Battling for the title of Most Secure Mobile OS, we have: Android, BlackBerry, Ubuntu, Windows Phone, and iOS. Time for them to duke it out!
This OS’s reputation has been damaged by weaknesses like StageFright, which meant cybercriminals could hack into your phone simply by sending a suspect multimedia message. Google’s slow response also lost them a great deal of credibility; in fact, only the Nexus is guaranteed to have had the patch. Otherwise, users need to turn-off auto-retrieval of MMS.
Because Android is open source, app developers can use complex C++ programming, or Java — which makes it easier for criminals to insert malicious code. It’s a massive target for malware, and a study of more than 2.5 million apps last year found that 97% of malware targeted Android.
The OS doesn’t automatically alert you to the issue, with hackers using rootkits like Ghostware, which not only hides its intent but also covers any tracks afterwards.
It’s up to the Android community to spread the word about questionable apps. Even the Google Play Store isn’t infallible, but you could at least disable the setting that allows you to download third-party apps, although “side loading” does have its benefits. (This would at least decrease the chances of being victim to some malicious practices; for instance, Trojan apps containing Android.Fakelogin, which presents a fake login page for any banking app you use, aren’t on the Google Play Store.)
And that’s the thing about Android: it’s fine if you’re happy to toggle your security settings yourself.
I will judge you straight away if you have android. Sorry
— Toby (@Toby_vernon) June 4, 2016
None of this sounds particularly good for users, but Google at least promises monthly updates for the Nexus, its “perfect”, Google-branded smartphone. Another positive is the wealth of security apps that battle phishing and malware, provide solid anti-virus software, and a firewall.
The reality is, Android’s the most used OS in the world, so it’s going to also be the biggest target. Open source systems are hugely popular — with buyers and scammers.
The BlackBerry’s popularity plummeted a few years ago, despite the decent reviews for their Priv handset. Their own OS has been superseded by Android (which takes some getting used to) after the PlayBook tablet, which used a QNX-like system, proved to be a complete failure.
The handsets that run on Android are susceptible to the same problems as Samsung, HTC, and other models. Fortunately, the Priv gives you access to the Google Play Store, so you don’t have to rely on third-parties.
But what if you use an older BlackBerry with its original OS?
BlackBerrys were built with security in mind, which is reassuring enough for the likes of President Obama and UK Prime Minster David Cameron, who previously said:
“Wherever I am in the world, I am always within a few feet of a BlackBerry and an ability to manage things should they need to be managed… The Government has a BlackBerry service. They’re actually very good for emails and documents.”
#CommitACrimeIn5Words Knowingly used an unsecure Blackberry.
— Alan Smithee (@ActualFlatticus) June 4, 2016
You’d think if two major Governments relied on the system, they’d be the most secure — and again, the Canadian firm is on the ball when it comes to the Priv — but is the older OS capable of protecting against hacks? Hacker, Steve Lord, who runs Mandalorian Security Services Ltd, reveals:
“Older smartphones tend be considered less secure as they’re usually affected by known weaknesses. If you’re using an older phone you’re better off with a classic dumb phone. If you have to have an older smartphone, use an older BB10-based Blackberry, or a Windows Phone running Windows Phone 8 or newer.”
What’s more, when Sony was attacked by cybercriminals in late 2014, they relied on BlackBerrys to see them through the crisis; this end-to-end encryption, no matter what the recipient’s model, is a core reason BlackBerrys remain a good option for the security-minded.
For those who don’t know about Ubuntu Touch, it’s an open-source OS, similar to Android, is completely free, and supported by the Free/Libre Open-Source Software (FLOSS) community and Canonical Ltd, which was founded by Ubuntu’s creator. The latter ensures that new versions, including patches, are released every six months.
That’s the important part: you have to keep it up-to-date. Many desktop computers using the OS don’t receive security patches unless they’re on an LTS (long term support) release; fortunately, as their smartphones are new, they’ll be supported for a while yet.
Ubuntu prides itself on saving its users from malware and spyware, but it is open source, so some nefarious apps can slip through the net. Fixes, though, are typically rolled out quicker because the open source community has access to the code, can test a patch, and send it to Linux HQ. In contrast, closed source codes can only be accessed by company employees.
The Ubuntu App Store is more secure because it uses an automated review tool that checks if a new application is secure, and if anything questionable is found, it’s subject to a manual review too. What’s more, you need to enable certain permissions before apps install any surplus.
Plus, of course, there’s the fact — sorry, Linux users — that it’s not a massively popular system right now (at least in relation to Android and iOS), so attacks are few and far between. As it grows in popularity, Ubuntu will be a bigger target. To put that in perspective, in October 2015, an app taking advantage of flaws in the installation code affected a grand total of 15 people.
— Anderson Cave (@Nede7) May 3, 2016
Major companies like Netflix, Snapchat, and Dropbox all run on Ubuntu — as does the International Space Station and Large Hadron Collider! — and the UK’s Communications-Electronics Security Group (CESG), which assesses the security of operating systems, found in 2013 that Ubuntu is the most secure OS.
Still, the extensive list of security notices is troubling; bear in mind, however, these are at least vulnerabilities that have been patched. Ubuntu is by no means infallible, but time and time again, it stands up against vulnerabilities other OS’s struggle with.
