Ask Slashdot: Most Secure Mobile OS? 291
Lexta writes "So I'm contemplating my next smartphone purchase, and I've been a little put off by all of the security exploits posted on Slashdot over the last few months, particularly for Android. So, what's the most secure stock standard (not jailbroken) mobile OS?"
BB (Score:5, Interesting)
RIM's OS, especially due to the way they handle communications, is by far (as far as I know) the most secure OS. And neither iOS nor Android look particularly secure to me, since every other week you see some news of them getting exploited.
Re:The Most Secure Mobile OS (Score:4, Interesting)
Your argument is flawed for the same reason that people say macs are more secure than pc's.
Just because something is not popular enough to attract attention (and btw, it was rooted not long after it was released, which in turn prompted microsoft to offer a legit way to do it), doesn't mean it is more secure.
Android and iOS are victims to their popularity. On the other hand, BB handsets are, by design, extremely secure. Weird that you did not mention that.
Mutually exclusive (Score:4, Interesting)
If it is not jailbroken it is DEFINITELY not secure. With carrier spyware and apps that are not under your control, the first step to security is making it YOURS and yours alone.
Once you are to that point, then you can BEGIN evaluating the core OS for security.
Re:The Most Secure Mobile OS (Score:5, Interesting)
Re:The Most Secure Mobile OS (Score:5, Interesting)
Most of the malware I've seen on my android phone is in the form of apps that leak my phone ID and phone number (apparently only vaguely alluded to in the 'Phone Calls' permission as 'identity').
What REALLY pisses me off is that not only does app I paid for do this, but it somehow self-cripples if I fix it with Privacy Blocker, and the devs had the brass to say in the comments that it doesn't do it.
The app in question is EzPDF, btw. Since my only recourse is to leave them a crap rating and look for a new PDF reader, I'm doing that, but it still pisses me off, especially since I was recommending it for awhile.
Re:The Most Secure Mobile OS (Score:4, Interesting)
Default windows install still has ports 445, 135, 139 open by default (even if they encourage you to hide them behind a firewall - a kludge at best)...
Default linux install has nothing open, you have to explicitly install SSH on most desktop oriented distros.
Linux has a repository from which to install software, while windows encourages users to download and run arbitrary binaries.
Windows has things like stack randomization and non executable pages, but so does linux and has done for much longer.
Windows uses file extensions to identify file types, and hides them by default, making social engineering attacks more likely (nude_girl.jpg.exe !), on windows simply downloading a file which has a name ending in .exe makes it executable, whereas on linux you require an additional step.
Windows has a lot of "security features", but a lot of them are pure theatre and do little or nothing to actually improve security...
Take group policy "folder restrictions" for instance, designed to prevent you browsing certain areas of the filesystem (eg the windows dir, or the root of the hd), and sure enough if you type c:\ into explorer you will get an error... But what if you open a subdir (eg browse the temporary internet files dir using the option within the ie settings), and then keep hitting the up option... Also you can bypass these restrictions by using a program that doesn't use the standard explorer file selection dialogs (eg a command prompt)...
Linux doesnt have "features" like these because they are pointless, if you want to prevent users from accessing a given area you need to use file permissions.
There are plenty more examples like this, of "features" that look good on paper, but in reality provide no benefit and are easily circumvented anyway.
Things like this generally exist for shallow reviews, and security certification checklists, where the presence of an explicit feature gives you a tick in the box and the certification/review is not in depth enough to verify it properly.
Re:The Most Secure Mobile OS (Score:5, Interesting)
Although the number of iPhone apps is amazing, the limited number of apps is the least of Windows phone's problems. With both my Androids and N900 I got most of what I needed and I've always been able to show off to iPhone people if needed. It's worth reading between the lines of Andrew Orlowski's Lumia 700 review [reghardware.com]. Remember that he's a total Microsoft Fanboi but even so, he often makes pretty perceptive comments such as the ones about fonts. The key thing is to realise that Windows Phone is designed to look good in the shop, but hasn't actually been designed to work. The terrible battery life and design make a phone you can't actually use properly. Think of tiles for example; about 8-10 fit on a screen where normally you would have 20-25 icons. This is great for display and selling where almost no apps have been installed and you are just learning which are which. Five months down the line, when you have 150-200 apps, it suddenly doesn't seem like a good trade off.
This general trade off of actual functionality for things which sell Microsoft products goes on through the design and brings us straight back to the topic; security. For example: your contacts in a Windows Phone are entirely stored on your online service, almost certainly Facebook unless you change it yourself. By design, there's no private place to store contacts you don't want shared. The first question with security is not "is this implementation done right". The real question is "who is this working for". This same user hostile attitude continues through the DRM implemenaton
When Microsoft sets up something equivalent to the Data Liberation Front [dataliberation.org], then we will be able to talk about Windows Phone as a secure operating system. Not a day before.