Ask Slashdot: Most Secure Mobile OS?

← Back to Stories (view on slashdot.org)

Ask Slashdot: Most Secure Mobile OS?

Posted by timothy on Tuesday March 27, 2012 @05:06AM from the much-more-secure-before-out-of-the-box dept.

Lexta writes "So I'm contemplating my next smartphone purchase, and I've been a little put off by all of the security exploits posted on Slashdot over the last few months, particularly for Android. So, what's the most secure stock standard (not jailbroken) mobile OS?"

29 of 291 comments (clear)

Min score:

Reason:

Sort:

The Most Secure Mobile OS by MasterMan · 2012-03-27 05:07 · Score: 3, Informative

Both Android and iOS have been plagued with exploits. Android has tons of trojans, while iOS has remote exploits (most of those iPhone jail breaking methods are based on remote root exploits). The only current smartphone OS that is safe against exploits and vulnerabilities is Windows Phone 7. Microsoft has really improved their security within the last 5 years - even on the desktop Windows most exploits are against third party apps like Flash or Java, not Windows itself.

So, if you want to get a smartphone that is safe against exploits and malware, Windows Phone 7 is your only answer. I would suggest some of the Nokia phones - people have been really happy with them.
1. Re:The Most Secure Mobile OS by mhh91 · 2012-03-27 05:11 · Score: 3, Insightful
  
  You'll be sacrificing the availability of tons of apps if you go with WP7 though.
2. Re:The Most Secure Mobile OS by Anonymous Coward · 2012-03-27 05:13 · Score: 3, Insightful
  
  This is true for the same reasons that a decade ago Mac OSX was considered more secure than Windows. Its a function of install base. As soon as Windows Phone has 100's of million of users exploits will be published.
3. Re:The Most Secure Mobile OS by MasterMan · 2012-03-27 05:14 · Score: 5, Insightful
  
  This is true for the same reasons that a decade ago Mac OSX was considered more secure than Windows. Its a function of install base. As soon as Windows Phone has 100's of million of users exploits will be published.
  You mean Linux itself isn't better security wise either, it's just that the (desktop) market share is so low?
4. Re:The Most Secure Mobile OS by IamTheRealMike · 2012-03-27 05:15 · Score: 3, Insightful
  
  A lot of the Android "trojans" are little more than apps which declare what they'll do up front and then do them. I'm not sure that counts as exploits.
5. Re:The Most Secure Mobile OS by errandum · 2012-03-27 05:17 · Score: 3, Interesting
  
  Your argument is flawed for the same reason that people say macs are more secure than pc's.
  Just because something is not popular enough to attract attention (and btw, it was rooted not long after it was released, which in turn prompted microsoft to offer a legit way to do it), doesn't mean it is more secure.
  Android and iOS are victims to their popularity. On the other hand, BB handsets are, by design, extremely secure. Weird that you did not mention that.
6. Re:The Most Secure Mobile OS by binarylarry · 2012-03-27 05:23 · Score: 4, Funny
  
  It's hard to exploit phones that are in shrink wrapped boxes on the store shelves.
  
  --
  Mod me down, my New Earth Global Warmingist friends!
7. Re:The Most Secure Mobile OS by PhilHibbs · 2012-03-27 05:25 · Score: 4, Informative
  
  But for hacker targets, particularly phishing or personal data theft which the submitter is probably concerned about, desktop market share is the important metric.
8. Re:The Most Secure Mobile OS by PhilHibbs · 2012-03-27 05:27 · Score: 5, Informative
  
  Android may use the Linux kernel, but it isn't kernel exploits that are the main concern, it's app API exploits.
9. Re:The Most Secure Mobile OS by icebike · 2012-03-27 05:30 · Score: 3, Informative
  
  Android has tons of trojans, while iOS has remote exploits (most of those iPhone jail breaking methods are based on remote root exploits).
  
