If a company made the most secure Android phone, how secure should it be?

Toggle sidebar Toggle sidebar
nate0

nate0

New member
Mar 1, 2015
3,607
0
0
The Android kernel (based on linux) is open source. So that targets it in the first place. Some makers open up their bootloader, usually for enthusiasts seeking to custom flash or install other Andorid Flavor OSes. The linux Android OS/kerne/boot/system can be as secure as they want it to be. What if someone came out with a locked down Android device kinda in the image of a Windows Phone or iPhone? Would you consider it? What would make it secure? What software would it allow or not? What would you want it to be able to do or not be able to do?

Open source is a great thing, but it does not have to weigh someone down with security issues or risk.

This is just one example below to put out there and honestly I know very little about them. I only heard of them 2 years ago, but thought I would mention it here since the post is around security.

Blackphone and Silent OS https://www.silentcircle.com/ Is this a gimmick? If so what would be the real thing from your view point?
 
Right now if you're looking for security than Google, BlackBerry are the prime brands to go for. (honorable mention to Copperhead OS, it's probably the best high-security option)

I've heard conflicting information on BlackBerry's security additions but independent of that, Google and BlackBerry get consistent monthly security updates. (Moto has quarterly patches I hear)

Although, it's worth noting that a locked-bootloader becomes a liability when the updates run out. Custom ROMs can provide more security than stock - for example: There's a KitKat-based ROM available the 2010 Galaxy S that has the January 2017 security patch level. (and I'm surprised Google is still patching it too)

My BlackBerry has a bootloader that has yet to be unlocked/rooted and once security updates stop, that's the end of the road. When that will be? Anyone's guess.
 
TgeekB said:
Google is more secure than iOS?

Sent from mTalk on my SP4
Click to expand...

What I'm saying is that Google and BlackBerry Android phones are currently the ones that get consistent monthly security patches. (such as the Google/LG Nexus 5X, the Pixel, the BlackBerry KEYone, DTEK60...)

As for whether Android is inherently more or less secure, there's more to attack since Android has more freedoms such as the option to sideload easily, do more things, etc. Those are negligible as long as you understand the risks.

However, the biggest problem is that updating Android phones is a big issue. Moto phones only get quarterly security updates, many cheapo Android phones don't get anything, and generally the landscape is pretty inconsistent.

(And something weird happened earlier this year when the T-Mobile Galaxy S4 got its first update in years, bringing it not a new OS, but up-to-date (as of January) security.)

iOS and Android will both have vulnerabilities and choosing the right device can largely nullify Apple's rapid-response across-the-device-lineup advantage.

But its also about how much freedom and flexibility you want in your phone.
 
Google is the first one I see as the fastest to be securing their devices, since all other devices rely on their Android code and security releases. Google can release for their devices as soon as it wants to. Correct? I never really dabbled around in BB, but we owned the Curves at work, and from what I know BB OS was as secure as they get. On top of the Android OS or deep down the boot loader trenches, BB should be swinging their A game much like they did with their former OS. Of course I am just speaking from observation.
 
Thanks. You hear various opinions about this. Like I always say, the user is the biggest factor in security.
 
@libra89
Just noticing...
You switch between phones as much or more than I do...does security/patches etc. come into play overall for you when deciding?
 
Nate W said:
@libra89
Just noticing...
You switch between phones as much or more than I do...does security/patches etc. come into play overall for you when deciding?
Click to expand...

Actually no, it doesn't. I know that sounds terrible but I think more of actual support. It really depends for me. Since I prefer small phones, it's kind of hard to be picky on what gets patches and what doesn't. However, I wouldn't buy a phone that has an old OS unless it will be updated and that was promised.

I hop between all of them. An example is the Honor 8. It launched with MM and it did get updates. They had an update promise and it was updated to Nougat too. It was good to know but it didn't push me to get it.
I had a Pixel too, I didn't get one for the updates, I got it for all of the other stuff and it's form factor.
 
xandros9 said:
What I'm saying is that Google and BlackBerry Android phones are currently the ones that get consistent monthly security patches. (such as the Google/LG Nexus 5X, the Pixel, the BlackBerry KEYone, DTEK60...)
Click to expand...

I think that one of the conditions now, if you want offer a phone with Android, is that you provide these monthly security updates to the users.
 
TgeekB said:
Thanks. You hear various opinions about this. Like I always say, the user is the biggest factor in security.
Click to expand...

Often the case, but in the case of bugs on Android phones where simply receiving an SMS message could hack your phone, I'd say that OS updates are just as critical to security on any mobile platform.

On that front Apple and Microsoft beat Android as there is no central update authority. Google's own phones are likely the best supported Android devices these days and there is a big push to improve this aspect of Android so I think things will get better over time, but I definitely wouldn't choose Android if you want security today. On budget and choice they win, but not on security.
 
libra89 said:
Click to expand...

I work in IT. I see it all the time!

Nate W said:
@libra89
Just noticing...
You switch between phones as much or more than I do...does security/patches etc. come into play overall for you when deciding?
Click to expand...

My observation may be somewhat anecdotal, but I don't think that security and OS updates matter to most users. We on forums like this think differently than the average consumer. We scour tech sites looking for info on the latest update, and we can't wait until it drops. We sign up for betas to be one of the first to get the latest and greatest. This is NOT normal!

