Smartphones are inherently bad for privacy. You basically have a tracking device in your pocket that pings from cell towers and locks on GPS satellites. Meanwhile, the data connection of the handset ensures that tracking cookies, advertising IDs and usage statistics follow you on the Internet.
So no, there is no perfectly safe and truly private smartphone, let's get this out of the internet So, now. But in the information age, you practically need a smartphone to get through society, so the question arises: which phone manages to be the lesser evil?
Critical vulnerabilities such as the KRACK exploit and Blueborne, not to mention the FBI trying to find a backdoor on virtually every phone, are a difficult question to answer. To find the safest devices, we tested the top smartphones on the market and looked for key factors such as encryption strength, biometrics, hardware-based security, VPN availability, and security update windows. Our research restricted the list to four great phones, so let's discuss how well each of these devices protects your privacy.
Note: This article was last updated in June 201
Important Comparison Points
When it came to comparing our four final phones, there were These are the main distinguishing factors for privacy and security:
Encryption: Each of these phones use one of two types of encryption: file-based (FBE) or full disk (FDE). File-based encryption is the more effective method because individual files can be locked with different keys, whereas Full Disk Encryption uses only one key to lock the entire data partition. All four of these phones use the AES encryption standard, and while others use 128-bit keys to decrypt the data, others use 256-bit extended keys.
Hardware-Assisted Security: Each of the phones on our list accesses the hardware to support the overall security of the device. While iOS devices use the hardware for encryption, the Android devices on our list use the hardware to store cryptographic keys (see "How we select these phones" below).
Sandboxed user accounts: If privacy is one of your most important considerations. You should set up separate user areas on your phone, such as: One for work and one for your personal use. If this is the case, it is important that the data from each user account is truly separate (or "sandboxed"), and the Android phones in this list provide this feature.
Restrict Ad Tracking: Phones Delivered with Apple and Google Pre-installed services use a system-wide Ad Tracking ID to help marketing partners deliver targeted ads. This ID follows when you use apps and services on your phone, which is a patchy behavior in terms of privacy. Apple allows you to restrict the capabilities of apps so that this ID can be viewed and used, while Google can only reset the ID and disable personalized ads on Android devices.
Always-On VPN: A virtual private network or VPN, you can redirect Internet traffic through an external server. A good VPN service even allows encryption of all traffic for increased anonymity. With Android devices, you can direct all types of Internet traffic over a VPN. However, with an iPhone, you can only use one VPN over Wi-Fi, unless you want to reset your device and turn on "Monitored Mode" for the VPN to work on your mobile data connection.
Internet Access for Apps: If you do not want apps to "call home", the ability to block Internet access per app is a big plus. For Android, this can be done by setting up a local VPN like Netguard, which requires a little more work. With iOS, you can easily disable mobile data access for an app, but it's not possible to restrict Wi-Fi connectivity.
Data Deletion after Failed Login: Some phones have a feature that triggers an automatic factory reset. Someone tries to enter their PIN or password too many times, if enabled. This is very effective at warding off intruders, as brute-force password attacks are almost impossible.
Integrated Password Manager: The name of the included feature that stores your various credentials. These screen names and passwords are stored in an encrypted vault, which provides the opportunity to automatically fill the stored information in the corresponding app or website.
Password Generator: The password manager can generate a new password that is more secure than your existing passwords
Password Protected Folder: A secure folder where apps and files are stored and protected from unauthorized access can be. Data in these folders should be hidden in the app drawer and in the file manager and require either a password or biometrics.
Stock Security Center App: If you are security conscious, it is good to have a centralized app that allows you to meet all the security needs of your phone. For example, the DTEK security platform provides an overview of the security of your phone and allows, among other things, easy customization of important security settings.
Operating System CVEs: All phones in this list run either iOS or Android. In recent years, many operating systems have discovered numerous vulnerabilities and vulnerabilities, so it's important to know exactly how vulnerable they are.
Security Patch Timeline: Apple does not stick to it In a certain period of time with its security patches, however, updates are usually released within a month of the discovery of critical bugs. Android releases security patches on a monthly basis, leaving the OEM to distribute them to their devices. Since Pixel 2 is a Google device, it will first receive Android security patches.
Bug Bounties: Device manufacturers usually offer a cash prize to anyone who can find blatant weaknesses in their mobile phone software, effective crowdsourcing, the process of detecting and closing security holes. With a higher premium, people are generally more motivated to find these bugs. Some companies only invite trustworthy bug reporters to earn a bounty (shown as "closed" in the graphic above), while others report bugs and claim the bounty (shown here as "open").
How We Pick These Phones
Our first requirement in choosing these phones was that they all had to be available in the United States from a major carrier or manufacturer. Second, a phone had to encrypt this list by default to make sure your data is protected from external access.
