[nate0]

The Android kernel (based on linux) is open source. So that targets it in the first place. Some makers open up their bootloader, usually for enthusiasts seeking to custom flash or install other Andorid Flavor OSes. The linux Android OS/kerne/boot/system can be as secure as they want it to be. What if someone came out with a locked down Android device kinda in the image of a Windows Phone or iPhone? Would you consider it? What would make it secure? What software would it allow or not? What would you want it to be able to do or not be able to do?

Open source is a great thing, but it does not have to weigh someone down with security issues or risk.

This is just one example below to put out there and honestly I know very little about them. I only heard of them 2 years ago, but thought I would mention it here since the post is around security.

Blackphone and Silent OS https://www.silentcircle.com/ Is this a gimmick? If so what would be the real thing from your view point?

[xandros9]

Right now if you're looking for security than Google, BlackBerry are the prime brands to go for. (honorable mention to Copperhead OS, it's probably the best high-security option)

I've heard conflicting information on BlackBerry's security additions but independent of that, Google and BlackBerry get consistent monthly security updates. (Moto has quarterly patches I hear)

Although, it's worth noting that a locked-bootloader becomes a liability when the updates run out. Custom ROMs can provide more security than stock - for example: There's a KitKat-based ROM available the 2010 Galaxy S that has the January 2017 security patch level. (and I'm surprised Google is still patching it too)

My BlackBerry has a bootloader that has yet to be unlocked/rooted and once security updates stop, that's the end of the road. When that will be? Anyone's guess.

[TgeekB]

Google is more secure than iOS?

Sent from mTalk on my SP4

[nate0]

Google is more secure than iOS?

Sent from mTalk on my SP4

When compared to iOS, not really.

[TgeekB]

That's what I thought.

[xandros9]

Google is more secure than iOS?

Sent from mTalk on my SP4

What I'm saying is that Google and BlackBerry Android phones are currently the ones that get consistent monthly security patches. (such as the Google/LG Nexus 5X, the Pixel, the BlackBerry KEYone, DTEK60...)

As for whether Android is inherently more or less secure, there's more to attack since Android has more freedoms such as the option to sideload easily, do more things, etc. Those are negligible as long as you understand the risks.

However, the biggest problem is that updating Android phones is a big issue. Moto phones only get quarterly security updates, many cheapo Android phones don't get anything, and generally the landscape is pretty inconsistent.

(And something weird happened earlier this year when the T-Mobile Galaxy S4 got its first update in years, bringing it not a new OS, but up-to-date (as of January) security.)

iOS and Android will both have vulnerabilities and choosing the right device can largely nullify Apple's rapid-response across-the-device-lineup advantage.

But its also about how much freedom and flexibility you want in your phone.

[nate0]

Google is the first one I see as the fastest to be securing their devices, since all other devices rely on their Android code and security releases. Google can release for their devices as soon as it wants to. Correct? I never really dabbled around in BB, but we owned the Curves at work, and from what I know BB OS was as secure as they get. On top of the Android OS or deep down the boot loader trenches, BB should be swinging their A game much like they did with their former OS. Of course I am just speaking from observation.

[TgeekB]

Thanks. You hear various opinions about this. Like I always say, the user is the biggest factor in security.

[tgp]

Like I always say, the user is the biggest factor in security.

Yes. Did you ever hear of the problem called PEBCAK? (Problem Exists Between Chair And Keyboard)

[libra89]

Yes. Did you ever hear of the problem called PEBCAK? (Problem Exists Between Chair And Keyboard)

Sent from mTalk

[nate0]

@libra89
Just noticing...
You switch between phones as much or more than I do...does security/patches etc. come into play overall for you when deciding?

[libra89]

@libra89
Just noticing...
You switch between phones as much or more than I do...does security/patches etc. come into play overall for you when deciding?

Actually no, it doesn't. I know that sounds terrible but I think more of actual support. It really depends for me. Since I prefer small phones, it's kind of hard to be picky on what gets patches and what doesn't. However, I wouldn't buy a phone that has an old OS unless it will be updated and that was promised.

I hop between all of them. An example is the Honor 8. It launched with MM and it did get updates. They had an update promise and it was updated to Nougat too. It was good to know but it didn't push me to get it.
I had a Pixel too, I didn't get one for the updates, I got it for all of the other stuff and it's form factor.

[Ayrton01CZ]

What I'm saying is that Google and BlackBerry Android phones are currently the ones that get consistent monthly security patches. (such as the Google/LG Nexus 5X, the Pixel, the BlackBerry KEYone, DTEK60...)

I think that one of the conditions now, if you want offer a phone with Android, is that you provide these monthly security updates to the users.

[realwarder]

Thanks. You hear various opinions about this. Like I always say, the user is the biggest factor in security.

