Both platforms separate apps from one another in a sandbox, but my preference is for Android's approach. Is the Android approach more secure than 's? The jury is still out on that question. No, my preference relies entirely on my being an old Unix hand, and the Android approach is one that any Unix or Linux geek can understand and work with. With Android, each app has a unique UID and GID (user and group IDs), as in a traditional Unix-style model. This uses the tried-and-proven Unix-style discretionary file-access controls to allow an app to get to its own files and not affect others.

When you couple that sandboxing with the application manifests that Android uses, you have a pretty elegant sandbox model. Each Android app has a manifest in which it declares the privileges it needs. At installation time, the user decides whether to allow or disallow these privileges.

That's the good news for Android. Now let's consider the bad news.

That same sandbox model has some pretty bad user interface issues. For one thing, there's no "line-item veto." Users have to accept or reject all or nothing when installing an app. And they do that after they've gone to the app market and decided to install the app, possibly after paying for it. Once they've gotten to that point, how many users are going to reject the privileges? Not many, I'd wager.