Smartphone security is understandably a hot-button topic right now, as well it should be. With Apple and the FBI currently duking it out over whether or not the former will create a new version of iOS called “GovtOS” that would allow the latter access to an iPhone it has in its possession, everyone who is anyone is now weighing in on who is right and who is wrong. The whole thing raises an interesting question, though – just how secure is the smartphone in our pocket?
Well, that depends on whether it’s an iPhone or something running Android, according to a new report by CNN. As it points out, the iPhone, as of iOS 8, automatically encrypts the data that it stores by default, doing so from the get-go with user not having to do anything on their part to enable it. Android, on the other hand, almost hid the option to encrypt the device and the data it holds. Placed deep inside system settings until 2014, users would have had to go looking for the encryption option and turn it on manually. That alone was a concern as most people didn’t know where, how and why it should be enabled. Since 2014 though, Android prompts users on whether they want to enable or disable encryption when setting up the phone for the first time. While it’s arguable that 97% of Android devices are capable of encryption, only about one third of them (35%) have ever been prompted to enable it, and out of that only a small percentage have got it enabled. Apple? 98% of its iPhones carry iOS 8 or newer, meaning they are all encrypted automatically by default.
What this means is that for both law enforcement and hackers, it’s easier to crack an average Android smartphone than it is to crack an average iPhone because if a phone is not encrypted, it’s far easier to extract data from it even if it has a passcode set. The reason why law enforcement can’t get into San Bernardino case’s iPhone 5c is because it’s encrypted by default, and has a passcode set on it.
“If a person walks into a Best Buy and walks out with an iPhone, it’s encrypted by default. If they walk out with an Android phone, it’s largely vulnerable to surveillance,” said Christopher Soghoian, the principal technologist at the American Civil Liberties Union.
Both the iPhone and Android also have self-destruct mechanism in place for wrong passcode entries which could wipe the device completely if a passcode is entered incorrectly a set number of times. On iPhone, this limit is set to 10 failed tries whereas on Android it is 30 failed tries.
With Android, there’s also the case of microSD cards which are very commonly found on most Android devices. While Android does include option to encrypt external microSD cards, this again is not turned on by default and most users don’t do it because they don’t know about it, leaving their data insecure and out in open.
It’s not all bad news for those carrying Android devices, though. Thanks to the way Android handles its cloud backups, it won’t start committing data to Google servers until a user enters his or her lock screen passcode following a device restart. On Apple’s iPhones, if iCloud “Backup” option is turned on in Settings, they will start backing up to iCloud as soon as they are turned on and connected to a power source and a known WiFi network, such as at home or work, for long enough. If the FBI then wanted that data, they could ask Apple for it with a valid court order.
We already know that the only reason the FBI can’t use this same trick in San Bernardino case is because someone within law enforcement thought it would be a good idea to change the iCloud password that the device was registered against. This meant the device would not be able to backup to iCloud, in turn meaning no data would leave the device no matter how long it was connected to WiFi.
However, Apple is now working on a way to make iCloud even more secure by introducing encryption for iCloud backups for all of its users which will be enabled by default. This will make it impossible for the company to comply with valid court requests for iCloud backup data, from law enforcement.
The report also points out that there are some other ways to make Android devices secure, such as by using third-party solutions to lock individual apps with a password, though, again, this isn’t something that’s done automatically and most people don’t do it.
You may also like to check out:
- Google, Facebook, Microsoft, Twitter & Others Unite To Back Apple In Court In FBI Case
- Apple Is Making An Unhackable iPhone That Even It Can’t Crack In The Wake Of FBI Case