×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Ask Slashdot: Most Secure Mobile OS?

timothy posted about 2 years ago | from the much-more-secure-before-out-of-the-box dept.

Android 291

Lexta writes "So I'm contemplating my next smartphone purchase, and I've been a little put off by all of the security exploits posted on Slashdot over the last few months, particularly for Android. So, what's the most secure stock standard (not jailbroken) mobile OS?"

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

291 comments

The Most Secure Mobile OS (3, Informative)

MasterMan (2603851) | about 2 years ago | (#39486331)

Both Android and iOS have been plagued with exploits. Android has tons of trojans, while iOS has remote exploits (most of those iPhone jail breaking methods are based on remote root exploits). The only current smartphone OS that is safe against exploits and vulnerabilities is Windows Phone 7. Microsoft has really improved their security within the last 5 years - even on the desktop Windows most exploits are against third party apps like Flash or Java, not Windows itself.

So, if you want to get a smartphone that is safe against exploits and malware, Windows Phone 7 is your only answer. I would suggest some of the Nokia phones - people have been really happy with them.

Re:The Most Secure Mobile OS (3, Insightful)

mhh91 (1784516) | about 2 years ago | (#39486393)

You'll be sacrificing the availability of tons of apps if you go with WP7 though.

Re:The Most Secure Mobile OS (5, Interesting)

W2k (540424) | about 2 years ago | (#39486817)

Not really true anymore. I've had a Lumia 800 since november and the only two things I'm really missing now is a native app for Google+ (though the mobile web version works fine) and something that can talk to the OBD2 Bluetooth dongle I have for my car. Not exactly your Angry Birds of smartphone apps. Also, a lot of the WP7 apps feel more polished than their Android versions. The Facebook app for instance.

Re:The Most Secure Mobile OS (1, Troll)

Higgins_Boson (2569429) | about 2 years ago | (#39487033)

The Facebook app on windows mobile is awful. Not sure how you can say it feels more polished. Hell, if it IS more polished, it must have been polished with a used sanitary napkin and some diarrhea, because I am not seeing this glowing bastion of Facebook goodness you seem to see. On my windows phone.

Re:The Most Secure Mobile OS (2)

rwven (663186) | about 2 years ago | (#39487317)

Do you have the latest version? I've got it and it's not bad at all. The interface is great. The only complaint is the confusing lack of any kind of push notifications...

Re:The Most Secure Mobile OS (3, Informative)

AliasMarlowe (1042386) | about 2 years ago | (#39487079)

I've had a Lumia 800 since november and the only two things I'm really missing now is a native app for Google+ (though the mobile web version works fine) and something that can talk to the OBD2 Bluetooth dongle I have for my car.

If you want a secure phone and want it to be from Nokia, then try the Nokia N9 [nokia.com]. It's a charm, in countries where it's available [wikimedia.org] (yes for Australia, Finland, Italy, Sweden, etc. but not for USA, UK, Canada, Germany, Japan, etc.).

Re:The Most Secure Mobile OS (2)

rwven (663186) | about 2 years ago | (#39487347)

It's still kinda true... The WP7 versions of apps are mostly inferior to their iOS/Android alternatives. There are also several key apps still missing that have some poor quality third party alternatives... (Pandora, Linkedin, I'm looking at you.)

Re:The Most Secure Mobile OS (3, Insightful)

Anonymous Coward | about 2 years ago | (#39486433)

This is true for the same reasons that a decade ago Mac OSX was considered more secure than Windows. Its a function of install base. As soon as Windows Phone has 100's of million of users exploits will be published.

Re:The Most Secure Mobile OS (5, Insightful)

MasterMan (2603851) | about 2 years ago | (#39486475)

This is true for the same reasons that a decade ago Mac OSX was considered more secure than Windows. Its a function of install base. As soon as Windows Phone has 100's of million of users exploits will be published.

You mean Linux itself isn't better security wise either, it's just that the (desktop) market share is so low?

Re:The Most Secure Mobile OS (1)

lennier1 (264730) | about 2 years ago | (#39486591)

Most stuff is somewhat safer due to its origins and decisions shaped by those origins, but it's certainly not 100% safe either.

Re:The Most Secure Mobile OS (1, Offtopic)

errandum (2014454) | about 2 years ago | (#39486601)

No, what he means is that it hasn't been put to the test yet. The argument "there are no exploits yet so it is more secure" is a flawed one because it doesn't look at the big picture. Macs also claimed they were more secure than PC's - they weren't. Windows architecture is actually more secure than the macs.

Re:The Most Secure Mobile OS (0, Troll)

Anonymous Coward | about 2 years ago | (#39486749)

Windows architecture is actually more secure than the macs.

Source of this information, or simply propaganda?

Re:The Most Secure Mobile OS (-1)

Anonymous Coward | about 2 years ago | (#39487251)

Says the millions of corporations who's IT departments would be running around amok if there were security breaches all over the place. With Windows' Group Policies, UAC, etc, there's a hundred things that could stop you from shooting yourself in the foot.

