Sophos Cloud Optix
Last month I asked you which web browser you trust the most. This month I’d like to know how you feel about that little always-on super computer that goes everywhere with you – your phone.
I asked my original question about web browsers because of the highly privileged position they occupy in our online lives.
Everything we do on the web passes through them. They are vitally important and yet the most significant factor in choosing which is the best – determining which is most likely to keep our data private and secure – is a matter of opinion and judgement, not of fact.
I suspected that users were as likely to be swayed by the reputation of the companies producing the popular browsers as they were by the number of objectively verifiable vulnerabilities.
You didn’t disappoint.
The emphatic result and your impassioned comments got me thinking about something that occupies an even more exalted position in our lives (and not just our online, sitting at the keyboard lives, our actual honest-to-goodness go everywhere real lives); our smartphones.
Smartphones are, of course, very far from being simply ‘not dumb’ phones these days. In fact describing smartphones as phones does them about as much justice as describing SUVs as quite well protected chairs.
Modern phones are bona fide networked computers that bristle with sensors and broadcast their existence promiscuously.
They are stuffed with personal information and, thanks to easy connections to software stores, cloud storage and online backups, they are as hungry for a permanent internet connection as a 14 year old boy.
Compared to the laptops and desktops that preceded them smartphones are locked down tight.
Users don’t add ram, upgrade their graphics cards or put in extra hard drives. The operating systems that bring the hardware to life expose little of themselves and keep their apps isolated in restrictive sandboxes. Software distribution is tightly controlled and more often than not restricted to a single authorized source and subject to the rules and whims of its proprietor.
All of this buttoning up has given us the first generation of genuinely consumer-friendly computing devices and, while they haven’t solved the virus problem, distribution channels like Google Play and the App Store have made life much harder for malware authors.
Of course all this convenience and reassuring abstraction comes at the price of transparency. The gap between what our devices are doing and our understanding of them grows ever wider.
If you’re going to use a smartphone at all then you must trust that what exists in that gap – whatever your phone is doing or sharing without your knowledge – is benign, or at the very least is worth the cost.
The efforts of independent security researchers aside, we are ultimately dependent on some very, very large organisations like Google, Microsoft, Apple and BlackBerry to respect the trust we put in their software.
Which of those companies hasn’t given us pause for thought at some stage?
Do you trust their corporate interests, culture and track record? Are you absolutely clear on how they make money and from whom? Do you believe they are in bed with the NSA or other government agencies?
I’d like to know which of the big four smartphone platforms you trust the most.
Clearly there are many aspects to what makes a smartphone trustworthy or untrustworthy – not least apps – that I can’t capture with a simple question and multiple choice answer, so please use the comments to share your thoughts after you have taken the poll.
If you don’t use a smartphone or if you favour a platform outside of the top four then let us know in the comments.
Likewise if you have made judgements about what kind of apps you won’t allow on your phone, about different versions of the big four platforms or about the modifications that major manufacturers like HTC and Samsung make to Android then share them in our comments too.
And finally, this is National Cyber Security Awareness Month so once you’ve done sharing and opining please take a look at our 10 tips for securing your smartphone and take some positive action to safeguard you and your family today.
Q "Which smartphone operating system (OS) do you trust the most?"
Then it seems we are supposed to answer what we use. Probably not the same thing
Thanks Stefan, have updated the poll to make it clearer 🙂
You cannot trust any of them!
Although I carry an Android, I do not trust it. I had to Root my phone in order to install a Firewall which allows me to block communications from apps. This is still flawed because to use most apps, you have to allow it to communicate. Next step for me is to install a ROM that will allow me to control permissions!
Those poll results are pretty telling. I'm with Shane. We trust internet/phone companies too much, period. They thrive off our information and we give them tons of it on our phones. And smartphones are a real security risk as well, considering everyone stores passwords and account information on them, and yet more than half of all users don't even have them password locked.
We haven't seen too much of it yet comparatively, but I think mobile platforms are the most ripe for exploitation, and it's only going to get much worse.
I recently got a Windows phone and was glad to read they do not use IQ carrier after I read your article on it.
I notice the Apple fanboys voting for the most insecure and hole ridden smartphone still due to it's popularity as a bling bling fashion accessory and status symbol. Obviously Apple buyers still don't read Sophos articles and probably believe they don't get viruses either. By the way, I used to build Macs and use them solely, so I'm not anti Apple for no reason. The most used sandbox Apple use is the one their security teams and customers bury their heads in.
I imagine as you suspected a lot was based on what people like the look of when it came to browsers. Ohhh we love Google Chrome, we trust Google, even though we know they sniffed wi-fi details when carrying out mapping. It's OK we trust them with our data right, coz their browser looks nice. I doubt any smartphone is 100% secure but I think Sophos should hand out coffee with it's Mac software so Apple users can wake up and smell it.
My trusted phone OS-of-choice is, unfortunately, defunct. PalmOS 4evah!!!
Airgaps are good ….
I'm on my first iPhone, prior to that Android, which I locked down tight with security apps myself because I didn't trust Google to do so. And to do things Google didn't care about, like stop spam calls and texts, Mr. Number to the rescue. The first thing I did when I got my iPhone was go looking for extra security apps and found a couple I now use all the time.
What I like least are apps that phone home all the time and do my best to ferret out ways of stopping them because I don't like it and because battery life is already poor enough. It just amazes me that I can buy a Casio running watch with a 10 year battery that outlives the watch and no one can figure out how to make a really strong and useful phone battery. OEM is good, but replacements are horrible. Which I won't have to worry about with the iPhone since that battery is not removable. I will say that IOS 7.0.2 DID improve battery function significantly though I have no idea how.
BlackBerry, Are they still around?