Since there is an awful lot of noise going around regarding which phone is better and why should we buy this brand versus that brand, we have decided to take a look at the situation from OS security perspective. Yes, this perspective is quite frustrating and cliché as well as very difficult to compare devices on, but it is very relevant for some users who seek a bit more security than the average. Also bear in mind that security is somewhat privacy, but not fully which is why we have decided to skip the privacy issue from the companies behind those phones, because, well, they all collect information to some extent. So let’s begin with quick reviews and security backgrounds of the OS’s!
BlackBerry OS and Android Version for BlackBerry
BlackBerry has been fighting for quite some time against the competition, as soon as the first touchscreen smartphones appeared. They tried to adapt, but weren’t very successful, primarily because their smartphones weren’t very customizable and their versions of business apps were not as good as Android’s or Apple’s default apps. Then there was the OS issue which was blown away by Android and used a system which was not a success.
This was when they began to run their own version of Android, which also had caused the same issues in similarity to other Android models, like Samsung or HTC’s devices. Their new phone, however, Priv now has access to the Amazon’s AppStore which is very suitable if you have a Blackberry.
With it’s modern OS’s having the conventional bugs and exploits, if we take a look at what they previously created, it surely was a security masterpiece before.
Their older BlackBerry devices which were primarily created for security purposes have even managed to catch the attention of important personalities, like US president then, Barrack Obama and the prime minister of the United Kingdom – David Cameron.
But using an older phone does not generally mean security – especially in 2016. As MakeUseOf reports, there were attacks on Sony and other major organizations which relied on BlackBerry for security. This is because older devices had already known weaknesses which have previously been exploited.
But do not despair because BlackBerry have not cheated on their roots. Their new Android-powered BlackBerry Priv(from Privacy and Privilege) goes as far as the supply chain to prove to us that security is of great importance. During production the phone is signed with a unique digital signature to stop anyone from tampering with it. There are also some other modifications in the Android OS’s key modules which make it significantly more difficult to find vulnerabilities in it’s Android version. But this is not all. The BlackBerry Android version also has apps that monitor the device in real time for any app behavior that may be suspicious.
Conventional Android
Being the most widely used operating system In the world, Android is a knife with two blades. On the one hand it is backed by the tech giant Google, meaning that the support and bug fixes for the OS are added more often due to a lot of users complaining. But the second blade (on the handle) is that the OS is also very mainstream and is a lucrative target, which is responsible for over 80% of the malware being created for Android devices. Also, the fact that Google performs patches often does not mean that their customer support is on such great level, quite the opposite. With the right exploit, all it takes is an MMS to hack an Android smartphone with the conventional OS.
However, do not get all desperate and sad, there is a new version of Android, called the Nougat which has quite the astonishing security enhancements, like:
- Direct Boot.
- Encryption of the device.
- Re-architected mediaserver process.
- Verified Boot allowing to prevent infected devices from even booting to make them reliable and preserve the data in them against viruses, like mobile ransomware.
- SELinux updates which have Seccomp coverage and sandboxing, just like Apple devices have.
- Improved ASLR which protects from targeted attacks.
- Hardening of the Kernel which protects it from kernel-related attacks.
- APK (applications) improvements via online signatures.
- Improvements in App Security which increase the security regarding applications that want to share the information with other applications.
- Improvements that benefit developers in managing configuration and allowing them to block traffic from various sources.
So, yeah, Android is going to become increasingly competitive with it’s primary competitor on focus – Apple, than it is now, and the most widely used OS out there with it’s many variations is not to be disregarded regarding security in the future.
Ubuntu’s “Touch”
Named Ubuntu Touch, this relatively new operating system (released 2015) is promising to be a very stable in the future. But not at this point. Yes, updates are being released every six months and yes it is supported by a large community, but like every OS, it needs the time to become stable. As soon as this is the case and if it is successful, many Android users may switch to this mobile version of Linux, especially tech-savvy users who love playing with the Terminal.
One instance that it is not as secure is that during the first months of it’s release, there were several bugs that were fixed by Canonical Ltd. primarily related to the compatible devices on which the OS was installed. There was also the situation with an exploit which allowed for a .mmrow type of file, named “test.mmrow” to infect 15 users with malware which was also immediately fixed. This is why, for this OS to become stable, it requires time and sacrifice. But if it does become stable and indeed widespread, we would surely recommend it for a secure choice. Despite being in a initial phase, at the same time it is also relatively secure primarily because the mobile OS is not so mainstream and it is Linux, after all.
There are also several other features we believe to make this operating system a good choice, like:
- Virtual private networking (VPN).
- Disk encryption.
- Authentication.
- Secure boot.
- Platform integrity and app sandboxing
- Application whitelisting.
- Malicious code detection and prevention.
- Security policy enforcement.
- Device update policy.
- Event collection for enterprise analysis.
- Incident response.
What amazes us is that Android is adding some of those features just now, kind of like an umbrella after rain, which makes you wonder – why not earlier?
PrivatOS
A heavily modified Android operating system, it is focused on one thing – privacy. It is an essential operating system for the Blackphone, one of the most secure smartphones ever created out there.
The OS is primarily secure because it relies on applications that are constantly supported live by the Blackphone maintenance team. This guarantees a secure and often maintained mobile device, no matter where you are and in the speed of today’s smartphones. Another good feature of this operating system is that it also gives the ability to run other operating systems via the Citrix services which gives the ability to use your Blackphone as any other mobile or desktop device, for example run Windows 7 on it. Or, you can have Windows Server 2012 running on the Blackphone with ease and with the same speed as the original computer it is running on does(good for system administrators), by simply having a good internet connection. There is also the possibility to run virtual drives on the supported smartphones, making it very secure even when you are deliberately visiting suspicious web links. If you get infected using the virtual drive, you will be safe because only this drive will become infected and it is a logical drive, so a simple delete of it will clear any malware from your phone. But It is very little likely to have malware infecting your phone, primarily because of the layers of encryption and protection the phone has, especially when it comes to message and calls encryption.
