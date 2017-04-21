How the AC staff thinks about security when they're buying cool stuff.
There are plenty of reasons to want a new phone or cool tech gadget, and everyone has different reasons. And of course, there are plenty of phones and cool tech gadgets to buy. We find the right gadget for the right reasons and lighten our wallets.
In the midst of all the talk about specs and software and updates and cameras and everything else about the next great Android phone, you'll see a few people talking about security. Security can mean different things to different people but I think everyone considers it while they're deciding what to buy. Even if they don't realize they're doing it. The iris scanning tech on the Galaxy S8 is a security feature. See? You were thinking about it after all.
How important should security be when you're deciding which phone to buy? That's the question this week, and we went around the table to see what your Android Central staff thinks.
Andrew Martonik
Security absolutely weighs into my buying decision when it comes to any sort of connected electronic device I buy — particularly with a phone — but it isn't at the top of my list of importance. I entirely understand that we live in a world where most (if not all) of the electronics we use and love have security vulnerabilities, and in knowing that I'm willing to use devices even though I can't independently confirm that they are completely secure from all types of exploits.
Yes, that means I buy or continue to use devices that have potential vulnerabilities, but in my case, I'm choosing to use them knowing that my interaction with the device may not be safe from all angles. I have no misconceptions about the potential insecurity of my data on such devices and make changes to my use of them accordingly. But at the same time, I recognize the extreme usefulness of these consumer electronics and continue to use them because I see a net benefit despite their potential insecurity.
Daniel Bader
When I buy a phone, or a connected camera, or a car, security is, like, the third thing I think about. But that's because it's something I build into my decision — I take for granted that I am thorough enough in my research to get a product from a company that takes security seriously.
Regular updates and quick patches mean a lot.
But unlike Jerry, that doesn't mean security trumps other considerations, since I am not quite as security-conscious as he is. I rely on a few basic rules: the device or product must be updated regularly; in the case of something like a smart light bulb or security camera, it needs to be from a company that has a history of patching security holes. Nest, for instance, took over six months to patch a recent exploit in its security camera, and while it was ultimately patched, that slow turnaround time means I may think twice before purchasing another product from them.
In the case of a smartphone, I buy phones that will receive regular updates and security patches. Obviously, I'll test many phones, but I will usually go back to phones from Google, BlackBerry or Samsung, since they have the best track record of monthly, or at least regular, patches. Similarly, I now take such security into consideration when choosing a carrier; my current carrier, Rogers, is fairly bad about pushing security patches to its Android phones, so I am considering switching to Telus, which is better known for such things.
Florence Ion
It's easy for me to say that security doesn't necessarily factor into my buying decisions because, frankly, it's not the first thing I think of when I'm buying a gadget. And I think that's because I trust myself enough, and the experience I have buying technology for nearly two decades, to stick with brands and operating systems that I know I can trust.
Of course, sometimes that backfires on us. Sometimes there's an exploit, and I'm getting an email from Adobe, for instance, saying that it had to reset my password because of a security breach. Or, I hear of a text messaging scam going around that installs some sort of virus on your Android device. I try to stick to "the rules" — updating software and avoiding spam, for instance — to keep those type of predators at bay. It's worked so far.
I don't run ad blockers or virus scanners on my Android device, but I do try to do my research, even if it's merely for a new app I'm downloading from the Play Store. I may not realize that I'm doing that for security purposes, but I think that's because I've reached the point where I'm instinctively looking out for it anyway.
Jerry Hildenbrand
It's the first and most important consideration when I buy any connected thing.
Would you buy a front door that has no lock?
Security and Privacy are two very different things, but privacy depends on security. I wouldn't want someone to come into my home when I'm not there, so I lock the door. Locking the door wouldn't be very helpful if anyone who wanted to get in could download the key to it.
I'm not carrying around any national secrets on my phone. In fact, nothing I have on my phone would be important to anyone else. I would probably unlock it and hand it to you if you wanted or needed to look at something. I just want all the looking to be on my terms and not someone else's. The company who can offer that is where I start looking when I'm buying.
Ask yourself if you would want a random stranger reading your email and looking through all your photos. If you said no, then security matters for you, too.
Samsung is horrible at updating their phones. The S6 juste got Nougat. Add in carriers and it's worst.
This article reminds me of something a computer tech once told me, "The best security is common sense."
Well it does factor in but this is Android we are talking about, which is hopeless. It's only pride in not wanting to buy a iPhone that keeps me on Android.
Android is a shambles really but it's a risk that hasn't yet bitten me. I just stick to keeping apps installed to a bare minimum and only very popular ones.
It's a shame the updates issue will never be fixed.
You're buying the wrong phones. There's no problems with updates.
Honestly I don't think about it too much for smartphones mostly because I haven't personally experienced much for malware and security breaches on phones. Working in IT I see it all the time on PC's so I'm much more concerned when it comes to the PC.
I have been using Nexus and Pixel phones for the last few years so you can't get much better for Android security than that, but it's not why I've been buying these phones.
Security is within the top 5 things that I consider in a device. I usually consider the ability to customize (not ROMs--mostly apps and appearance), processor+RAM, camera, security, and NFC (for NFC payments).
It isn't pride that keeps me from buying iPhones. It's that everything is locked down (which can be good or bad, but to me, it's more bad than good) and I like to have a little more control over what my device is doing than most. For my family members who aren't very tech savvy, I say go for the iPhone (and let the Genius folks support you).
I detest bloatware--either from the manufacturer or the carrier--so vanilla Android is where I've been putting my hard-earned money the last few years.
I'm also a strong believer in common sense when it comes to electronics and being online, and I stick to the Play Store and very mainstream apps. I'm one of those nuts that actually reads the permissions explanations... Anyway, I'm very pleased that Nexus and Pixel get monthly updates. For the security issues that are waaaaay beyond my level of understanding, I like knowing that Google tries to address those issues in a fairly timely manner (at least for the Google devices).
I used to be a Motorola fan, but the last few years have not been good for them in terms of product support and updates have been noticeably slow--especially given that they put out a pretty "pure" Android OS (which should take LESS resources to keep up to date). I hope they can improve on those topics as I like the looks of their devices and the modular idea is pretty neat.
Honestly, the software that Cellbrite sells to most Governments can crack and copy any Android phone in about 4 minutes .. even the Nexus/Pixel. It can do this to over 55 Samsung phones regardless of patch level as well. I have a Nexus 6P that I'll use as a daily drive but frankly if I'm traveling overseas I'm taking my iPhone 7+. Cellbrite can crack the iPhone 6/6+ but it takes about 4hrs. They have yet to do this to the 6S/6S+ or the 7's.
I get folks want to install 3rd party roms, get root and do all kinds of monkeying around but frankly .. Google and their OEM's need to start thinking about security a lot more and I'm not talking patch levels for the OS but real security. I know that the iPhone 7 isn't impregnable but I'm going to make it as hard as I can for them to invade my privacy.
Huge. This is one of the major reasons I'm not sure about getting the S8. The Pixel, even though more secure with monthly updates, just hasn't grabbed me yet.
Hardened kernel, common sense, protonmail, signal and my BlackBerry with fast security updates keep me happy.
It's in my top 3 considerations.
Hence I only buy Nexus/Pixels, they meet all my needs. I'd consider a blackberry or Oneplus however. They seem to be on top of it.