  Wrong on both counts.
  IOS jailbreaks are based on LOCAL root exploits. You have to have it in hand to jailbreak it. There is no drive-by jailbreak available.
  Android Trojans might be found in dodgy third party app sites, but are quickly squashed in the Android Market (now called Google Play after one of the dumbest re-names in memory). Each Android app specifically tells you what permissions (data access, phone functions) it wants to use before it installs.
  (There are rumors that development is already underway to block apps from using certain permissions even if they do declare them, offering users a finer grained control.).
  If you want to be safe, you install only from Itunes, Android Market, Amazon Market, and a couple of other well trusted app market places. There is never a need for a newbie to run off and install from some web site, or root their phone.
  As for Windows Phone, who knows, because it simply is too small to attract any significant attention at this point. Given Microsoft's history of OS vulnerabilities you have to be a true believer to assume their new found religion of security is believable.
  
  --
  Sig Battery depleted. Reverting to safe mode.
10. Re:The Most Secure Mobile OS by W2k · 2012-03-27 05:30 · Score: 5, Interesting
  
  Not really true anymore. I've had a Lumia 800 since november and the only two things I'm really missing now is a native app for Google+ (though the mobile web version works fine) and something that can talk to the OBD2 Bluetooth dongle I have for my car. Not exactly your Angry Birds of smartphone apps. Also, a lot of the WP7 apps feel more polished than their Android versions. The Facebook app for instance.
  
  --
  Quality, performance, value; you get only two, and you don't always get to pick.
11. Re:The Most Secure Mobile OS by carlhaagen · 2012-03-27 05:31 · Score: 5, Informative
  
  "Both Android and iOS have been plagued with exploits"
  "The only current smartphone OS that is safe against exploits and vulnerabilities is Windows Phone 7"
  "even on the desktop Windows most exploits are against third party apps like Flash or Java, not Windows itself"
  "if you want to get a smartphone that is safe against exploits and malware, Windows Phone 7 is your only answer"
  
  You have absolutely no idea what you're writing, do you? I'm amazed this got upvoted 5 points and labelled Informative.
12. Re:The Most Secure Mobile OS by MasterMan · 2012-03-27 05:39 · Score: 3, Informative
  
  IOS jailbreaks are based on LOCAL root exploits. You have to have it in hand to jailbreak it. There is no drive-by jailbreak available.
  For years all that was needed to jailbreak iOS was just visiting a website. Those websites remotely exploited Safari and iOS to gain root access and jailbreak the phone. The same exploits work for malware too.
13. Re:The Most Secure Mobile OS by Anonymous Coward · 2012-03-27 05:40 · Score: 3, Informative
  
  You have absolutely no idea what you're writing, do you? I'm amazed this got upvoted 5 points and labelled Informative.
  You're amazed that a first post paste job praising MS and disparaging their competitors got modded to +5 almost immediately on Slashdot? You haven't been paying attention.
14. Re:The Most Secure Mobile OS by AliasMarlowe · 2012-03-27 05:44 · Score: 3, Informative
  
  I've had a Lumia 800 since november and the only two things I'm really missing now is a native app for Google+ (though the mobile web version works fine) and something that can talk to the OBD2 Bluetooth dongle I have for my car.
  If you want a secure phone and want it to be from Nokia, then try the Nokia N9. It's a charm, in countries where it's available (yes for Australia, Finland, Italy, Sweden, etc. but not for USA, UK, Canada, Germany, Japan, etc.).
  
  --
  Those who can make you believe absurdities can make you commit atrocities. - Voltaire
15. Re:The Most Secure Mobile OS by geminidomino · 2012-03-27 05:46 · Score: 4, Interesting
  
  Most of the malware I've seen on my android phone is in the form of apps that leak my phone ID and phone number (apparently only vaguely alluded to in the 'Phone Calls' permission as 'identity').
  What REALLY pisses me off is that not only does app I paid for do this, but it somehow self-cripples if I fix it with Privacy Blocker, and the devs had the brass to say in the comments that it doesn't do it.
  The app in question is EzPDF, btw. Since my only recourse is to leave them a crap rating and look for a new PDF reader, I'm doing that, but it still pisses me off, especially since I was recommending it for awhile.
16. Re:The Most Secure Mobile OS by ColdWetDog · 2012-03-27 05:54 · Score: 4, Funny
  
  Certainly. Would you want a building made out of windows, or one made out of hamburgers?
  Come on, this is easy!
  