The only reason why any other OS is creeping in there is because of fanboys who insist on certain other brands.

Re:The Most Secure Mobile OS (2)

airdweller (1816958) | about 2 years ago | (#39487223)

"Windows architecture is actually more secure than the macs."
Seriously?

No, seriously?!

Re:The Most Secure Mobile OS (4, Funny)

ColdWetDog (752185) | about 2 years ago | (#39487267)

Certainly. Would you want a building made out of windows, or one made out of hamburgers?

Come on, this is easy!

Re:The Most Secure Mobile OS (2, Insightful)

oakgrove (845019) | about 2 years ago | (#39486629)

You mean Linux itself isn't better security wise either, it's just that the (desktop) market share is so low?

Linux has a total install base in the hundreds of millions on various types of computers from embedded to smartphones to desktops to servers to supercomputers. Saying it has a "small" market share is extremely disingenuous.

Re:The Most Secure Mobile OS (4, Informative)

PhilHibbs (4537) | about 2 years ago | (#39486691)

But for hacker targets, particularly phishing or personal data theft which the submitter is probably concerned about, desktop market share is the important metric.

Re:The Most Secure Mobile OS (1)

oakgrove (845019) | about 2 years ago | (#39486723)

I assumed it was obvious that I wasn't responding to the submitter. If I had been I would have suggested a Blackberry if security is the overriding concern.

Re:The Most Secure Mobile OS (2)

Bert64 (520050) | about 2 years ago | (#39486631)

Linux desktop market share is tiny, but Linux market share as a whole (embedded, supercomputers, servers, phones etc) is pretty high.

Servers and supercomputers especially are high value targets, very attractive for hackers so there is considerable effort made to find vulnerabilities in linux. A 24/7 server on a high speed (full duplex) connection is far more useful for a hacker than a desktop connected to a typical end user connection with limited upstream bandwidth.

Windows phone 7 only exists in one market, and its share of that is miniscule.

Re:The Most Secure Mobile OS (1)

MasterMan (2603851) | about 2 years ago | (#39486803)

It's the dancing pigs problem. Most Linux users know what they are doing and don't run random executables off the internet. If Linux had the same market share, it would have the same problems as Windows. Just look at what has recently happened with Mac OS X - as the market share increased, it started getting trojans too. True exploits against OS are rare now a days. The most exploited factor is between the screen and chair.

And no, repositories on Linux wouldn't solve this problem. If Linux had the market share, there would need to be a way to install programs and games from other than the distro repos. Such system works fine for servers and small amount of geeks who use Linux on desktop, but on large scale it doesn't work. Even most FOSS people are actually against this model - just look at the "walled garden" comments against iOS and WP7 on Slashdot.

Re:The Most Secure Mobile OS (2)

oakgrove (845019) | about 2 years ago | (#39487115)

True exploits against OS are rare now a days.

This isn't true at all. It's just that there are so many more exploits via trojans OS exploits aren't getting as much press. But that doesn't mean that new ones aren't discovered everyday because they are.

And no, repositories on Linux wouldn't solve this problem. If Linux had the market share, there would need to be a way to install programs and games from other than the distro repos. Such system works fine for servers and small amount of geeks who use Linux on desktop, but on large scale it doesn't work. Even most FOSS people are actually against this model - just look at the "walled garden" comments against iOS and WP7 on Slashdot.

This is pure unsubstantiated sophistry [wikipedia.org].

Re:The Most Secure Mobile OS (1)

amRadioHed (463061) | about 2 years ago | (#39487295)

Servers and supercomputers especially are high value targets, very attractive for hackers so there is considerable effort made to find vulnerabilities in linux. A 24/7 server on a high speed (full duplex) connection is far more useful for a hacker than a desktop connected to a typical end user connection with limited upstream bandwidth.

Certainly it's true that a high performance server is more useful then a desktop system, but is it more useful then a botnet of thousands of desktop machines? The desktop eco-system contains so much low-lying fruit it seems unlikely faster, but more secure and better maintained servers would ever be worth the effort.

Re:The Most Secure Mobile OS (2)

cpu6502 (1960974) | about 2 years ago | (#39486649)

Good question. Isn't Android a linux OS? Why does it have exploits then? (puzzled).

Well nobody's hacked my phone because my phone is dumb. It makes calls & accepts texts, and that's about it. It's a Nokia "Shorty OS"

Re:The Most Secure Mobile OS (2)

oakgrove (845019) | about 2 years ago | (#39486687)

How many unpatched remote exploits exist for Android vs the competition? When you have physical access to the device all bets are off no matter what OS is on it.

Re:The Most Secure Mobile OS (5, Informative)

PhilHibbs (4537) | about 2 years ago | (#39486731)

Android may use the Linux kernel, but it isn't kernel exploits that are the main concern, it's app API exploits.

