Friday, August 15, 2014

iPhone vs Android - Security (Part 7)


We're nearing the end of our iPhone vs Android comparison. In this section we talk about mobile Security. It may be something you haven't really thought about. "Why would anyone want to hack my phone?" you might ask. Well, let's think for a second about the amount of personal data you have on your smartphone.

If someone has access to your phone, they can usually easily access you email (and where are your passwords sent when you click "Forgotten Password')? Then there's your location information, your social networks, your internet searches, the websites you've been visiting, your bookmarks, photos and contacts. See what I mean?

There are two aspects to securing your phone, physical and virtual. Being vigilant to the rising risk of smartphone theft is becoming increasingly important. For example, nearly 2,400 cell phones were stolen in San Francisco alone last year, a 23 percent rise from the year before. According to the  FCC, one in three robberies in the US involve these high-value devices. Not leaving your phone on view or sitting on a coffee or restaurant table are good habits to get into. US lawmakers are in the process of enacting legislation requiring cell phone manufacturer to build a "kill-switch" into their phones (Minnestoa has already passed this law and California isn't far behind). This should help reduce the theft issue by making the stolen devices effectively worthless, but for now, it's still a major issue.

On the virtual front, there are a number of simple things that you can do to protect yourself.

iPhone

First of all, make sure that you "Lock" your phone with a code. It's in General / Passcode Lock. This can be either a simple 4-digit code or a more complex password. I suggest also enabling "Erase Data" which will delete your phone's contents after 10 failed attempts (don't forget your number). You should also enable Find My iPhone which enables you to track your phone, lock it, remotely wipe it and prevent it from being reactivated without your password. Of course, you should regularly backup your phone ... see my earlier article on backup).

Android

The situation on Android is a little more complex. Apple’s iPhone is generally deemed to be secure due to its ‘sandbox’ configuration. This stops applications communicating with the phone and means the platform accounted for only 0.7% of mobile malware in 2012. Google's Android operating system is built on an open model which means that it is much easier to post malicious apps which can hijack your phone, send text messages to super expensive phone numbers, monitor your calls or online shopping.

To protect yourself, first of all, only download your apps from Google's Play Store. (make sure Settings / Security & Screen Lock / Unknown Sources is unchecked).

Next, always check the permissions that the app is asking for when it installs itself. For example, Angry Birds doesn't need permission to send text messages.

Next, just as on the iPhone, make sure that your phone has a lock. On my Motorola Droid, this can be a pattern, face recognition or a PIN. I've tried the face recognition and it's crap. It can take multiple attempts and is slow. I used to use a pattern because I thought it was cool and easy to remember. Then I met a chap who ran the FBI's Cyber-Crime Prevention team. When he saw me swipe my phone to get into it he said "Don't use a pattern, it's way too easy to crack. Just hold your phone up and look at the screen sideways. You'll see the smear pattern left on the screen. Just trace it one way or the other way and bingo, you're in." Now I use a PIN. Interestingly, he also said that at last count they had over 100,000 known malware and virus' on the Android, but none on the iPhone. I couldn't believe it. None is incredible.

Next, make sure your phone automatically locks (Settings / Security & Screen Lock / Automatically Lock) and that Verify apps is checked (Settings / Security & Screen Lock / Verify apps).

Finally, I'd recommend installing at least one security app. There are many to choose from, but I'd recommend either Lookout (my preference), AVG Mobilation Antivirus or Avast Free Mobile Security. These apps will check for malicious apps during installation, premium telephone numbers, find your phone, remotely lock and wipe etc. Having used them on my Droid, they can slow your phone down and cause some hiccups, but in general I believe it's definitely worth any downside.

Remember the saying "An ounce of prevention is worth a pound of cure"? So be sure that you're regularly backing up. On Android that's easy. Just enable your Google+ backup (Settings / Accounts / Google and then make sure everything is checked). You can also see my article on Phone Backup.

So Which Offers the Best Security?

Like everything, it's personal preference. I like the iPhone because it offers excellent security without any need to install third party apps which can cause issues. On the other hand, it doesn't offer app permission or the ability to encrypt the phone and SD card. The real take away is to protect yourself by taking these simple steps:
  • Be vigilant when using your phone, especially when out and about
  • Lock your Device
  • Make sure you've recently backed up
  • Keep your OS and Apps up-to-date
  • Be careful what you click on
  • Only download apps from Google or Apple
  • Install a mobile security app if you're on Android
  • Be careful with public or unsecured WiFi