  --
  Faster! Faster! Faster would be better!
17. Re:The Most Secure Mobile OS by Bert64 · 2012-03-27 08:27 · Score: 3, Interesting
  
  Default windows install still has ports 445, 135, 139 open by default (even if they encourage you to hide them behind a firewall - a kludge at best)...
  Default linux install has nothing open, you have to explicitly install SSH on most desktop oriented distros.
  Linux has a repository from which to install software, while windows encourages users to download and run arbitrary binaries.
  Windows has things like stack randomization and non executable pages, but so does linux and has done for much longer.
  Windows uses file extensions to identify file types, and hides them by default, making social engineering attacks more likely (nude_girl.jpg.exe !), on windows simply downloading a file which has a name ending in .exe makes it executable, whereas on linux you require an additional step.
  Windows has a lot of "security features", but a lot of them are pure theatre and do little or nothing to actually improve security...
  Take group policy "folder restrictions" for instance, designed to prevent you browsing certain areas of the filesystem (eg the windows dir, or the root of the hd), and sure enough if you type c:\ into explorer you will get an error... But what if you open a subdir (eg browse the temporary internet files dir using the option within the ie settings), and then keep hitting the up option... Also you can bypass these restrictions by using a program that doesn't use the standard explorer file selection dialogs (eg a command prompt)...
  Linux doesnt have "features" like these because they are pointless, if you want to prevent users from accessing a given area you need to use file permissions.
  There are plenty more examples like this, of "features" that look good on paper, but in reality provide no benefit and are easily circumvented anyway.
  Things like this generally exist for shallow reviews, and security certification checklists, where the presence of an explicit feature gives you a tick in the box and the certification/review is not in depth enough to verify it properly.
  
  --
  http://spamdecoy.net - free throwaway anonymous email - avoid spam!
18. Re:The Most Secure Mobile OS by rtfa-troll · 2012-03-27 10:46 · Score: 5, Interesting
  
  Although the number of iPhone apps is amazing, the limited number of apps is the least of Windows phone's problems. With both my Androids and N900 I got most of what I needed and I've always been able to show off to iPhone people if needed. It's worth reading between the lines of Andrew Orlowski's Lumia 700 review. Remember that he's a total Microsoft Fanboi but even so, he often makes pretty perceptive comments such as the ones about fonts. The key thing is to realise that Windows Phone is designed to look good in the shop, but hasn't actually been designed to work. The terrible battery life and design make a phone you can't actually use properly. Think of tiles for example; about 8-10 fit on a screen where normally you would have 20-25 icons. This is great for display and selling where almost no apps have been installed and you are just learning which are which. Five months down the line, when you have 150-200 apps, it suddenly doesn't seem like a good trade off.
  This general trade off of actual functionality for things which sell Microsoft products goes on through the design and brings us straight back to the topic; security. For example: your contacts in a Windows Phone are entirely stored on your online service, almost certainly Facebook unless you change it yourself. By design, there's no private place to store contacts you don't want shared. The first question with security is not "is this implementation done right". The real question is "who is this working for". This same user hostile attitude continues through the DRM implemenaton
  When Microsoft sets up something equivalent to the Data Liberation Front, then we will be able to talk about Windows Phone as a secure operating system. Not a day before.
  
  --
  =~ s,(.*),<sarcasm>$1</sarcasm>,g if any_point_you_wish();
BB by errandum · 2012-03-27 05:10 · Score: 5, Interesting

RIM's OS, especially due to the way they handle communications, is by far (as far as I know) the most secure OS. And neither iOS nor Android look particularly secure to me, since every other week you see some news of them getting exploited.
Re:-1 Flamebait by Bucky24 · 2012-03-27 05:11 · Score: 4, Informative

We need a way to moderate articles.
It's called the Firehose.