Re:The Most Secure Mobile OS (-1, Flamebait)

LordLimecat (1103839) | about 2 years ago | (#39487065)

Linux can be remarkably secure, but your standard desktop install probably lags behind Windows in security. Go and stack up the security features built into Mint or Fedora, and then compare with WIndows 7 x64, and it doesnt look as onesided as you might think.

Re:The Most Secure Mobile OS (1)

oakgrove (845019) | about 2 years ago | (#39487305)

That has more to do with the fact that Linux isn't targeted with malware like Windows is. If that situation changes you can expect things like AppArmor and SELinux to be made default about 5 minutes later. The technology to make Linux extremely secure is built in it's just a matter of the situation warranting people bothering to flick the switch and so far it hasn't been necessary.

Re:The Most Secure Mobile OS (0)

darkpixel2k (623900) | about 2 years ago | (#39486551)

This is true for the same reasons that a decade ago Mac OSX was considered more secure than Windows. Its a function of install base. As soon as Windows Phone has 100's of million of users exploits will be published.

No, this is true for the same reason that NT 4 was considered 'secure' almost two decades ago--it was only secure when no network cable was plugged in to the machine.

Your Windows phone will be similarly secure as long as you a) don't have non-Microsoft apps installed, b) you are out of range of any and all radio emissions, and c) the battery has been removed from the device.

Re:The Most Secure Mobile OS (3, Insightful)

IamTheRealMike (537420) | about 2 years ago | (#39486477)

A lot of the Android "trojans" are little more than apps which declare what they'll do up front and then do them. I'm not sure that counts as exploits.

Re:The Most Secure Mobile OS (4, Interesting)

geminidomino (614729) | about 2 years ago | (#39487131)

Most of the malware I've seen on my android phone is in the form of apps that leak my phone ID and phone number (apparently only vaguely alluded to in the 'Phone Calls' permission as 'identity').

What REALLY pisses me off is that not only does app I paid for do this, but it somehow self-cripples if I fix it with Privacy Blocker, and the devs had the brass to say in the comments that it doesn't do it.

The app in question is EzPDF, btw. Since my only recourse is to leave them a crap rating and look for a new PDF reader, I'm doing that, but it still pisses me off, especially since I was recommending it for awhile.

Re:The Most Secure Mobile OS (1)

SiChemist (575005) | about 2 years ago | (#39487143)

Came here to say this. You can't prevent dumb people from installing malware voluntarily no matter what the OS. When install tells you exactly what the software can do, it's ridiculous to blame the OS for what the software then does.

Re:The Most Secure Mobile OS (1, Informative)

DJRumpy (1345787) | about 2 years ago | (#39487349)

Most trojans don't state "I'm asking for access to your contacts so I can sell your address to Russian spammers". They ask if they can 'access you contacts".

Claiming the malware affecting Android somehow warns people up front as to exactly what it's going to do is disingeneous. It warns what areas it will access, but not what the intent is, and for a non-technical person, that equates to rather pointless information.

Re:The Most Secure Mobile OS (2)

Bert64 (520050) | about 2 years ago | (#39486485)

Don't MS often complain that windows is only perceived as insecure because its ubiquitous and therefore commonly targeted, and that other systems only appear more secure because noone bothers to target a small marketshare...

Surely then, the same applies to windows phone, it has a tiny marketshare and therefore very few people are interested in attacking it.

Also worth noting, windows phone has a tiny market share period... Linux only has a tiny share on the desktop, its big in servers, supercomputers, embedded etc.

The windows phone kernel is based on windows ce, which is inherently a single user os, im fairly sure that once you get down to it, the system is considerably less secure than android or ios, both of which are based on tried and tested multiuser kernels.

Re:The Most Secure Mobile OS (2)

Reapman (740286) | about 2 years ago | (#39486505)

To be honest, the reason I feel that you see less exploits for Win7 Phones over iOS or Android is it's newer and has a MUCH smaller user base. Security through Obscurity. Assuming Win7 EVER breaks through, I expect to see more and more exploits / security issues for it as well.

Want a secure Mobile OS? Start with the user. Don't install a ton of apps, verify the permissions (if viewable) it is requesting is in line with what the app actually does (sending text is fine if it's a texting app, not so fine if it's some Wallpaper app, ugh), and go from there.

Look into those phones that run 2 OS's - one for "Work" (or Secure) and one for "Home" (or Play).

BTW - I've ran Palm, iOS and Android phones, never had an exploit on either. In both cases I chalk that up to luck and not being an idiot with installing stuff.

Re:The Most Secure Mobile OS (3, Interesting)

errandum (2014454) | about 2 years ago | (#39486537)

Your argument is flawed for the same reason that people say macs are more secure than pc's.

Just because something is not popular enough to attract attention (and btw, it was rooted not long after it was released, which in turn prompted microsoft to offer a legit way to do it), doesn't mean it is more secure.

Android and iOS are victims to their popularity. On the other hand, BB handsets are, by design, extremely secure. Weird that you did not mention that.