Windows Phone & W10 Mobile
Ubuntu might be a strong candidate for the Most Secure OS, but it has serious competition from Windows Phone and W10 Mobile, which even Eugene Kaspersky (CEO of the Internet security firm) endorses as:
“So far very clean.”
He doesn’t expand on that statement, though. So what makes Windows Phones so secure?
Microsoft keeps its Windows App Store on a tight leash, so unless your Windows Phone is jailbroken, you have to go through the official channels to download apps; these have more restrictions than the other operating systems, but what sets them apart is the “sandbox” approach, which means apps don’t interact with each other unless you give them permission. They’re cordoned off from one another, so they can’t cause problems.
Again, that doesn’t mean it’s without vulnerabilities, but patches will be issued — you just need to update regularly. You have to do the same with the software itself, but that can be automated. Check if the version you’re running is the most recent by going on Settings > Phone update, and there you can also tick the Automatically download updates if my data settings allow it box.
Another positive thing for Windows Phones is how small the user base currently is (bad news for Microsoft; good news for security); so small, in fact, that there weren’t any firewall or anti-virus apps available on Windows 8.1 when it was released.
Microsoft has a bad reputation when it comes to allowing fraudulent apps to populate its store, but the firm is brushing up on this in an effort to get a bigger audience.
Because it’s so new, there’s very little information on Windows 10 Mobile security, but it could be susceptible to the malware inflicted on the desktop system, as they are essentially the same (although they utilize different hardware architecture). This is where sandboxing comes in to protect you. If you’re on Windows 8, you should download a recognized security app.
— Fahad Al-Riyami (@fahdriyami) May 31, 2016
An added bonus of Windows 10 Mobile is Device Encryption, which essentially locks your device down if it gets lost using sophisticated BitLocker technology. If someone doesn’t have your encryption key, your files are unreadable. It’s a PIN that you need to activate by going on Settings > System > Device encryption.
Just like the Google Play Store for Android, Apple vets all apps on its App Store: applications exist in their own ecosystem, only available to the end-user once the company has checked their intent. This is known as their “walled garden” and millions bought into that seemingly-unbreakable level of security.
Then cracks started to appear.
Most notably, some 500 million users of the Chinese messenger app, WeChat, could’ve been victim to malware after a modified version of the Xcode (used by developers) was approved by Apple — and that wasn’t the only app infected. Whereas before, malware was only a problem to those who have jailbroken their smartphones, it now appears that Apple isn’t as security-conscious as once thought.
The dust never really settled after the so-called “celebgate,” when the iCloud accounts of numerous celebrities were hacked and compromising photos leaked. Suddenly, iPhone users became aware of other security threats.
John Gunn, vice president at Vasco Data Security, says:
“Apple’s security strategy is so well-engineered that its biggest danger may be the false sense of security that it gives developers and the massive number of iPhone users.”
It can’t be that bad, surely? In terms of popularity, iOS comes a close second to Android, yet the latter’s reputation for getting viruses is much worse. Apple’s security is boosted by the fact that, unlike Android, it’s a closed source system, with sandboxed restrictions so you have to agree whenever an app tries to communicate with another part of the OS.
iOS’ built-in encryption is pretty tough to compete with too, but if that’s what you’re really after, WhatsApp offers a similarly-secure service.
The really positive thing about iPhones is how unlockable they are. After the FBI detained gunman Syed Rizwan Farook, they appealed to Apple to open his smartphone. Apple refused. They eventually found a hacker capable of cracking it, his willingness ensured by a $1.3 million payment.
This tells us that not only are iPhones pretty damn difficult to unlock, but also that Apple value privacy (or at least want to be seen to advocate it).
Is There a Clear Winner?
It’s tough to call because popularity plays a key part in how often its targeted by cybercriminals. Each OS has its pros and cons, and no matter what, you’re still traceable — whether by shops and malls, map apps, or Governmental intelligence services.
Android: If you’re up to toggling security tools — and limiting yourself to the Google Play Store — Android is fine, but nonetheless susceptible to malware. Due to their expedited roll-out, the Nexus is the safest bet for the security conscious.
BlackBerry: Older versions of the OS appear secure, but newer models’ reliance on Android compromises the handset. Security patches for the Priv are rolled out faster than many Android-run smartphones, but they’re still prone to malicious software from third-parties.
Ubuntu: It’s tough to argue that this isn’t the most secure system, but it’ll come under more attacks once it gains significant traction with regular users. Not everyone is wild about Linux, and there will always be concerns over open source, but at least the App Store has tight review measures.
Windows Phone: The same can be said for Windows Phones; when the market share increases, so will the number of attacks. The sandboxing method is in its favor, but you do have to rely on Microsoft for updates. The company does seem committed, however, so the OS is very secure right now.
iOS: Despite a number of recent security bugs and breaches, Apple remains largely trustworthy. Considering its demand rivals Android, its closed system holds malware at bay very effectively. While iOS should be fine for most people, consumer trust could fall if another major leak is found anytime soon.
I want a phone with:
• iPhone's camera
• Samsung's memory
• Nokia's battery
• Blackberry's secure system
• Sony's audio system
— KERO KERO (@cosydaisyy) June 4, 2016
What do I recommend as the most secure smartphone right now? If you prefer an older phone, pre-Priv BlackBerrys are a safe bet. If you want something newer, Ubuntu is very secure, but I can’t see it taking off for a while, so Windows Phone/ W10 Mobile just about beats the competition.
Which OS do you trust? What do you look for in smartphone security?