We assume that phones are secure. That might be the case when they are first released, but not all manufacturers provide users with the latest security patches. When deploying phones for a large scale organization, selecting a secure phone is paramount. We'll highlight phones that provide the highest levels of security and discuss how and why they are doing it.
More: The most secure Android phones
Advertisement
Buying a phone for corporate use is different that it is for a consumer. While many of us are looking for phones with the best cameras or waterproof cases, the IT department in any corporate environment is concerned about two things: can they effectively administer the device and is it secured against remote data theft. All smartphones can get your email and they all make calls or send texts. But not very many are built for business use.
Whether you're buying a phone for your own small business or in the process of buying hundreds for a company-wide deployment it's important to make the right choice when you buy an Android phone. There are several that fit the bill, and none of them is a chore to use.
Google Pixel
Android is an open source application platform that makes it easy to build a complete operating system around. Google is the maintainer of the code and they do the majority of the work writing it. It's only natural that their Pixel and Pixel XL phones would be at the top of the list.
Google has control of Android and the new Pixel brand will carry every security-focused feature for two full years.
Android, as shipped, is very secure, but it's easy to change settings and break the security. Google knows this — and does everything to encourage it for Android developers and enthusiasts — so they make sure an account manager in a business can administer the phone and set up stringent device policies. While they work best with Google Apps offices, they also play very nicely with exchange admins. The Android for Work features also do a great job separating your business applications, accounts and data from the personal side if you or your employees want to bring their own device. All Android for Work features are available for both the Google Pixel and the Google Pixel XL.
Advertisement
The Pixel phones are also kept up to date for their entire lifetime. New operating system features — including security enhancements — are promised for a two-year period, and the shipped software is guaranteed to receive security updates for three years. It's important to build software with strict security and tools to manage it in place, and it's just as important to make sure it gets distributed to your products. Because of Google's open-source nature, the Pixel phones are they only models under Google's direct control, and the only phones they can make any guarantees when it comes to security patch updates.
Of course, the same security features on the software front apply to the Nexus 6P and Nexus 5X, too. While no longer available through consumer sources, direct channels with Huawei or LG may be able to purchase last year's phones from Google. We are hesitant to recommend them for one reason — half of their supported lifespan is over.
BlackBerry DTEK60 and DTEK50
The name BlackBerry is synonymous with mobile security. The BlackBerry DTEK60 and DTEK50 carry on this tradition while using Google's Android to power their software.
BlackBerry has a reputation to uphold when it comes to mobile security, and their DTEK line keeps this focus.
BlackBerry hardens and patches Android at all levels. The Linux kernel that controls everything is hardened by BlackBerry and third party specialists to prevent and mitigate direct exploits that could gain admin access. The boot procedure is independently hardened, with full verification of the system software partition at every restart. Special procedures prevent the running operating system from installing an app that tries to elevate permissions that sit atop of Google's security measures to do the same. And we can't forget BlackBerry's reputation for MDM software. With Android as their way forward, we expect strong focus on software for the account administrator.
When it comes to security patches and fixes, BlackBerry's Android phones are always among the first (if not the first) to announce their availability and send them to users. While BlackBerry may not control the platform and have the opportunity to decide how security is handled the way Google does, they back their phones with their reputation as a leader in both device management and remote security.
The DTEK50 also has a very tempting price tag if you plan on a wider deployment.
While the BlackBerry Priv also provides the same level of security and support as the DTEK line, it's over a year old and won't have the lifespan.
Advertisement
The rest of the landscape gets a little muddy
Unfortunately, the majority of Android-powered phones aren't such a great choice when it comes to security.
Some models, like the Nextbit Robin — have a great track record when it comes to keeping up to date with Google's monthly security bulletins but the software isn't conducive for a corporate setting. Others, like the Motorola brand, can boast that they use the standard security measures put in place by Google, but fall behind when it comes to getting patched. And Samsung phones are a hit or miss when it comes to updates, with a reasonable schedule for the high-end models and little to no support for the more inexpensive ones, so you're likely going to end up waiting for critical patches when a newer model is released.
There are plenty of good choices right now, but what happens next month or the month after? We're waiting for another company to step forward and follow Google's example the way BlackBerry has. There are plenty of reasons for a consumer to buy any of the great Android phones from these companies.That's because they were tailored for the consumer and don't have a security-first focus.
Our conclusion
Android phones are a mixed landscape when it comes to corporate security. Most aren't designed to put IT needs ahead of consumer features and make a great phone for the weekends where they excel. The good news is that your available choices will meet both IT needs and allow your users full access to the business tools they need, and it's up to your IT department to decide whether they can do frivolous things like install Pokémon Go — or not.
