Resource center | Kaspersky Lab

How secure is your mobile phone? Beyond the Android vs iPhone debate, what are your options for providing better smartphone security for yourself or your company? Mobile devices have become both integral and ubiquitous in everyone's lives, and so they have attracted the interest of criminal hackers eager to steal your vital information. Here are a few tips to help you protect yourself.

Three Layers of Security

As InfoWorld notes, all smartphones have three basic elements of security. Your first major task as a mobile user is to become aware of these layers and enable them in your devices:

  1. Device Protection: Allowing remote data "wiping" if your device is ever lost or stolen.
  2. Data Protection: Preventing corporate data from being transferred to personal apps running on the same device or personal network
  3. App-Management Security: Protecting your in-app information from becoming compromised.

Smartphone security depends not only on the phones, but also on the mobile device management (MDM) technology installed on company servers, that controls and manages device security. Both must work together to provide good security. You need to look at the whole picture. For example, BlackBerry phones are designed and built for business use. Their security is excellent, however BlackBerry offers few popular consumer apps. You might need another type of smartphone for personal use—including shopping and banking—meaning that you need to be concerned about that phone's security as well. The more devices you use, especially if they are linked together through the cloud or otherwise, the more concerned you should be for the overall security of your mobile network.

As more and more apps come onto the market, especially for the popular iOS and Android phones, their security is a growing concern no matter which mobile device you use. Mobile technology specialist Ira Grossman, quoted at CRN, says, "if you don't have a secure app, it doesn't matter how secure the operating system is." In fact, when professionals speak in terms of securing the entire "stack" of a device, they are referring to both the operating system and the apps it runs. Most phones have settings that allow you to verify any apps coming from unknown sources before downloading, and as a rule of thumb, you should stick to the Apple, Google Play, or Microsoft stores, rather than third-party app deliverers. However, always read the reviews, even in the official stores, to make sure you're not adding anything suspicious to your device.

Android vs iPhone vs Blackberry vs Windows Phone

Android security has a questionable reputation, mainly because no one owns it—no one regulates what can or cannot be offered as an Android app, or even what can be sold as an Android phone. But, as Forbes reports, you can secure your Android phone by keeping it updated and avoiding downloading apps of unknown or doubtful origin. More recent Android devices support Google's Android for Work, which is designed to protect workplace applications and uses. In addition, recent Android devices from Samsung also support Samsung's own Knox security technology. Apple's iOS mobile operating system is tightly controlled by Apple itself, which also tightly controls the apps available in the Apple App Store. This control allows Apple devices to offer good security "out of the box," at the price of some user restrictions. For example, iOS only allows one copy of an app on each device. So if a user has a company-provided copy of an app, with security restrictions built in, the user cannot also have an unrestricted version of the same app for personal use. Blackberry also tightly controls devices and apps. Moreover, it is built for MDM, making it easier for a company to manage and protect its devices. Windows Phone also has a degree of centralized control, but has a history of security weaknesses, though its performance is improving as more and more users are coming onboard.

Pros and Cons

No one device or operating system is the definitive "best" when it comes to security. How secure your smartphone is, depends on your personal or professional needs and level of tech fluency. Here is a breakdown of the pros and cons of each type of device, along with a few things to think about when making your decision:

Android

  • Pro: Highly configurable; you can fully control your privacy settings.
  • Con: Lack of standardization means weak "out of the box" security.
  • Tip: Best if you are comfortable with adjusting security settings and tools.

Apple (iOS)

  • Pro: Consistency and reliability; you know what you are getting.
  • Con: Not invulnerable to malware; heavily dependent on Apple security practice. Also, while Apple products are generally priced higher than the Android, they don't guarantee 100% security and are still vulnerable to malware and hacking.
  • Tip: Probably the simplest choice for "pretty good" security.

BlackBerry

  • Pro: Designed to provide industrial-strength enterprise security.
  • Con: You will probably need a separate personal device, which may come with its own security issues.
  • Tip: The best choice if you work in an industry like finance with critical security concerns.

Windows Phone

  • Pro: Compatible with Windows; steadily improving security performance.
  • Con: History of uncertain security performance in the past.
  • Tip: Your best bet if Windows compatibility is a top requirement.

Each smartphone option has mobile security strengths and limitations. How you use your smartphone—and how comfortable you are with adjusting its security settings—will play a big part in deciding which is the best choice for you, but there is no doubt that this debate will continue as more devices come on the market, and increased security measures become more and more important.

Did you know?

Trojans are the most prominent mobile threats: they constitute over 95% of mobile malware. Over 98% of mobile banking attacks target Android devices, which also comes as no surprise. Android is the most popular mobile platform in the world (over 80% of global smartphone market), and of all popular mobile platforms only Android allows to side-load software.

In June 2015, a new Trojan was discovered in Russia; Android.Bankbot.65.Origin was disguised as the patched official Sberbank Online app and offered ‘wider range of m-banking features’, available after the installation of the ‘newer version’.

In fact, the app indeed remained a functional m-banking tool, so users did not notice the swap. Consequently, in July 100,000 Sberbank users reported a loss of over 2 billion rubles. All of them used the rogue “Sberbank Online” app.

It goes without saying the history of banking Trojans is still being written: more and more new apps are created, and more and more efficient techniques attackers user to lure users into their trap. So, it is about time you protected your Android smartphone properly.