Re:The Most Secure Mobile OS (2)

oakgrove (845019) | about 2 years ago | (#39486541)

So, if you want to get a smartphone that is safe against exploits and malware, Windows Phone 7 is your only answer.

On the contrary, wp7 lack of exploits probably has more to do with its lack of market penetration than anything else. I would go with Blackberry if security was my main criteria as it has sizable share and has been on the market long enough and in enough users hands to prove itself.

Re:The Most Secure Mobile OS (1)

Sir_Sri (199544) | about 2 years ago | (#39486547)

If you're talking purely from a security perspective then you can't count RIM out of the picture either. The blackberry ecosystem is pretty robust at the consumer and business level as well.

AFAIK though, the only NSA certed phones for 'top secret' communications are stuff by general dynamics, ratheon and lockheed and you're looking 3k for that kinda phone, assuming you can even get one as a civi. I know there's a sepctra phone that runs an old windows phone software version, but I don't know if they have a new version.

In general dynamics parlance these are (SCIP)-compliant devices (that's for secure communications interoperability protocol).

Re:The Most Secure Mobile OS (2, Insightful)

Anonymous Coward | about 2 years ago | (#39486797)

"Both Android and iOS have been plagued with exploits."

no, just the first mobile os you mention IS PLAGUED by exploits, while the second one NEVER WAS. the few exploits that have been found in ios (very, very small number) has been used to jailbreak ios only. there is currently not a single piece of malware that affects the non-jailbroken ios. and yes, everyone knows why this is the case, everyone knows the "freedom vs walled garden" arguments, but it doesn't change the reality of the situation.

Re:The Most Secure Mobile OS (3, Informative)

icebike (68054) | about 2 years ago | (#39486801)

Android has tons of trojans, while iOS has remote exploits (most of those iPhone jail breaking methods are based on remote root exploits).

Wrong on both counts.

IOS jailbreaks are based on LOCAL root exploits. You have to have it in hand to jailbreak it. There is no drive-by jailbreak available.

Android Trojans might be found in dodgy third party app sites, but are quickly squashed in the Android Market (now called Google Play after one of the dumbest re-names in memory). Each Android app specifically tells you what permissions (data access, phone functions) it wants to use before it installs.

(There are rumors that development is already underway to block apps from using certain permissions even if they do declare them, offering users a finer grained control.).

If you want to be safe, you install only from Itunes, Android Market, Amazon Market, and a couple of other well trusted app market places. There is never a need for a newbie to run off and install from some web site, or root their phone.

As for Windows Phone, who knows, because it simply is too small to attract any significant attention at this point. Given Microsoft's history of OS vulnerabilities you have to be a true believer to assume their new found religion of security is believable.

Re:The Most Secure Mobile OS (3, Informative)

MasterMan (2603851) | about 2 years ago | (#39486989)

IOS jailbreaks are based on LOCAL root exploits. You have to have it in hand to jailbreak it. There is no drive-by jailbreak available.

For years all that was needed to jailbreak iOS was just visiting a website. Those websites remotely exploited Safari and iOS to gain root access and jailbreak the phone. The same exploits work for malware too.

Re:The Most Secure Mobile OS (2)

dc29A (636871) | about 2 years ago | (#39487095)

Wrong on both counts.

IOS jailbreaks are based on LOCAL root exploits. You have to have it in hand to jailbreak it. There is no drive-by jailbreak available.

ORLY? [jailbreakme.com] The most popular jailbreak exploits were simply something like downloading a malformed PDF file. That is something that can be easily converted into 'drive by'.

Re:The Most Secure Mobile OS (1)

rjgii (1176021) | about 2 years ago | (#39487287)

(There are rumors that development is already underway to block apps from using certain permissions even if they do declare them, offering users a finer grained control.).

CyanogenMod [cyanogenmod.com] has this.

Re:The Most Secure Mobile OS (5, Informative)

carlhaagen (1021273) | about 2 years ago | (#39486849)

"Both Android and iOS have been plagued with exploits"
"The only current smartphone OS that is safe against exploits and vulnerabilities is Windows Phone 7"
"even on the desktop Windows most exploits are against third party apps like Flash or Java, not Windows itself"
"if you want to get a smartphone that is safe against exploits and malware, Windows Phone 7 is your only answer"

You have absolutely no idea what you're writing, do you? I'm amazed this got upvoted 5 points and labelled Informative.

Re:The Most Secure Mobile OS (3, Informative)

Anonymous Coward | about 2 years ago | (#39487021)

You have absolutely no idea what you're writing, do you? I'm amazed this got upvoted 5 points and labelled Informative.

You're amazed that a first post paste job praising MS and disparaging their competitors got modded to +5 almost immediately on Slashdot? You haven't been paying attention [waggeneredstrom.com].

