to see how often they contacted foreign servers and where those servers were located.

During the five days that the iPhone was left alone, Naprys said that he "traced every outgoing connection the iPhone made to external servers." He computed that Apple's handset sent out on average 3,308 queries per day compared to the 2,323 daily queries that were sent out on average for the Android handset over the three days it was left idle. But if you're pulling for Android in this two-horse race and think that it is a winner, you are premature. Cybernews said, "Compared to the experiment with Android, the iPhone's query numbers for unfriendly countries are low."

It turns out that 60% of the outgoing requests made by the iPhone were sent to Apple as part of standard operating procedures. Only 24% of the requests made by the Android phone were sent to Google with the rest sent to third-party apps. For example, while the iPhone contacted a Russian server belonging to  Chinese tech company Alibaba once a day on average, the Android device pinged a server in Russia 13 times as often pushing out 39 queries over a three-day period. And while the iPhone did not ping one server in China, the Android phone contacted a Chinese server five times per day on average.

The iPhone also contacted social media servers far less often than the Android phone did. The iPhone contacted Facebook servers 20 times a day on average compared to 200 times a day on average for the Android device. The iPhone contacted TikTok 36 times in total and the ByteDance server it reached was not located in China. The Android phone contacted TikTok close to 800 times. Snapchat was the only social media site that was different; Android barely contacted  the Snapchat server while the iPhone had more than 100 queries per day.

Interestingly, on the days that the iPhone was idle, Snapchat, Gmail, and OneDrive used the most battery life at 38%, 34%, and 11% respectively. On some days, Snapchat was active in the background for more than one hour.

The scary thing is that if your phone contacts a server in Russia or China, your data could be accessible to agencies in those countries. Naprys has a theory on the big difference between apps on iOS and Android contacting foreign servers. "Not a single app on the Apple App Store could be considered as blatant adware. All the apps on the App Store represented big platforms behind them and were more useful than ad-powered flashlights, prank generators, or dubious PDF viewers on Google Play."

The Cybernews journalist adds, "This may also be due to stricter Apple policies for developers in its closed ecosystem regarding privacy in general." Apple has always defended its Walled Garden approach to the App Store by saying that it is necessary to allow it to make sure the apps in the store are safe to install. Of course, the Digital Market Act (DMA) in Europe allows iPhone users in the 27 EU countries to give up this protection if they want.

And for some iPhone users outside of the EU who are still not allowed to sideload apps from third-party app stores, the question isn't whether they will lose the security of having Apple vet third-party apps if the company allows sideloading in other regions. The question is whether Apple should give its customers the opportunity to sideload because they paid for their devices and are okay with taking the risk of having malware installed on their phones.

As for the experiment conducted by Naprys, it shows that the iPhone will contact fewer servers in questionable locations than Android. And that could be the difference in having your personal data acquired by authorities in foreign countries. The Cybernews research team said, "If your data ends up on a server in Russia, there’s a risk that it may be accessed by authorities or even commercial organizations that are not bound to GDPR and similar data and privacy protection laws. No consent will be asked."

The research team added, "Some may not be comfortable even with their iPhone sending diagnostic data, location, or other telemetry to Cupertino, as that data may be requested by law enforcement. It’s up to the user to decide how much exposure they can tolerate."