Another requirement was that all phones provide granular permission management that allows you to revoke the app. Permission to access specific features such as camera and microphone. To ensure that your data remains secure even if your phone is lost or stolen, we have only selected telephones with remote lock and wipe.
However, what limited this list was the hardware-based security requirement. Apple uses a hardware encryption chip to increase security, while the Android OEMs use some variants of a hardware root system. In fact, this means that there is a physical barrier between your data and any potential attacker – while they may be able to hack the software, they need physical access to completely break the encryption, and even then, this would be virtually impossible
Popular phones that lacked such a physical barrier are the HTC U12 +, the LG V35, the LG G7 ThinQ, the Moto Z2 Play, and the Moto Z2 Force.
It's also worth noting that some phones made our finale cut had sibling devices, which could also have been listed here – for example, Apple's older iPhone 7 models, Samsung Galaxy S8 lineup and the original Google Pixel. We've taken these devices off the list as there were newer and more sustainable models in the iPhone X, Galaxy Note 8 and Pixel 2, but from a privacy and security standpoint, they are still solid phones.
From there The finalists were ranked based on how well the devices were rated in the above key comparison points, and thus the following phones climbed to the top.
Phone 1: BlackBerry KEY2
Last year's list, the BlackBerry KEYone won our top spot for privacy and security. Thanks to its low price and the numerous BB10 security enhancements it brought to the Android platform, it was easy to recommend this device to anyone who wants to prioritize their security and protect their privacy.
With the release of its sequel, our expectations were high that it would replace its predecessor on our list. And although the price level is not as strong as it used to be, it's still the best smartphone for privacy and security.
Each time you power up the device, the BlackBerry KEY2 grabs extra Steps to make sure your phone has not been tampered with. Known as the hardware root of trust, cryptographic keys are injected into the processor to verify the device and ensure that no tampering has occurred. These keys are unique to the smartphone and one of the main reasons why the KEYone (and hopefully KEY2) will not start. This is because every time you start your system, every level of your device is checked for changes. From the hardware to the operating system, the KEY2 looks for modifications and does not start if a layer fails the test.
Because the Linux kernel is a destination for smartphone hacking, BlackBerry hardens the kernel during production. BlackBerry signs and verifies that each Key2 leaves the factory to ensure that each phone leaves the desired state, both its hardware and its software. But the hardening process does not end after the phone leaves the factory.
BlackBerry promises to provide monthly security patches for Android for two years, closing new security holes, including possible kernel compromises. And it's not just Google's security policy – BlackBerry adds its own security patches to address security holes that may compromise their device .
Again, BlackBerry opted for full disk encryption instead of the newer Android file encryption While file-based encryption can isolate some files from others, hard-disk encryption ensures that everything stored on your hard drive (from your pictures to the root folder) is secured over the encryption standard AES-128. More than likely, BB chose this encryption method to keep it FIPS 140-2 compliant. FIPS 140-2 is an American computer security standard used for cryptography of hardware and software components.
Not all security enhancements of the KEY2 are under the hood; There are some improvements that you can not only see, but interact with. A good example of this is the Privacy Shade, which obstructs the view of everyone but a small area of your screen. Especially if you use your phone in public, protect your privacy from prying neighbors who can not help but look at your screen.
Another great example of this is DTEK. DTEK is the dashboard that lets you interact with many software-based changes implemented by BlackBerry and acts as the central hub for the security of your KEY2. DTEK automatically monitors the operating system and apps for potential privacy risks and evaluates the integrity of the device with a meter. If DTEK discovers privacy risks, it will recommend a course of action that can be taken within the app.
With the KEY2, however, BlackBerry has improved the capabilities of DTEK. KEY2 introduces a new feature, known as BlackBerry Integrity Protection, that alerts users to malicious apps that show suspicious behavior (such as turning on the microphone in the background). In addition, users can set their own triggers for similar unwanted behaviors, such as when an app uses the camera in the background.
There are too many KEY2 security enhancements in the BlackBerry to mention them all in this article. For a Cliff Notes version, when it comes to security and privacy, there is no other smartphone we recommend more. BlackBerry builds the KEY2 from the ground up with security precautions, allowing it to be ahead of the competition.
An example of this is Apple's ability to update all iOS devices faster than Google. Because of the open-source nature of Android, OEMs have added skins to the operating system to diversify their smartphones. However, these skins make updating devices difficult, as updates usually destroy some of the skin features. iOS devices do not have skins because there is only one manufacturer. This allows Apple to test a few devices to make sure that updates are compatible, and then send them to the mass. While most Apple products are on the latest firmware, only 0.5% of Android devices run the latest version of Android.
Another benefit of iOS is how it handles encryption. While both Android and iOS use file-based encryption, Apple's implementation is a much more sophisticated model. iOS encrypts both files and their metadata (information about the file) separately with unique keys. These keys are then encrypted by another key derived from the user code and the hardware.