Re:The Most Secure Mobile OS (1)

bgman (1059448) | about 2 years ago | (#39486909)

At first I thought this was intended to be funny. For years I've been reading the comment that the reason linux is more secure than windows is due to market share. Malware is directed to the dominant operating systems. If linux had the market share that windows has, then linux would have just a many viruses. What kind of market share does windows phone have? While I only know 2 people with windows phones, neither is happy. Buggy and no apps is the only way to describe their experience. The whole idea of someone describing software from microsoft as "safe against exploits and malware" is ludicrous. Microsoft does a lot of things really well - unfortunately, none of them are writing safe and secure software.

Re:The Most Secure Mobile OS (0)

Anonymous Coward | about 2 years ago | (#39486915)

Love my Windows Phone! (HTC Arrive)

Re:The Most Secure Mobile OS (1)

Patch86 (1465427) | about 2 years ago | (#39487007)

Are we not playing "security by obscurity" again? The old argument was that Macs were immune to viruses- when in actuallity it was just that teh Mac marke tshare was too small to attract a healthy ecosystem of malware. As the market share grew, so did the number of exploits.

With Windows Phone 7 market share still in the low single digits, it's no surprise that malware isn't prevalent. If the market share ever increases, you'd expect malware to increase too.

Note that I'm not claiming that the security in WP7 is any better or any worse than Android or iOS- for all I know you're right, and WP7 is amazing. All I'm saying is that counting exploits isn't a decent measure on its own.

-1 Flamebait (1, Insightful)

Anonymous Coward | about 2 years ago | (#39486351)

We need a way to moderate articles.

Pen and paper (1, Offtopic)

JoeMerchant (803320) | about 2 years ago | (#39486363)

Thousands of years and it's never been broken.

Re:Pen and paper (2)

phayes (202222) | about 2 years ago | (#39486511)

Thanks for the LOL, only someone completely ignorant of the history of cryptology could state that pen/paper have never been broken.

Re:Pen and paper (1)

JoeMerchant (803320) | about 2 years ago | (#39486845)

Obviously intended as a joke, I suppose I should say "never been broken by remote exploit."

Also, to the Offtopic mods - I challenge anyone to find a more meaningful reply to the stated question (which I would liken to: Which Pickup truck is more dependable, Ford, Chevy or Dodge?)

Re:Pen and paper (0)

Anonymous Coward | about 2 years ago | (#39486641)

Could it be? No. Maybe! Perhaps.. YES!

I present to you ^:

THE DUMBEST COMMENT EVER POSTED ON SLASHDOT!

I knew this day would come, rejoice my fellow citizens!

BB (5, Interesting)

errandum (2014454) | about 2 years ago | (#39486391)

RIM's OS, especially due to the way they handle communications, is by far (as far as I know) the most secure OS. And neither iOS nor Android look particularly secure to me, since every other week you see some news of them getting exploited.

Re:BB (0)

Anonymous Coward | about 2 years ago | (#39486651)

Given that governments have been threatening to ban Blackberries from their countries, if RIM doesn't loosen security, I would agree with this.

Re:BB (2)

gl4ss (559668) | about 2 years ago | (#39486681)

"due to the way they handle communications"? you mean by a central failpoint and by bb owned servers to which they will gladly give the keys for any government?

if the dude wants a smartphone with security and choice.. go symbian, bitch to do things even if you want to, very few rom versions with jailbreaks(equivalent). or windows phone. or just some bog standard j2me phone. they'd fit the smartphone standard of couple of years ago. they fit the "smartphone" description just as well as windows phone actually and there's not much to root(there is of course and there are some exploits for some j2me phones which let you execute code out of the vm, but that's very, very exotic and very few models with anything published and generally not worth it for blanket approach hackers).

the android "exploits" are mostly local access though, or installing things you give permission to do things. if you go custom rom you can turn capabilities on/off for a program, which is useful if you intend to use that smartphone for something still. mobile webkit and mobile safari don't look particularly secure though(especially mobile safari).

Re:BB (1)

errandum (2014454) | about 2 years ago | (#39487063)

Yes. They do secure, as you said, RIM gives the keys to governments. I don't consider that insecurity, but compliance with laws of a certain place. If you steal a BB phone you'll have a hard time getting what's in there if you're not a government. The only reason I wouldn't recommend BB is if you're a terrorist. You might get nailed by your phone then.

On the other hand, you might argue that having a single point of failure is a bad architecture. But it is not insecure, just dumb.

And depending on model, Android exploits can be more than that. Just look at the way some phones get rooted (some exploits don't even require a PC). And you forget that Android phones either don't get security fixes past a certain point or most handset makers take months to release new OS versions. Android has a lot of malicious apps but in terms of security, some phones, are extremely low. On the other hand, you can build a secure android device - but it'd still fail in the communication department unless you implement a RIM like VPN architecture.

Re:BB (2)

MyFirstNameIsPaul (1552283) | about 2 years ago | (#39487117)

RIM doesn't give out the keys, they give out the message, so if large governments like the Indian government are unable to crack the messages, then it's unlikely thieves are able to crack them.

