It use to be quite rare for someone outside of the tech community to hear about a large data breach or someone hacking into a large corporation to cause damages. Nowadays, it is rare to find someone that hasn’t heard of some sort of cyber attack; regardless of their profession. But, one major aspect of security that is overlooked by most, is smartphone security. As smartphones become more and more integrated in almost every aspect of work & day to day life, these concerns are starting to be taken more seriously. Most people do not think of smartphones in the same way a person that wants to exploit them does. These things basically capture every move you make as you explore the internet; even the physical world around you. Locational data, bank account info, private conversations, also, your camera and microphone, just to name a few. There are flaws in security that affect almost every aspect of your smartphone’s functionality, and almost no one, outside of the industry, has a clue about it.
I want to talk about smartphones that are built from ground level with security as the main focus and goal. This trend is nothing new in the enterprise market, but the past options have fell short on many aspects, true security and privacy being two major ones. A few weeks ago I came across a company with these exact goals in mind, this company offers a set of devices that runs a very modified version of the popular Android OS. One of the major changes in this OS is the app permission; pre install scanning of downloaded items. In the settings menu, not only can you see a full list of all apps currently installed but also what aspects of your phone that these apps touch. Now this is nothing new to android but one feature found nowhere else is the ability to change those permissions. Say you don’t want google to be able to access your contact list; simply turn that specific feature off. Now most people aren’t too concerned about things like that, but let’s say you found out that a specific app was accessing the microphone? Would this concern you? Another really useful and interesting aspect of this OS is triggered by default when downloading anything. From requesting a webpage, all the way to installing ‘approved’ apps from the app store. Everything aspect of what you just downloaded will be looked at in depth. The OS defaults to checked for any form of malware regardless of where the download came from. Now this will cause things to run a little slower then normal but when security and privacy are your main concern, I believe you can wait an extra few seconds.
Another major advantage to using this type of device are updates. To date there are only 2 other phone manufacturers that offer security updates as soon as they come out. These are Google Nexus phones and iPhones. More are starting to follow this trend but it is going to be a while until this is a standard. Since these phones are created by the same company that creates the OS that runs on them, they get to dictate when updates will be applied. Companies like AT&T & Verizon are often very far behind, sometimes a full year or more behind. With the current state of things, it’s been recommended to have security updates at least two times a month, if not more. This is simply not happening.