This second set of keys protects files based on their content. For files that require a higher level of security, the keys unlock their contents only after the device is activated and unlocked. For other files, authentication is required only once to access them. For these keys, there are four security classes that Apple can use to better control file encryption.
The number of CVEs (or Common Vulnerabilities and Threats ) is lower than for Android and is decreasing every year. Since last year, iOS's CVEs have increased by 204, compared to Android's 318 in the same period.
Due to Apple's closed ecosystem, the App Store has far fewer malware apps than the Play Store. As each app is manually reviewed by a team at Apple, it is more difficult for malicious apps to use the App Store.
One important point to keep in mind is why we chose the iPhone X over the iPhone 8 or 8 Plus , is his face recognition system. Despite some anecdotal examples on the Internet, Apple's statistics show that the Face ID is more secure than the Touch ID.
Apple has also taken steps to make sure your Face ID data is as secure as possible. The face of your face is encrypted and stored in the Secure Enclave, an isolated piece of hardware within the iPhone X. Except for the Apple support diagnostic data, Face ID data never leaves the device. Apps that use the Face ID for authentication are only informed that authentication is successful and access to the data is not allowed.
There is another nice privacy feature that comes with the Face ID. If someone picks up your iPhone X except you, all notifications will be blocked and your privacy will be protected. However, once the TrueDepth camera authenticates a valid user (you), it will display the content.
Apart from Face ID, all the other security benefits of the iPhone X are also valid for Apple's cheaper flagship 2017, the iPhone 8 and 8 Plus. If you're not ready to pay an after-tax after-tax, the iPhone 8 models are almost as secure as the iPhone X, so you can not go in the wrong direction. Nonetheless, the X is the absolute top Apple phone when it comes to security and privacy.
The Galaxy Note 8 achieves this goal with a host of features. Similar to Blackberry, it starts with the Hardware Root of Trust. The Device Root Key (a cryptographic key) is inserted into each Galaxy Note 8 during the manufacturing process and is accessible only in a secure environment known as the Trust Zone. This key is unique to each Galaxy Note 8 and is therefore used to identify the device. These keys are also used to encrypt corporate data and to permanently store the data on the device.
The Galaxy Note 8 also has a secure boot key that checks each component during startup to make sure nothing has been compromised. These keys run Secure Boot, a mechanism designed to prevent users from modifying the boot loader or operating system of the device. Making these changes to your device significantly affects the integrity of your security. Unlike BlackBerry KEYone, however, this did not prevent users from root-killing the device.
Samsung also uses rollback protection, which binds certain Samsung programs and executables to the latest version of the firmware. As older firmware has security holes, this ensures that all Galaxy Note 8 models work with the latest software.
While the Knox platform is extensive (with many other features that are not relevant to this article), it shows its inability to Roots to prevent an exploit that was not found on the KEYone. In contrast to the other smartphones on this list, a large part of the Knox platform is behind a paywall. While Grade 8 is one of the best phones on our list, these restrictions have forced them into third place.
The Pixel 2 has moved the authentication process from a software-based secure environment (known as TrustZone) to a chip physically separate from the SoC. This security module contains all the resources required to authenticate on your Pixel 2 device. It is resistant to both software-based and physical attacks and provides first-class protection for your cryptographic keys.
Unlike most Android devices, Pixel 2 and 2 XL always have the latest version of Android and its security patches – Google has even committed to offering full Android updates on those phones for three years now. Security patches are submitted monthly, protecting the phone from potential new threats.
Google has one of the best bug bounty programs from all the manufacturers on this list. They will offer up to $ 200,000 for critical bugs, and the program is open to the public, so there should always be enough people to search the Pixel 2 codebase for vulnerabilities.
The KEYone continues Blackberry's tradition of enterprise-class privacy and security so it surpasses our list pretty easily. With its DTEK security platform, Full Disk Encryption and the extensive verified Secure Boot, BlackBerry has developed this device for those who want to protect their phones and their data.
The KEY2 is one of the best BlackBerry devices for years. It embodies the reputation of BlackBerry security and adapts it to the preferences of the current market. The result is one of the safest smartphones on the market that benefits from the Android operating system and its millions of apps. With the DTEK security platform, Full Disk Encryption and the extensive verified secure boot, BlackBerry has developed this device for those who want to protect their phones and their data.
While the KEY2 is more expensive than its predecessor, the cost is higher with some improvements. The KEY2 has a smaller "forehead", a 20% larger physical keyboard, a faster Qualcomm Snapdragon processor, and 6GB of RAM.
After you said that you do not want to use an Android phone, then the iPhone X is the best iOS device for the privacy-conscious user. Not only does IOS have amazing features built into the operating system to protect its users, but Apple has improved authentication with the introduction of Face ID. And once again, an iPhone was able to thwart the FBI's best efforts after the Texas Church Shoot and provide a realistic example of how secure iOS is.