Re:BB (1)

Bert64 (520050) | about 2 years ago | (#39486693)

Have a read of what was said at last year (or was it the year before) pwn2own contest, A guy there successfully compromised the blackberry handset and concluded that its mostly security through obscurity, where the perceived security of blackberry handsets is based on the fact that very few people have taken the time to investigate and understand the system in depth.

Re:BB (1)

errandum (2014454) | about 2 years ago | (#39487121)

Never said it was 100% secure, but the only way to break the encryption without loosing all data (from what I gather) was targeted at the backups and not the phone themselves. If you steal a phone, I don't think you can break it without the government codes.

Re:BB (1)

na1led (1030470) | about 2 years ago | (#39487247)

What good is security without reliability. RIM has so many issues, not the least of which is their failing infrastructure, and poor support.

iOS has yet to be hacked in the wild... (0, Informative)

Anonymous Coward | about 2 years ago | (#39486437)

iOS has yet to have a breach in the wild. There is the PDF exploit in the past, but that has yet to be used for anything other than a jailbreak, and that is long since fixed.

There has yet to be a single compromise of an iPhone in the wild. Labs, yes. However, Joe Schmo with his 4S has nothing to worry about whatsoever.

Contrast that to Android where two taps can turn one's phone into a spam machine, not to mention slurp up every single byte and hand it to an overseas organization.

Re:iOS has yet to be hacked in the wild... (1)

Pewpdaddy (1364159) | about 2 years ago | (#39486847)

Pass that this way.... Bah nevermind..... In other news my Mac is bullet proof!! /sarcasm off .. Every OS is penetrable, hell even the flying drones are getting viruses. As an aside, every smartphone on the market is tracking what you do and who you talk to, and blah blah blah no matter what OS it runs. Google's is by far the worst, but your beloved iPhone is doing the same thing. http://www.zdnet.com/blog/security/us-government-pays-250000-for-ios-exploit/11044 [zdnet.com]

Re:iOS has yet to be hacked in the wild... (1)

Gaygirlie (1657131) | about 2 years ago | (#39486895)

Contrast that to Android where two taps can turn one's phone into a spam machine, not to mention slurp up every single byte and hand it to an overseas organization.

I know this is a flamebait, I just wish to point out that the actual truth is far from what the AC here tries to portray; the most common method for Android phones to misbehave and people getting large bills is through the 'free' applications and games available on Android Market that send SMS-messages to premium numbers behind the user's back or similar stuff. That is no inherent fault of the Android OS itself, it's about how shoddy job Google does in regards with keeping the Android Market safe and clean. The remedy is simple though: don't install everything that is 'free', read a few reviews first, and check if there is something weird about the permissions that the application/game requests; there was for example a live wallpaper there just a while ago that requested the permission to open data connections, send SMS messages, read/write browser history and contacts list.. Obviously when a god damn wallpaper asks for such permissions there is something screwy going on.

That said, Google *really* must step up the game and do something. This kind of stuff is ridiculous.

Re:iOS has yet to be hacked in the wild... (1)

shutdown -p now (807394) | about 2 years ago | (#39487375)

iOS has yet to have a breach in the wild. There is the PDF exploit in the past, but that has yet to be used for anything other than a jailbreak

Oh, so it's merely a remote arbitrary code execution exploit? and it was actually used "in the wild"?

By the way, how do you know that it was never used for anything other than a jailbreak? Supposing someone would have used it to write an iOS exploit; how would the user of the infected phone know?

Meego Harmattan (0)

Anonymous Coward | about 2 years ago | (#39486445)

Give it a try. Developer friendly, fast, the UI experience is really nice and, most important, not made by the Google creeps!

--
mchurch

Re:Meego Harmattan (1)

Gaygirlie (1657131) | about 2 years ago | (#39486707)

I kind of have to agree with the Anonymous Commenter here; MeeGo is extremely fast, stable and easy to use, and so far everyone I know who has tried it has praised it. It also seems to have quite extensive security features. The issues are obviously that there's not as many applications available for it, none of the popular mobile games and so on, but that also is yet another layer of security too; it's simply too obscure an OS for it to be a lucrative target for hackers. You *CAN* install Android ICS on it, too, and dual-boot between Meego and ICS if you need something that Android has and Meego doesn't.

The thing is that you have to find somewhere to buy a Nokia N9, and they're not terribly easy to come by these days. But if you're looking for secure yet easy-to-use OS I'd say it's worth it.

Disclaimer: I do not own an N9 nor do I own any other device that runs Meego, so I cannot help with any specifics.

By the way things look now... (0)

Anonymous Coward | about 2 years ago | (#39486451)

You only have two choices if you want a decent software selection for your smartphone (which is crucial, I'd say): iOS and Android. Of these two, iOS has to be named the more secure one by just looking at the amount of malware buzzing around Android.

Was already covered (1)

Anonymous Coward | about 2 years ago | (#39486467)

http://www.schneier.com/blog/archives/2012/03/nsas_secure_and.html

Security is something that people who need or want it, will have to pay for.

Most people do not care.

Blackberry (0)

Anonymous Coward | about 2 years ago | (#39486479)

I understand if that's not really on the table for you, but it is the most secure.