--
All the world's a CPU, and all the men and women merely AI agents
Symbian? by RyuuzakiTetsuya · 2012-03-27 05:18 · Score: 3, Insightful

Normally I'd otherwise shit all over symbian, but, why not Symbian? Years on the market, it should've been proven one way or the other by now.
Also, what level of paranoia are we talking? State or industry secrets? Personal paranoia?

--
Non impediti ratione cogitationus.
Mutually exclusive by rtkluttz · 2012-03-27 05:19 · Score: 4, Interesting

If it is not jailbroken it is DEFINITELY not secure. With carrier spyware and apps that are not under your control, the first step to security is making it YOURS and yours alone.
Once you are to that point, then you can BEGIN evaluating the core OS for security.

--
Digital is, by definition, imperfect. Analog is the way to go.
Whats your threat model? by nweaver · 2012-03-27 05:20 · Score: 4, Insightful

What is your threat model? Do you use it for websurfing? Download lots of kewl apps? For the latter, from which app store?
I suspect that iOS is a bit more vulnerable on the web browser side, as android has a fair bit better sandboxing which means an exploit of the browser takes more work to fully p0wn the phone, while in iOS-land, 'p0wn the brower == p0wn the phone'
But OTOH, Apple is a much better curator: with only the official App store, and with bad-actor app-developers and apps a rarity, the Apple App Store is very safe.
Android? Not so much. Even the official Google store seems to rely too much on the Android sandboxing to keep users safe (when users just say 'ok' to anything needing scary permissions), and other App Stores are a vile abomination.
Finally, anything that doesn't say "Nexus" on it should be considered end-of-lifed before you buy it. Apple patches things for a long time, so old vulnerabilites shouldn't worry their user base. But Android phones, since they are pretty much EOL'ed right from the start, often never receive critical browser and related security patches, security patches which, due to the open nature, can pretty much be reverse engineered by a competent exploit developer.
So, my ranking: Nexus Phone > (slightly) iPhone >>> generic "Android" phone

--
Test your net with Netalyzr
Let history be your guide by jamesl · 2012-03-27 05:31 · Score: 4, Funny

There was a time when the most secure (consumer) desktop OS was the Mac -- because there were so few in service that the bad guys spent all their time and effort on Windows. By that measure, the most secure mobile environment is Windows Phone 7.
1. Re:Let history be your guide by Anubis+IV · 2012-03-27 07:18 · Score: 3, Insightful
  
  There's a difference between safety and security, which you appear to have conflated. You can have an unlocked house that's wide open in a low-crime area and likely be safe without being secure. You can have a locked house with bars on the windows in a high-crime area and be secure without necessarily being safe.
  Safety is what we all want. For someone using a popular device/OS/whatever, you have to rely on security since other factors (i.e. obscurity) will not protect you. If you're a valuable target, it doesn't matter what device/OS you're using, you'll still need to be secure because you are likely to be targeted. Thus, obscurity is not a viable measure of protection.
Re:No answer for you by narcc · 2012-03-27 05:35 · Score: 4, Insightful

A corporate-based phone (Blackberry) is going to make corporate security more of a priority than usability
I haven't noticed any problems with usability. Quite the opposite, in fact.
Security doesn't "get in the way" at all on the platform.

--
Required reading for internet skeptics
Fishbowl (NSA's Android project) by Qubit · 2012-03-27 06:32 · Score: 3, Insightful

http://www.engadget.com/2012/03/01/nsa-builds-own-model-of-android-phone-wants-you-to-do-the-same/
Okay, so it's only off-the-shelf parts, but if you really want a mobile device that can earn the label "secure," (software ain't a thing w/o hardware) you're probably going to want something vetted by a security organization/company like....well...the NSA.

--

coding is life /* the rest is */
Want real security? Get an N900 or an N9 by jdb2 · 2012-03-27 11:38 · Score: 3, Informative

The N900 and N9 are full blown Unix/Linux machines with all the bells and whistles that come with a non-neutered version of the GNU/Linux environment.

That being said, they support many Unix/Linux security mechanisms, but if you want proof, how about full disk encryption for starters?

jdb2