IE 11 is not supported. For an optimal experience visit our site on another browser.

How to Choose the Safest Smartphone

It's a pity that there are no crash-test dummies in the world of mobile devices. If there were, security gurus could send a wireless platform for a test drive and choose the one that's the least lethal in terms of compromising your —or your company's —data.
/ Source: SecurityNewsDaily

It's a pity that there are no crash-test dummies in the world of mobile devices. If there were, security gurus could send a wireless platform for a test drive and choose the one that's the least lethal in terms of compromising your —or your company's —data.

Instead, consumers, and the workplaces they bring their devices into, have to serve as the crash-test dummies. Results so far indicate that the top four smartphone and tablet platforms — Apple's iOS, Google's Android, Research In Motion's BlackBerry and Microsoft's Windows Phone — each have their own strengths and vulnerabilities.

"'Bring your own device' is a huge concern among IT professionals," said Steve Hanna, distinguished engineer at Sunnyvale, Calif.-based Juniper Networks and co-chair of the Trusted Network Connect Work Group standards organization. "It's the No. 1 topic, with explosive growth of tablets [and] executives using or pushing to use mobile devices that access very sensitive data."

Since it has many security features that were implemented at an early stage, and since it's long been approved for sensitive government use, many experts consider BlackBerry to be the most secure end-to-end mobile platform.

Encryption is inherent in the Blackberry environment, said Ondrej Krehel of Scottsdale, Ariz.-based Identity Theft 911. The problem is that BlackBerry phones and tablets might not be the most in-demand gadget.

Apple's popular iOS platform, which runs on iPhones and iPads, might be ranked next in terms of security, but "it's not a simple security solution," said Nathan Jennings, director of product management for enterprise mobile at Santa Clara, Calif.-based McAfee.

With iOS, an IT exec can protect the cloud, but how can he protect against each application in Apple's iTunes Store? Still, Jennings contends, iOS does provide some default level security and implemented encryption.

Google's Android platform is a close third in terms of security, even nipping at Apple's security heels, but is still very challenging, Jennings said.

To Krehel, Android's open architecture offers less control over installed applications. He agrees that Apple and Android are almost neck-in-neck in the security race, but adds that Android requires a more security-educated consumer than Apple.

"Android is getting there," Krehel said. "However, many of the security settings are left to well-educated consumers."

Microsoft's new Windows Phone platform, meanwhile, has garnered little interest from enterprise users, consumers or security researchers alike.

Jennings said security professionals are divided into two camps about how to shore up business networks being constantly accessed by myriad devices. Reactions range from, "'Fine, I will get in a cave, I'm letting it go for now,' on one side, to the ones who say 'I'm going to lock the whole thing down,'" Jennings said.

Since an unprotected mobile device that fell into the wrong hands could affect a company's stock price, or be exploited by competitors or criminals, companies should be as concerned with implementing safeguards in place in accessing the network, and if a device is lost or stolen.

As for the consumer market, many of us learned the hard way over the past decade that a secure PC saved time, effort and kilos of aggravation in the form of protected data.

Now that those familiarly ulcer-inducing lessons are starting to roll in on mobile devices, the issue of which wireless platform is most secure might not yet be up there in league of ease of use, or coolness factor, but it's getting there.

"Security threats are translating themselves from PCs to mobile," Krehel said.

He said the mobile form of phishing, known as "smishing" for SMS phishing, is a good example of an attack that's migrated from desktops to smartphones.

Experts anticipate that mobile carriers may step in and offer businesses and consumers solutions to make mobile devices more secure. Businesses that can't wait may start installing their own countermeasures, such as anti-malware, encryption and mobile-device-management software, Hanna said.

"Any device without these countermeasures is going to be vulnerable," he said.