Blackberry OS (0)

Anonymous Coward | about 2 years ago | (#39486495)

RIM has concentrated on security for quite a while. Their tablet OS and next generation Blackberry will use QNX, which is a long running embedded OS.

Too bad their security doesn't have as popular an app store...

Symbian? (3, Insightful)

RyuuzakiTetsuya (195424) | about 2 years ago | (#39486553)

Normally I'd otherwise shit all over symbian, but, why not Symbian? Years on the market, it should've been proven one way or the other by now.

Also, what level of paranoia are we talking? State or industry secrets? Personal paranoia?

BB OS7.1 (2)

bbhorrigan (1593919) | about 2 years ago | (#39486563)

The BlackBerry J2ME OS is by far the most secure OS out right now in terms of e-mail, for the simple fact that it tunnels corporate e-mail through its NOC and that is encrypted with triple DES the entire way. As far as handhelds go, I see about 1000 BlackBerry's a week in the course of work, and I've never seen a BlackBerry virus. Although doing some hardening testing with Windows Phone 7, I can say I am generally very impressed with it as well as the active-sync client.

Mutually exclusive (4, Interesting)

rtkluttz (244325) | about 2 years ago | (#39486567)

If it is not jailbroken it is DEFINITELY not secure. With carrier spyware and apps that are not under your control, the first step to security is making it YOURS and yours alone.

Once you are to that point, then you can BEGIN evaluating the core OS for security.

Whats your threat model? (4, Insightful)

nweaver (113078) | about 2 years ago | (#39486593)

What is your threat model? Do you use it for websurfing? Download lots of kewl apps? For the latter, from which app store?

I suspect that iOS is a bit more vulnerable on the web browser side, as android has a fair bit better sandboxing which means an exploit of the browser takes more work to fully p0wn the phone, while in iOS-land, 'p0wn the brower == p0wn the phone'

But OTOH, Apple is a much better curator: with only the official App store, and with bad-actor app-developers and apps a rarity, the Apple App Store is very safe.

Android? Not so much. Even the official Google store seems to rely too much on the Android sandboxing to keep users safe (when users just say 'ok' to anything needing scary permissions), and other App Stores are a vile abomination.

Finally, anything that doesn't say "Nexus" on it should be considered end-of-lifed before you buy it. Apple patches things for a long time, so old vulnerabilites shouldn't worry their user base. But Android phones, since they are pretty much EOL'ed right from the start, often never receive critical browser and related security patches, security patches which, due to the open nature, can pretty much be reverse engineered by a competent exploit developer.

So, my ranking: Nexus Phone > (slightly) iPhone >>> generic "Android" phone

Maemo / meego (1)

Anonymous Coward | about 2 years ago | (#39486599)

Since they're true GNU/Linux platform...

The Only Way To Win (-1)

Anonymous Coward | about 2 years ago | (#39486621)

Is Not To Play

None. (1)

Anonymous Coward | about 2 years ago | (#39486685)

There is no such thing as a secure mobile OS. They are all broken six ways from Sunday.

Security is a pattern of behavior as much as anything else. If you're serious about security and you need to use your phone for work, you need to use your phone only for work - never connect it to anything else, download any applications, visit any websites, etc.

If all you want is the ability to visit random websites and download random apps or games, do those things and don't use your phone to store or input sensitive information (e.g. logging into an online banking website or the email account you use for banking, storing passwords, etc.)

Why not WebOS? (1)

WarpMeister (2604735) | about 2 years ago | (#39486695)

I mean, nobody here believes in security-through-obscurity any more do we? Windows phone and Blackbery, are perceived as secure, and are certainly security audited by their vendors. However, WebOS could actually be a lot less code to go through, and thus easier to audit than Android. Android has the disadvantage of being a target of opportunity, due to its commercial success. WebOS is basically dead, and there is no currently shipping hardware that is likely to keep shipping much longer, and no new devices planned. It's... a security-lovers dream platform. (Sarcasm only slightly intentional here.) Warren

Re:Why not WebOS? (0)

Anonymous Coward | about 2 years ago | (#39487049)

My main security concern with WebOS is that some remote code might be able to enter the Konami Code. Game over right there if it can.

A Brick (-1)

Anonymous Coward | about 2 years ago | (#39486729)

No, really. An actual honest to goodness brick. No hacking into one of those babies!

Series 40 (1)

lobiusmoop (305328) | about 2 years ago | (#39486759)

If you're really that bothered, maybe go for a phone that does phone calls, texting and some light web browsing with very little scope for crapware to get on board?

Least used (0)

Anonymous Coward | about 2 years ago | (#39486781)

When it comes to OS, least used is always most secure

No answer for you (0)

Anonymous Coward | about 2 years ago | (#39486813)

This is a loaded question. The "least" secure OS is the one that everyone has because it's the best target. Not because of shoddy code, but because it's got the juiciest payoff for hackers. The most secure phone is, don't own a phone. If you insist on owning a phone, get one based on whether it meets your usage needs, and then deal with the security as it comes. A corporate-based phone (Blackberry) is going to make corporate security more of a priority than usability. A user-based phone (iPhone, Android) is going to make ease of use a higher priority than iron-grip security.