Often the case, but in the case of bugs on Android phones where simply receiving an SMS message could hack your phone, I'd say that OS updates are just as critical to security on any mobile platform.

On that front Apple and Microsoft beat Android as there is no central update authority. Google's own phones are likely the best supported Android devices these days and there is a big push to improve this aspect of Android so I think things will get better over time, but I definitely wouldn't choose Android if you want security today. On budget and choice they win, but not on security.

[tgp]

I work in IT. I see it all the time!

@libra89
Just noticing...
You switch between phones as much or more than I do...does security/patches etc. come into play overall for you when deciding?

My observation may be somewhat anecdotal, but I don't think that security and OS updates matter to most users. We on forums like this think differently than the average consumer. We scour tech sites looking for info on the latest update, and we can't wait until it drops. We sign up for betas to be one of the first to get the latest and greatest. This is NOT normal!

Something else to consider is how much of a real world problem smartphone security actually is. I've never experienced, or witnessed, or even heard of (I'm talking about specific cases from a reputable source), any exploit on any smartphone, ever. Based on what I read, it seems that most exploits that do exist are on Androids in China or Russia where they commonly sideload. However, I do believe that security concerns will grow as smartphones begin to replace desktops.

[nate0]

I work in IT. I see it all the time!



My observation may be somewhat anecdotal, but I don't think that security and OS updates matter to most users. We on forums like this think differently than the average consumer. We scour tech sites looking for info on the latest update, and we can't wait until it drops. We sign up for betas to be one of the first to get the latest and greatest. This is NOT normal!

Something else to consider is how much of a real world problem smartphone security actually is. I've never experienced, or witnessed, or even heard of (I'm talking about specific cases from a reputable source), any exploit on any smartphone, ever. Based on what I read, it seems that most exploits that do exist are on Androids in China or Russia where they commonly sideload. However, I do believe that security concerns will grow as smartphones begin to replace desktops.

Exploits exist. Just not to the level most know or would even experience. Most are squashed ASAP too, so not to make headlines. There are drawbacks to open source in that way, and what I notice is Gogle has security doors in between the device and the internet. I may be wrong but Google had oauth long before Microsoft began to use it, now oauth2. They had account verification and 2 step in mobile before most did too. It's unique to have at the device level the ability to control most of what you want and still be hardened around network and app layers. I think that is why I originally got into Android devices. With an OS at the device level as open as it is they need to harden every thing else around it. And work consistently much more at it.

[tgp]

Exploits exist. Just not to the level most know or would even experience.

Yes I know exploits exist. I work in IT. But the way it's talked about, mostly on forums like this where Android is largely unliked, if you get an Android you have now placed your most personal files out on the sidewalk. In the real world, the consumer should not have to be concerned about it on the basis that their device does not get security updates, whether it's WM, iOS, or (most likely) Android. It's probably not going to make a difference.

However, the consumer does need to worry about the PEBCAK issue! I don't know this, but I wouldn't be surprised if virtually all exploits that do exist are due to user actions, whether or not the device gets security updates.

[libra89]

I work in IT. I see it all the time!



My observation may be somewhat anecdotal, but I don't think that security and OS updates matter to most users. We on forums like this think differently than the average consumer. We scour tech sites looking for info on the latest update, and we can't wait until it drops. We sign up for betas to be one of the first to get the latest and greatest. This is NOT normal!

Something else to consider is how much of a real world problem smartphone security actually is. I've never experienced, or witnessed, or even heard of (I'm talking about specific cases from a reputable source), any exploit on any smartphone, ever. Based on what I read, it seems that most exploits that do exist are on Androids in China or Russia where they commonly sideload. However, I do believe that security concerns will grow as smartphones begin to replace desktops.

I totally believe that you see it a lot.

Then again, I guess I'm not the best person to ask. My SE remains on iOS 9 because I didn't like how the battery life is with iOS 10. Apparently, it's a mess on 10.3.2 as well.

For my Lumia, I look forward to updates because I always hope that they improve things like how the update before last appeared to improve performance. That's really what it comes down to.

[nate0]

Yes I know exploits exist. I work in IT. But the way it's talked about, mostly on forums like this where Android is largely unliked, if you get an Android you have now placed your most personal files out on the sidewalk. In the real world, the consumer should not have to be concerned about it on the basis that their device does not get security updates, whether it's WM, iOS, or (most likely) Android. It's probably not going to make a difference.

However, the consumer does need to worry about the PEBCAK issue! I don't know this, but I wouldn't be surprised if virtually all exploits that do exist are due to user actions, whether or not the device gets security updates.

Agreed. Nobody can control what you tap or click on except yourself.

[tgp]

For my Lumia, I look forward to updates because I always hope that they improve things like how the update before last appeared to improve performance. That's really what it comes down to.

I'm guessing that those who are eagerly awaiting updates are doing it mostly for this reason, and don't care so much about updates for security.