Slashdot Mirror
Ask Slashdot: Most Secure Mobile OS?
Lexta writes "So I'm contemplating my next smartphone purchase, and I've been a little put off by all of the security exploits posted on Slashdot over the last few months, particularly for Android. So, what's the most secure stock standard (not jailbroken) mobile OS?"
RIM's OS, especially due to the way they handle communications, is by far (as far as I know) the most secure OS. And neither iOS nor Android look particularly secure to me, since every other week you see some news of them getting exploited.
We need a way to moderate articles.
It's called the Firehose.
All the world's a CPU, and all the men and women merely AI agents
This is true for the same reasons that a decade ago Mac OSX was considered more secure than Windows. Its a function of install base. As soon as Windows Phone has 100's of million of users exploits will be published.
You mean Linux itself isn't better security wise either, it's just that the (desktop) market share is so low?
If it is not jailbroken it is DEFINITELY not secure. With carrier spyware and apps that are not under your control, the first step to security is making it YOURS and yours alone.
Once you are to that point, then you can BEGIN evaluating the core OS for security.
Digital is, by definition, imperfect. Analog is the way to go.
What is your threat model? Do you use it for websurfing? Download lots of kewl apps? For the latter, from which app store?
I suspect that iOS is a bit more vulnerable on the web browser side, as android has a fair bit better sandboxing which means an exploit of the browser takes more work to fully p0wn the phone, while in iOS-land, 'p0wn the brower == p0wn the phone'
But OTOH, Apple is a much better curator: with only the official App store, and with bad-actor app-developers and apps a rarity, the Apple App Store is very safe.
Android? Not so much. Even the official Google store seems to rely too much on the Android sandboxing to keep users safe (when users just say 'ok' to anything needing scary permissions), and other App Stores are a vile abomination.
Finally, anything that doesn't say "Nexus" on it should be considered end-of-lifed before you buy it. Apple patches things for a long time, so old vulnerabilites shouldn't worry their user base. But Android phones, since they are pretty much EOL'ed right from the start, often never receive critical browser and related security patches, security patches which, due to the open nature, can pretty much be reverse engineered by a competent exploit developer.
So, my ranking: Nexus Phone > (slightly) iPhone >>> generic "Android" phone
Test your net with Netalyzr
It's hard to exploit phones that are in shrink wrapped boxes on the store shelves.
Mod me down, my New Earth Global Warmingist friends!
But for hacker targets, particularly phishing or personal data theft which the submitter is probably concerned about, desktop market share is the important metric.
Android may use the Linux kernel, but it isn't kernel exploits that are the main concern, it's app API exploits.
Not really true anymore. I've had a Lumia 800 since november and the only two things I'm really missing now is a native app for Google+ (though the mobile web version works fine) and something that can talk to the OBD2 Bluetooth dongle I have for my car. Not exactly your Angry Birds of smartphone apps. Also, a lot of the WP7 apps feel more polished than their Android versions. The Facebook app for instance.
Quality, performance, value; you get only two, and you don't always get to pick.
There was a time when the most secure (consumer) desktop OS was the Mac -- because there were so few in service that the bad guys spent all their time and effort on Windows. By that measure, the most secure mobile environment is Windows Phone 7.
"Both Android and iOS have been plagued with exploits"
"The only current smartphone OS that is safe against exploits and vulnerabilities is Windows Phone 7"
"even on the desktop Windows most exploits are against third party apps like Flash or Java, not Windows itself"
"if you want to get a smartphone that is safe against exploits and malware, Windows Phone 7 is your only answer"
You have absolutely no idea what you're writing, do you? I'm amazed this got upvoted 5 points and labelled Informative.
A corporate-based phone (Blackberry) is going to make corporate security more of a priority than usability
I haven't noticed any problems with usability. Quite the opposite, in fact.
Security doesn't "get in the way" at all on the platform.
Required reading for internet skeptics
Most of the malware I've seen on my android phone is in the form of apps that leak my phone ID and phone number (apparently only vaguely alluded to in the 'Phone Calls' permission as 'identity').
What REALLY pisses me off is that not only does app I paid for do this, but it somehow self-cripples if I fix it with Privacy Blocker, and the devs had the brass to say in the comments that it doesn't do it.
The app in question is EzPDF, btw. Since my only recourse is to leave them a crap rating and look for a new PDF reader, I'm doing that, but it still pisses me off, especially since I was recommending it for awhile.
Certainly. Would you want a building made out of windows, or one made out of hamburgers?
Come on, this is easy!
Faster! Faster! Faster would be better!
Although the number of iPhone apps is amazing, the limited number of apps is the least of Windows phone's problems. With both my Androids and N900 I got most of what I needed and I've always been able to show off to iPhone people if needed. It's worth reading between the lines of Andrew Orlowski's Lumia 700 review. Remember that he's a total Microsoft Fanboi but even so, he often makes pretty perceptive comments such as the ones about fonts. The key thing is to realise that Windows Phone is designed to look good in the shop, but hasn't actually been designed to work. The terrible battery life and design make a phone you can't actually use properly. Think of tiles for example; about 8-10 fit on a screen where normally you would have 20-25 icons. This is great for display and selling where almost no apps have been installed and you are just learning which are which. Five months down the line, when you have 150-200 apps, it suddenly doesn't seem like a good trade off.
This general trade off of actual functionality for things which sell Microsoft products goes on through the design and brings us straight back to the topic; security. For example: your contacts in a Windows Phone are entirely stored on your online service, almost certainly Facebook unless you change it yourself. By design, there's no private place to store contacts you don't want shared. The first question with security is not "is this implementation done right". The real question is "who is this working for". This same user hostile attitude continues through the DRM implemenaton
When Microsoft sets up something equivalent to the Data Liberation Front, then we will be able to talk about Windows Phone as a secure operating system. Not a day before.
=~ s,(.*),<sarcasm>$1</sarcasm>,g if any_point_you_wish();