Why security matters when you buy a smartphone

People use their smartphone, that's continuously connected to the internet, more than any other device. While it's the entry point to their entire digital life, strangely enough for most people security is not one of the selection criteria when buying a smartphone.

In this post I'll tell you why security is important and where you should look for when you buy your next smartphone.

Availability of security updates

I think this twitter conversation perfectly describes the situation regarding security updates.

It's true that iOS is recently screwing up a bit with security updates, but in my opinion they still have an enormous advantage. They control all devices where the updates need to be installed. And this is the big problem with the Android operating system. There are so many vendors and they all have their own update release cycles and support period.

In an attempt to improve this Google mandated Android devices manufacturers a year ago to provide at least four security updates in the year after the phone is launched. In the second year they must also provide updates, but it's not specified how much exactly.

There's another drawback of Android devices though. Most Android devices makers are far behind when it comes to rolling out major updates.

Why updates matter

Recently 25 million of Android phones were infected with the "Agent Smith" malware. This malware abuses weaknesses in the Android operating system to replace apps with malicious versions. In this case these malicious apps served ads on the smartphones of the users. But these malicious apps could have even done more harm. This attack was only possible because the latest updates were not installed on these phones.

Or this Android .PNG image bug for which a fix was released in February this year.

"A maliciously-crafted PNG image file could execute code on vulnerable  Android devices, potentially hacking phones and granting access by a  remote attacker."

If you have an Android phone and you still haven't patched that by now, you might be at serious risk.

Support period and updates

When you have an iPhone you will receive updates when they are available. From previous iPhone models we probably can conclude that Apple at least provides updates for 5 years.

Even if you have bought an iPhone 8 now, that was released end 2017, you should receive updates until the end of 2022. If you don't want to spend more than $1000 for the latest iPhone model, this might be a good alternative security wise.

Before you buy a Android smartphone check the update frequency. I'll take the Google Pixel as example. Like you can see they guarantee updates for at least 3 years from when the device first became available on the Google Store both for Android version updates and security updates.

Do you need to buy a new smartphone when it's no longer supported?

Ideally you should buy a new smartphone when updates are no longer available to reduce security risks. If you choose wisely I think the support period more or less coincide with the lifetime of your phone.

Like most people that voted in this poll, I buy a new smartphone every 3 years or sooner.

If you are planning to buy an Android phone, it's best to look for a brand new model that provides major and security updates for 3 years. If you want to buy an iPhone and save some money, you could opt for an older model that's still supported until you plan to buy your next phone.

Jailbreaking and rooting

If you have bought a new iPhone be careful with jailbreaking. Jailbreaking is the action that makes it possible to load apps that are not acknowlegded by Apple on an iPhone. Installing these apps can have serious security risk because they aren't scrutinized by Apple. Besides it also voids an iphone's warranty.

When you have an Android phone this process is called rooting instead of jailbreaking. It also weakens your device's security and in most cases voids the warranty. I would not recommend you to do this unless you're really know what you doing.

Conclusion

Everybody has his own budget and other criteria that are important when choosing a smartphone. But security should also be one of the selection criteria. Next time you buy a smartphone ask or research for how long it receives updates and how often security updates are released.

That's it for today. More security fun is for tomorrow. In the meantime stay safe online!

John Opdenakker

John Opdenakker

Blogger | #Infosec | #AppSec | Security awareness | Occasional Public Speaker | Cycling | Running | Enjoying life