Your smartphone is one of your biggest security vulnerabilities. Aside from the obvious issue of theft, it's also leaking data to endless companies and people.

As such, making sure you have a secure phone should be high on your list of priorities. To help, we're going to compare three of today's leading devices: the iPhone X, the Galaxy S9, and the Pixel 2 (both of which run Android).

Our 7 Points of Comparison

We're going to compare the three phones across seven areas.

Encryption: Without data encryption, anyone in possession of your phone could extract or read its contents, even if they didn't know your passcode.

Apple's Tim Cook explains it the best:

"On your smartphone today, there's likely health information, there's financial information. There are intimate conversations with your family, or your co-workers. There's probably business secrets, and you should have the ability to protect it. And the only way we know how to do that is to encrypt it."

App blocking: The ability to block apps serves two purposes. Most importantly, it lets you prevent apps that don't necessarily need web access to function correctly from sneakily "phoning home" with your data. Secondly, it can reduce you data usage and prevent unexpectedly high bills.

Biometric security: Some people have claimed Apple's facial recognition software is flawed. There have been some reports of random people being able to unlock another person's device. But is the technology better or worse than fingerprint scanners from a safety standpoint?

Password-protected folder: The presence of a password-protected folder is another line of defense against the issues Tim Cook raised. It prevents someone who knows your PIN code accessing your phone and stealing its most sensitive contents.

Multi-user support: Do you use your device for both business and pleasure? Most people do. If you're one of them, the ability to run multiple sandboxed user profiles is important.

Automatic data wipe: We're sure lots of you have lost a phone at some point in your lives. Given how much data is on your device, that's a massive problem. A way to make your phone delete all its data if the PIN code is entered incorrectly too many times will protect you against brute force attacks.

Native password manager: Using a password manager lets you choose more secure credentials; you won't have to remember them every time you log into an app or service.

1. Encryption

The winner is: Draw

All three of the handsets use file-based AES 256-bit encryption. We'll ignore the persistent rumors about potential back-door entry points and say this is a good thing.

It's easy to activate encryption on all three devices.

How to Turn On Encryption on an iPhone

  1. Open the Settings app.
  2. Select Touch ID and Passcode.
  3. Choose Turn Passcode On.
  4. Create an alphanumeric password that's at least six characters long.

To check the process worked, navigate back to Touch ID and Passcode, scroll to the bottom of the page, and make sure you see the Data protection is enabled message.

How to Turn On Encryption on Android

  1. Open the Settings app.
  2. Go to Security.
  3. Scroll down and tap on Encrypt Device.
  4. Read and agree to the on-screen warnings.

On Android, the process could take up to one hour, and your phone might restart several times. Also, keep in mind that the only way to unencrypt the device is to perform a factory reset.

2. App Blocking

The winner is: iPhone X

Being able to block apps from accessing the internet on a case-by-case basis sounds like something you'd expected to be a standard feature on smartphones. It would stop apps from sending data back to their developers.

However, of the three phones, only the iPhone X lets you restrict apps individually. And even then, the situation isn't clear-cut. You can only stop apps from accessing the internet while connected to your mobile data network; you can't block apps connecting when you're on Wi-Fi.

The solution is to use a VPN. Both ExpressVPN and CyberGhost let you block apps individually.

How to Block an App's Internet Access on iPhone

  1. Open the Settings app.
  2. Tap on Cellular.
  3. Scroll down to the list of apps.
  4. Flick the toggles into the Off position as desired.

3. Biometric Security

The winner is: iPhone X

The Samsung Galaxy S8 offered facial recognition back in March 2017, but Apple changed the game when it released the iPhone X later that year.

The flagship model became the first device whose facial recognition software was secure enough to be used for authorizing mobile payments as well as for locking your screen.

The software on both the S9 and the Pixel 2 still lags behind iOS. It still can't be used for secure transactions. Interestingly, Apple claims Face ID is more secure than Touch ID (and there are ways to make Face ID safer):

"The probability that a random person in the population could look at your iPhone X and unlock it using Face ID is approximately 1 in 1,000,000 (versus 1 in 50,000 for Touch ID)."

Of course, both forms of biometric ID have a downside. If someone steals your data, it will be compromised forever. Passwords can be changed at will.

4. Password-Protected Folder

The winner is: Galaxy S9

Of the three devices we are looking at, the Samsung Galaxy S9 is the only one that comes with a native password-protected folder.

The folder lets you keep any files, photos, videos, or documents in a secure location on your device. You can move content in and out with ease.

As a further benefit, the Galaxy's secure folder also lets you hide it from the Apps and Home screen. It means a casual observer won't even know it exists.

How to Set Up the Secure Folder on Galaxy S9

  1. Open the Settings app.
  2. Tap on Lock screen and security.
  3. Scroll down to Secure Folder.
  4. Enter your Samsung account credentials.
  5. Set up your lock method.

How to Hide the Secure Folder on Galaxy S9

  1. Open the Settings app.
  2. Tap on Lock screen and security.
  3. Scroll down to Secure Folder.
  4. Select Hide Secure Folder.
  5. Tap on OK.

5. Multi-User Support

The winner is: Galaxy S9 and Pixel 2

Multi-user support is a big bonus for security. It's useful on a number of levels. For example, if you often let your kids use your phone, they can mess around without accidentally changing or deleting anything on your account.

It's also useful if you'd like to keep one section of your phone for work-related things and one for personal things. All user accounts run in their own sandbox, so data can never leak between them.

And remember, Android phones also support customizable guest accounts.

The iPhone X finds itself trailing in its competitors' wake. In truth, it's astonishing that Apple doesn't yet offer multi-user support on any iOS devices. That needs to change ASAP.

6. Automatic Data Wipe

The winner is: iPhone X

All three phones can be locked and wiped remotely. This is excellent protection against theft, but you need to have spent the time to set up Find My Device or Find My iPhone before using the service.

If you've not set up Android Device Manager or a third-party anti-theft app and lose either a Galaxy S9 or a Pixel 2, someone could brute force your lock code until they gain access.

The iPhone X offers more security. By default, it will shut down and force you to connect to iTunes after 10 failed logins.

But you can also set up the device so it automatically wipes all your data after 10 failed logins.

How to Delete iPhone Data After Failed Logins

  1. Open the Settings app.
  2. Go to Touch ID and Passcode.
  3. Select Erase Data.
  4. Turn the toggle into the On position.

7. Built-In Password Manager

The winner is: Draw

The iPhone X, Galaxy S9, and Pixel 2 all have a native password manager. The managers are called iCloud Keychain, Samsung Pass, and Google Smart Lock respectively.

All three store their data in an encrypted vault and auto-fill apps and services when needed.

The iPhone X's keychain is perhaps the most practical; it can sync your data across all the Apple devices you own. It means you can use the app to store system passwords as well as browser and app credentials.

Google Smart Lock will also work on Chrome, while Samsung Pass only works with Samsung devices and the Samsung internet browser.

Nonetheless, from a security standpoint, the three are almost identical.

Note: You can use a password manager in place of the proprietary apps.

iPhone X Comes Out Ahead in Smartphone Security

On the security points we've analyzed, the iPhone X emerges as a narrow winner. It's automatic data wipe, biometric ID security, and app blocking see it edge out the other two models. (But when it comes to popularity, Android phones still have an edge over the iPhone.)

The S9's password protected folder means it earns second place ahead of the Pixel 2.

Of course, there are lots of other security factors to consider, so let us know what you think in the comments.

And remember, there are always more steps you can take to improve your phone's security. Why not try install some security apps on your iPhone or apps that protect your privacy on Android?