Smartphones become more and more popular. Android and iOS are two dominant mobile operating systems on the market. An interesting question is which one is more secure. We made a comparison by investigating applications that run on both Android and iOS and examining the difference in the usage of their security sensitive APIs. We also proposed a generic attack vector that enables third-party applications to launch attacks on non-jailbroken iOS devices, and constructed multiple proof-of-concept attacks, such as cracking device PIN and taking snapshots without user’s awareness. Our work helped Apple to fix those severe vulnerabilities in iOS.
Dr. Jianying Zhou is a principal scientist and the head of Infocomm Security Department at Institute for Infocomm Research. He received PhD in Information Security from Royal Holloway, University of London. His research interests are in applied cryptography, computer and network security, cyber-physical security, mobile and wireless security. He has secured over 10 million dollars of research grants as lead PI. He has published over 200 referred papers at international conferences and journals with over 5000 citations, and received ESORICS’15 best paper award. He has 2 technologies being standardized in ISO/IEC 29192-4 and ISO/IEC 20009-4, respectively. He also has a number of technologies being patented. He is a co-founder & steering committee co-chair of International Conference on Applied Cryptography and Network Security (ACNS). He is also steering committee vice chair of ACM AsiaCCS, and steering committee member of Asiacrypt. He has served in many leading crypto and security conference committees as general chair, program chair, and PC member.