This article explores, from a security perspective, the often bewildering choice of mobile telephones facing the consumer. If you are looking to maximise your security, what should you choose?
There are two forms of mobile telephone security. One is physical: if someone gets their hands on your mobile telephone, will they be able to break into it? The second is might be described as virtual security; can the 'phone be hacked from a distance?
Both sorts of telephone security involve serious risks. You may think you are clever enough to let your mobile telephone out of your sight. But your boyfriend or girlfriend might see the password. You might plug it into the charge in a public place, whereupon all its data can be downloaded. The Police, or other law enforcement authorities, particularly in unusual jurisdictions, might seize your telephone and they may attempt entry to it. The Police may be operating under a law prescribing that if you do not provide the password, then you can go to prison. Laws of this kind are increasingly common. Hence it becomes your 'phone or you.
In an ideal world, we all carry tin containers full of battery acid to drop our telephones into at the slightest hint of law enforcement interest. Unfortunately we cannot mostly live like this. So we have to think laterally.
In recent years, two 'mobile telephone operating systems have come to dominate the market: Android; and iOS (for Apple products). There is no doubt that for the purposes of physical security, Android devices are better. Every iPhone can be hacked physically. The US Government paid some Russians hackers slightly short of USD2m a few years ago, to show them how to do this. By contrast Android devices are not generally susceptible to the same frailties.
That having been said, if the Police are demanding your password down the barrel of a gun or a two-year prison sentence, then you need a 'Kill Switch'. This is a programme that will wipe your 'phone remotely. So in the seconds before the Police take your 'phone, you send a simple SMS to another number and that wipes your 'phone. Then the Police can take your password; it won't do them much good. It doesn't have to be the Police; it could be a kdinapper. Every Android 'phone needs a quick and easy Kill Switch installed, in the event that you need to wipe your 'phone quickly. Alternatively use that tried and tested method: throw iti in the deepest close body of water. There never was a case in which the Police fished a mobile 'phone out of a major river. The exercise in dredging is incalculably costly.
The case of the boyfriend/girlfriend learning the password is hard to avoid save by using a fingerprint to access the 'phone instead of a code, PIN or specific swipe of the finger. I know my partner's pass code, and so do you. If we know theirs, they know ours. Only fingerprint scans can avoid this; and even then they may be imperfect because your 'phone probably has a passcode alternate, that you probably use for several other purposes as well. The lesson is obvious, but so often overlooked: use a distinctive passcode and change it often.
Think how much sensitive data you keep on your 'phone; and consider that with physical access your partner (or someone instructing him or her) can install Spyzie within about 30 seconds. Spyzie is a Spyware software that transmits everything you do with your 'phone to someone else's phone, including a Keystroke Logger. Once Spyzie has been installed, all your electronic security is potentially compromised. It is hard to know when you have been the victim of Spyzie. Your machine slows down, and drains battery more quickly. Aside from that, it is extremely efficient at hiding itself from you. The only way it may pop up is if you ask all your applications to update themselves. Spyzie may then ask you whether you want to update it: something that gives the game away.
Now let us turn to virtual security, which is really where the battleground lies. In principle at least, in this regard iOS telephones are superior to Android ones. The reason why is that iOS only allows you to download Apps pre-approved by Apple. Hence Apple provides a fist line of defence against Spyware-nstalling malicious Apps.
Nevertheless there are manifold problems with this logic. The mechanisms by which government Spyware such as Pegasus is installed on one's device are the same for both Android and iOS 'phones: SMS's and WhatsApp messages with auto-downloaded attachments. Only vigorous attention to your settings can prevent this on either Operating System.
Perhaps more generally, you have no reason to believe that Apple denies download of Apps with so-called back doors. Most back doors, if intentional, are put there upon the injunction of government, to prevent mobile 'phones from being used as tools of criminal activity. The problem is that once governments can inspect mobile 'phones for criminal activity, they inspect them for all sorts of other activities to. This article is not intended to help you break the law; it is intended to help you prevent government or private surveillance of lawful activities. The Apple stamp of approval, in this regard, means little over the more open Android approach which lets you download pretty much whatever you want.
Another point in favour of iOS is that its software for recording and transmitting audio (I.e. voice calls) is believed to be more secure than the equivalent software on Android systems. However neither is impregnable. It's a matter of degree.
A number of so-called darkphones, security 'phones and other similar things are sold on the Internet. These are virtually all of them Android variants. Do not think that they protect you from remotely installed Spyware. That's still Android 'phones, not matter what the blurb says.
The only way really to protect yourself from Spyware is to use a mobile telephone doesn't support sophisticated Apps. These are sometimes known as 'dumbphones'. All they do is make and receive calls and SMS's, just like in the old days. These are by far the safest 'phones to use if you wish to transmit sensitive information of interest to governments or wealthy corporations. Modern Spyware simply isn't designed to deal with them.
After all, so what if government is watching your emails and WhatsApp messages? Does it really matter? Do you really think anyone is actually reading it? And if they are, then are they anything other than incredibly bored by all the things you are writing?
The conclusion of this article is that there isn't a lot in it. If you really want to use mobile devices to transmit sensitive material, use Dumbphones. No other method is reliably safe. But don't be paranoid either. Unless you are a truly unusual person, nothing you say is really of interest to anyone else except person receiving it - and perhaps not even them!
There is a great deal of debate about Chinese-made 'phones, Huawei and Xiaomi. Ignore these debates. The methods the PRC government uses to break into mobile 'phones are precisely the same as those used by Western Governments. Chinese Android 'phones are no more or less secure than any other Android 'phones. Chinese 'phones are often extremely good value for money. The Chinese government is more interested in spying on its own citizens than on foreigners. One's choice of Android 'phone is mostly a matter of personal preference.
Some people assert that Blackberries are more secure than other 'phones; but this is mostly a myth. Modern Blackberries are Android 'phones. They typically come pre-installed with DTEK, an excellent piece of security software; but this can be downloaded onto any Android 'phone. It checks unusual uses of the 'phone's features, to scour evidence for Spyware. It is a good piece of software but far from infallible. In any event every security-consciuous user of an Android 'phone should install it.
Older mobile 'phones are generally more secure than new ones. This might sound perverse; but it derives from the fact that remote hacking of mobile 'phones is a fast-moving affair, and all the latest hacking techniques are aimed at compromising the latest patches. In an ideal world, you use BlackBerry's old Q10 Operating System. That is so old that nobody develops hacks for that and they haven't even tried for years. Alas, buying a 'phone with that Operating System installed is unlikely to serve the needs of a contemporary mobile 'phone user; the 'phone has insufficient hardware or software capacity.
Don't waste your time on special mobile 'phones that promise increased security protection at an increased price. Choose the mobile 'phone you find most convenient, and minimise the number of Apps you download onto it. For the vast majority of us, there in't a lot of difference between them.