Ask Slashdot: Most Secure Mobile OS? 291
Lexta writes "So I'm contemplating my next smartphone purchase, and I've been a little put off by all of the security exploits posted on Slashdot over the last few months, particularly for Android. So, what's the most secure stock standard (not jailbroken) mobile OS?"
-1 Flamebait (Score:1, Insightful)
We need a way to moderate articles.
Re:The Most Secure Mobile OS (Score:3, Insightful)
You'll be sacrificing the availability of tons of apps if you go with WP7 though.
Re:The Most Secure Mobile OS (Score:3, Insightful)
This is true for the same reasons that a decade ago Mac OSX was considered more secure than Windows. Its a function of install base. As soon as Windows Phone has 100's of million of users exploits will be published.
Re:The Most Secure Mobile OS (Score:5, Insightful)
This is true for the same reasons that a decade ago Mac OSX was considered more secure than Windows. Its a function of install base. As soon as Windows Phone has 100's of million of users exploits will be published.
You mean Linux itself isn't better security wise either, it's just that the (desktop) market share is so low?
Re:The Most Secure Mobile OS (Score:4, Insightful)
Symbian? (Score:4, Insightful)
Normally I'd otherwise shit all over symbian, but, why not Symbian? Years on the market, it should've been proven one way or the other by now.
Also, what level of paranoia are we talking? State or industry secrets? Personal paranoia?
Whats your threat model? (Score:5, Insightful)
What is your threat model? Do you use it for websurfing? Download lots of kewl apps? For the latter, from which app store?
I suspect that iOS is a bit more vulnerable on the web browser side, as android has a fair bit better sandboxing which means an exploit of the browser takes more work to fully p0wn the phone, while in iOS-land, 'p0wn the brower == p0wn the phone'
But OTOH, Apple is a much better curator: with only the official App store, and with bad-actor app-developers and apps a rarity, the Apple App Store is very safe.
Android? Not so much. Even the official Google store seems to rely too much on the Android sandboxing to keep users safe (when users just say 'ok' to anything needing scary permissions), and other App Stores are a vile abomination.
Finally, anything that doesn't say "Nexus" on it should be considered end-of-lifed before you buy it. Apple patches things for a long time, so old vulnerabilites shouldn't worry their user base. But Android phones, since they are pretty much EOL'ed right from the start, often never receive critical browser and related security patches, security patches which, due to the open nature, can pretty much be reverse engineered by a competent exploit developer.
So, my ranking: Nexus Phone > (slightly) iPhone >>> generic "Android" phone
Re:The Most Secure Mobile OS (Score:2, Insightful)
You mean Linux itself isn't better security wise either, it's just that the (desktop) market share is so low?
Linux has a total install base in the hundreds of millions on various types of computers from embedded to smartphones to desktops to servers to supercomputers. Saying it has a "small" market share is extremely disingenuous.
Re:The Most Secure Mobile OS (Score:2, Insightful)
"Both Android and iOS have been plagued with exploits."
no, just the first mobile os you mention IS PLAGUED by exploits, while the second one NEVER WAS. the few exploits that have been found in ios (very, very small number) has been used to jailbreak ios only. there is currently not a single piece of malware that affects the non-jailbroken ios. and yes, everyone knows why this is the case, everyone knows the "freedom vs walled garden" arguments, but it doesn't change the reality of the situation.
Re:No answer for you (Score:5, Insightful)
A corporate-based phone (Blackberry) is going to make corporate security more of a priority than usability
I haven't noticed any problems with usability. Quite the opposite, in fact.
Security doesn't "get in the way" at all on the platform.
Re:The Most Secure Mobile OS (Score:2, Insightful)
If Linux had the market share, there would need to be a way to install programs and games from other than the distro repos.
You mean like, say, `./configure; make; sudo make install` ? Or maybe `python setup.py install`? Or even converting .deb to .rpm with alien?
Sure, there are no gui frontends, but if that was a popular request, Nautilus and other file managers would quickly gain support for just double-clicking stuff to install.
TL;DR: Troll harder.
Fishbowl (NSA's Android project) (Score:4, Insightful)
http://www.engadget.com/2012/03/01/nsa-builds-own-model-of-android-phone-wants-you-to-do-the-same/ [engadget.com]
Okay, so it's only off-the-shelf parts, but if you really want a mobile device that can earn the label "secure," (software ain't a thing w/o hardware) you're probably going to want something vetted by a security organization/company like....well...the NSA.
Re:Let history be your guide (Score:4, Insightful)
There's a difference between safety and security, which you appear to have conflated. You can have an unlocked house that's wide open in a low-crime area and likely be safe without being secure. You can have a locked house with bars on the windows in a high-crime area and be secure without necessarily being safe.
Safety is what we all want. For someone using a popular device/OS/whatever, you have to rely on security since other factors (i.e. obscurity) will not protect you. If you're a valuable target, it doesn't matter what device/OS you're using, you'll still need to be secure because you are likely to be targeted. Thus, obscurity is not a viable measure of protection.