This brings us to the downside of the Blackphone which is it’s price. Not only it is expensive to get the device, but there is also the service which supports the OS of the device and enables encryption. Since this service is active, users are obliged to pay a hefty yearly cost. Overall and all, good security phone oriented towards business users who are security sensitive. It would be good to see this secure OS being implemented in other smartphones as well, though, which may increase the choice between devices with the PrivatOS and also help lower the price in a way.
Windows 10 Mobile and Windows Phones
This is definitely a good choice when it comes to security, primarily because of the good opinions of professionals who were using W10 mobile. But what makes the W10 mobile security at a satisfying level when it comes to security. One answer to this question might be it’s management because Microsoft tends to frequently update it’s own App Store very often and constantly monitor it, since this is an area of competition they would like to match the other big players in. This incentive is what makes the mobile Windows 10 a good choice and also the fact that if used on tablets, you can simply get the mobile version of W10 which is almost the same as the version on PC, which is so far on a relatively secure level, because the mobile device takes advantage of Microsoft’s security features for PC and the user can also install any third-party Antivirus software he or she wishes to have. So you get a computer on a tablet, which is great. The situation may not be the same with mobile phones. However they are also deemed “very clean” by experts. The only request from Microsoft to users is to perform updates more often.
But this does not mean that there will not be any gaps in security in the future. Bear in mind that recently a 17-year-old bug was discovered on all versions of Windows, including 10 which allowed malware infection via exploit. So, while a plus for security is that not many people use Windows mobile and it has different architecture and code as well as sandboxing, it may also turn out to be full of vulnerabilities in the future as well.
Apple IOS10
It is time to address the “elephant in the room” – the most discussed mobile devices that have always been the reason for strong criticism, primarily because of their high price.
When we put privacy aside, Apple has admitted themselves that iOS 10 lacks certain security features that lessen the security of 10 in comparison to the previous iOS 9’s. Not only this but Apple has also been the reason for many people trying to hack their phones and succeeding too, resulting in leaks, like the “Fappening” leak of nude celebrity pictures two years ago and several other scandals.
The new operating system also lacks certain features, according to the Russian cyber-sec firm Elcomsoft, which have conducted multiple security tests. The results of those tests were that there were weak password mechanisms of the online iTunes backup access. To conclude this, the company ran their tailor-made brute force program which discovered this password about 40 times faster than the previous iOS, according to Forbes.
What is visible by this and the weaker SHA256 encryption used with only one iteration in comparison to the SHA1 with 10 000 such is that Apple may have gotten carried away in optimizing their phones for storage as well as speed.
There were also other cases of the iPhone’s security on YouTube which allowed for users to access the phone without having to use the passcode, which may have been immediately patched:
And there were also situations where the notifications of the phone and the SIM card could be used to change the Apple ID and the owner of the device as well.
But let us not only discuss the downside because Apple’s mobile OS is a very secure one as well. This is primarily because of the quick response and good support by Apple. All things aside, most of the above-mentioned vulnerabilities were changed hours after they have came out. So Apple is a good choice, but bear in mind that it is not the best OS regarding security because it’s sandbox technology may not appear to be as secure as it once was. But it is regularly updated and patched, so it is more secure than the average phone for sure.
And the Winner for 2016 Is… ?
There is no clear winner here and if you want a secure phone, go with an old Nokia, for example, or use a stationary phone. The truth is, we live in an age of information, and while developers are pressed for time and given short deadlines to prepare a project, there will be even more bugs than the conventional ones.In my professional opinion, there should be more time given when it comes to security and quality and not just “grab it all and produce it; they will buy it” type of competition when you want to be a winner. Surely, everyone is striving for that, but given the recent performance by Microsoft, Apple, and even Google, we should learn a valuable lesson from what their products taught us. Do not be in a hurry, just because your competition is if you want to produce a product that is truly innovative and of great quality and most importantly a secure one.
Otherwise, than that, I would recommend using the Blackphone if you are extremely sensitive about security and are willing to give your money for a phone which costs nearly 700 GBP exclusively for the sake of that. But for an average security from daily unwanted programs, adware and malicious URL’s you can also do good with any of the other competitors as well. The truth is, Ubuntu and Windows have a significant advantage primarily because the writers for malware who are focused on the mass targeting of mobile users, tend to choose Android or Apple for their targets, primarily because those two vendors take the hugest chunk of the mobile market out there. But using Windows or Ubuntu Touch will also lack you from certain features and apps that are relatively new and could be of grave use to you in some specific cases, in comparison to Android Nougat’s new features and Apple IOS10’s improvements as well.
It comes down to an opportunity cost between brand, the level of security and privacy, features and other factors with the consumer. So if you feel that you know what you are doing, you can go with the mainstream devices (Android and IOS) which will keep the level of security high, unless you are targeted by a hacker or deliberately click malicious URLs all the time. It comes down to assessing your level of security knowledge, your browsing behavior and the level of security you require for your situation.
As a side note, for the next year, we expect to see a very interesting revolution in technology with new advancements, like holographic spaces and VR entering the market. It will be interesting to see how the security of those revolutionary devices will be implemented when it comes to the inter-connectivity and security of the connection on the new software updates of those OS’s.
Images Source: Ubuntu, Pexels, Blackphone