Something else to consider is how much of a real world problem smartphone security actually is. I've never experienced, or witnessed, or even heard of (I'm talking about specific cases from a reputable source), any exploit on any smartphone, ever. Based on what I read, it seems that most exploits that do exist are on Androids in China or Russia where they commonly sideload. However, I do believe that security concerns will grow as smartphones begin to replace desktops.
 
tgp said:
I work in IT. I see it all the time!



My observation may be somewhat anecdotal, but I don't think that security and OS updates matter to most users. We on forums like this think differently than the average consumer. We scour tech sites looking for info on the latest update, and we can't wait until it drops. We sign up for betas to be one of the first to get the latest and greatest. This is NOT normal!

Something else to consider is how much of a real world problem smartphone security actually is. I've never experienced, or witnessed, or even heard of (I'm talking about specific cases from a reputable source), any exploit on any smartphone, ever. Based on what I read, it seems that most exploits that do exist are on Androids in China or Russia where they commonly sideload. However, I do believe that security concerns will grow as smartphones begin to replace desktops.
Click to expand...
Exploits exist. Just not to the level most know or would even experience. Most are squashed ASAP too, so not to make headlines. There are drawbacks to open source in that way, and what I notice is Gogle has security doors in between the device and the internet. I may be wrong but Google had oauth long before Microsoft began to use it, now oauth2. They had account verification and 2 step in mobile before most did too. It's unique to have at the device level the ability to control most of what you want and still be hardened around network and app layers. I think that is why I originally got into Android devices. With an OS at the device level as open as it is they need to harden every thing else around it. And work consistently much more at it.
 
Nate W said:
Exploits exist. Just not to the level most know or would even experience.
Click to expand...

Yes I know exploits exist. I work in IT. :winktongue: But the way it's talked about, mostly on forums like this where Android is largely unliked, if you get an Android you have now placed your most personal files out on the sidewalk. In the real world, the consumer should not have to be concerned about it on the basis that their device does not get security updates, whether it's WM, iOS, or (most likely) Android. It's probably not going to make a difference.

However, the consumer does need to worry about the PEBCAK issue! I don't know this, but I wouldn't be surprised if virtually all exploits that do exist are due to user actions, whether or not the device gets security updates.
 
tgp said:
I work in IT. I see it all the time!



My observation may be somewhat anecdotal, but I don't think that security and OS updates matter to most users. We on forums like this think differently than the average consumer. We scour tech sites looking for info on the latest update, and we can't wait until it drops. We sign up for betas to be one of the first to get the latest and greatest. This is NOT normal!

Something else to consider is how much of a real world problem smartphone security actually is. I've never experienced, or witnessed, or even heard of (I'm talking about specific cases from a reputable source), any exploit on any smartphone, ever. Based on what I read, it seems that most exploits that do exist are on Androids in China or Russia where they commonly sideload. However, I do believe that security concerns will grow as smartphones begin to replace desktops.
Click to expand...

I totally believe that you see it a lot.

Then again, I guess I'm not the best person to ask. My SE remains on iOS 9 because I didn't like how the battery life is with iOS 10. Apparently, it's a mess on 10.3.2 as well.

For my Lumia, I look forward to updates because I always hope that they improve things like how the update before last appeared to improve performance. That's really what it comes down to.
 
tgp said:
Yes I know exploits exist. I work in IT. :winktongue: But the way it's talked about, mostly on forums like this where Android is largely unliked, if you get an Android you have now placed your most personal files out on the sidewalk. In the real world, the consumer should not have to be concerned about it on the basis that their device does not get security updates, whether it's WM, iOS, or (most likely) Android. It's probably not going to make a difference.

However, the consumer does need to worry about the PEBCAK issue! I don't know this, but I wouldn't be surprised if virtually all exploits that do exist are due to user actions, whether or not the device gets security updates.
Click to expand...
Agreed. Nobody can control what you tap or click on except yourself.
 
libra89 said:
For my Lumia, I look forward to updates because I always hope that they improve things like how the update before last appeared to improve performance. That's really what it comes down to.
Click to expand...

I'm guessing that those who are eagerly awaiting updates are doing it mostly for this reason, and don't care so much about updates for security.
 
You must log in or register to reply here.

Similar threads

Windows Central
Got a new Windows 11 PC or laptop? Do these 6 steps to make your device more secure
Replies
0
Views
529
Windows Central News Feed: Comments & Discussion
Windows Central
Windows Central
Windows Central
If you upgrade the SSD in your ROG Ally, adding a heatsink to it should be your next job
Replies
0
Views
204
Windows Central News Feed: Comments & Discussion
Windows Central
Windows Central
Windows Central
What is the Microsoft Defender app, and how do I get started on Windows 11 and Android? This Microsoft 365 benefit explained.
Replies
1
Views
711
Windows Central News Feed: Comments & Discussion
nop
nop
F
Phil Spencer said "not every screen is equal" about Xbox Multiplatform Strategy
Replies
10
Views
4K
Gaming Discussion
Lurking_Lurker_Lurks
L
Windows Central
Whether a company loses a factory in a fire or millions of files in a cybersecurity incident it may be material to investors" A new SEC rule went i...
Replies
0
Views
345
Windows Central News Feed: Comments & Discussion
Windows Central
Windows Central

Latest posts

Trending Posts

Members online

No members online now.
Total: 1,972 (members: 0, guests: 1,972)

Forum statistics

Threads
338,717
Messages
2,261,733
Members
428,745
Latest member
bevilbody099

Share this page

COMPANY
RESOURCES
FOLLOW
Top Bottom