Also remember you usually only hear about exploits *after they have been patched*. So if you're hearing more patches about Android, then that means only that - that it's getting patched more, not that it's less or more secure. Don't base how secure you think something is upon how often it's patched. That's a logical fallacy.

Re:No answer for you (4, Insightful)

narcc (412956) | about 2 years ago | (#39486925)

A corporate-based phone (Blackberry) is going to make corporate security more of a priority than usability

I haven't noticed any problems with usability. Quite the opposite, in fact.

Security doesn't "get in the way" at all on the platform.

Let history be your guide (4, Funny)

jamesl (106902) | about 2 years ago | (#39486837)

There was a time when the most secure (consumer) desktop OS was the Mac -- because there were so few in service that the bad guys spent all their time and effort on Windows. By that measure, the most secure mobile environment is Windows Phone 7.

Not vulnerable with a little bit of common sense (0)

Anonymous Coward | about 2 years ago | (#39486877)

The sentiment "all of the security exploits posted on Slashdot over the last few months" is moot. The fact of the matter is that no matter what device you use, you will be vulnerable to exploits. Ultimately, it boils down to how vigilant you are about updating, how often your phone's vendor provides updates, and how little or how much common sense you apply when using your phone.

Most android phones get one or two updates over the life of their phone. iPhones get updates as well, but I'm not certain of the frequency. Microsoft is probably the most vigilant about updating, just as they are about Windows on the PC, but again I don't have specific numbers, having been an Android user since my first smartphone.

That being said, applying a little common sense will go a long way, just as with your PC. Firstly, setup a screen lock password. Don't use a pin, don't use a pattern, use an actual password, and use one with numbers, symbols, and both upper and lower case letters. Secondly, only download from the authorized app store for whatever phone you get. Don't root/jailbreak/modify your phone to get access you don't need. Before downloading an app, wait a couple of days, or a week, if its a brand new app, to see if some news comes out about it being malicious. Do your homework on the app before downloading, check the permissions the app is requesting before downloading, and learn what the permissions it is asking for actually do when you grant that.

Lastly, if you're worried about security, it goes without saying to only browse sites that you know to be safe (slashdot, cnn, etc), don't use a search engine, and don't click links in emails, even from friends.

Arm yourself with knowledge, and you will be fine regardless of what platform you choose.

Side note: a lot of the exploits you read about here are exploits for users that want to root/jailbreak/modify their phone. This isn't malicious, it is the phone user applying an exploit to their own phone to get access to things the manufacturer locked them out of. I personally do this so that I can have more frequent updates of my Android phone. Since phone vendors don't seem to be concerned with providing updates, users take it upon themselves to turn the patches google provides into usable/flashable form, which in my opinion, makes your phone more secure.

Define Secure / The one not on the network (1)

galego (110613) | about 2 years ago | (#39487061)

People throw around the term 'secure' all the time ... what does that mean in this instance?

Does the OS keep apps away from data they shouldn't have access to? Does its browser have the best track-record on drive-by's etc.? Does it mean it has/hasn't been exploited in the wild or not (e.g. Safari is riddled with security problems, but how often is it pwned in the wild?)? Do you want to be able to click links wildly and not get infected (and unicorns and rainbows)? Good security policies and enforcement of them? Criteria for/review of apps in the mobile stores/markets?

So ... what does secure mean for you? Define that and then try ask slashdot again later.

Quickest Updates (1)

Flammon (4726) | about 2 years ago | (#39487069)

They're all pretty close in terms on security features so it comes down to the one that's updated the quickest.

Most secure is... (1)

Anonymous Coward | about 2 years ago | (#39487089)

SYMBIAN

BlackBerry (1)

Anonymous Coward | about 2 years ago | (#39487157)

The old Blackberry OS (up to the latest, 7.1 coming out soon) has yet to be rooted or exploited. And the PlayBook qnx OS (completely different from the BBOS) had that dingleberry exploit a few months ago, but it too has since been plugged.

exploits (1)

kirkb (158552) | about 2 years ago | (#39487263)

The number of exploits found in each mobile OS seem to be proportionate to that OS's market share. Note that found is the key word here. For the same reason that hackers prefer to find exploits for Windows instead of Mac, more holes are found and exploited in Android and iOS than in WP7 and Bada. It doesn't necessarily mean that WP7 and Bada have less holes, it's just that it's not (yet) worth anybody's effort to find them.

But if security really is the submitter's #1 factor for picking a smartphone (which seems a little far fetched), then I guess I'd recommend Bada. Good luck with that.

But TBH, I think the best way to stay safe regardless of which phone you own is to avoid dodgy apps and dodgy websites. Use common sense and you'll be fine with whatever phone you choose.

Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...