Skip to main content

How much does security factor into your buying decisions? [Roundtable]

There are plenty of reasons to want a new phone or cool tech gadget, and everyone has different reasons. And of course, there are plenty of phones and cool tech gadgets to buy. We find the right gadget for the right reasons and lighten our wallets.

In the midst of all the talk about specs and software and updates and cameras and everything else about the next great Android phone, you'll see a few people talking about security. Security can mean different things to different people but I think everyone considers it while they're deciding what to buy. Even if they don't realize they're doing it. The iris scanning tech on the Galaxy S8 is a security feature. See? You were thinking about it after all.

How important should security be when you're deciding which phone to buy? That's the question this week, and we went around the table to see what your Android Central staff thinks.

Most secure Android phone

Andrew Martonik

Security absolutely weighs into my buying decision when it comes to any sort of connected electronic device I buy — particularly with a phone — but it isn't at the top of my list of importance. I entirely understand that we live in a world where most (if not all) of the electronics we use and love have security vulnerabilities, and in knowing that I'm willing to use devices even though I can't independently confirm that they are completely secure from all types of exploits.

Yes, that means I buy or continue to use devices that have potential vulnerabilities, but in my case, I'm choosing to use them knowing that my interaction with the device may not be safe from all angles. I have no misconceptions about the potential insecurity of my data on such devices and make changes to my use of them accordingly. But at the same time, I recognize the extreme usefulness of these consumer electronics and continue to use them because I see a net benefit despite their potential insecurity.

Daniel Bader

When I buy a phone, or a connected camera, or a car, security is, like, the third thing I think about. But that's because it's something I build into my decision — I take for granted that I am thorough enough in my research to get a product from a company that takes security seriously.

Regular updates and quick patches mean a lot.

But unlike Jerry, that doesn't mean security trumps other considerations, since I am not quite as security-conscious as he is. I rely on a few basic rules: the device or product must be updated regularly; in the case of something like a smart light bulb or security camera, it needs to be from a company that has a history of patching security holes. Nest, for instance, took over six months to patch a recent exploit in its security camera, and while it was ultimately patched, that slow turnaround time means I may think twice before purchasing another product from them.

In the case of a smartphone, I buy phones that will receive regular updates and security patches. Obviously, I'll test many phones, but I will usually go back to phones from Google, BlackBerry or Samsung, since they have the best track record of monthly, or at least regular, patches. Similarly, I now take such security into consideration when choosing a carrier; my current carrier, Rogers, is fairly bad about pushing security patches to its Android phones, so I am considering switching to Telus, which is better known for such things.

Florence Ion

It's easy for me to say that security doesn't necessarily factor into my buying decisions because, frankly, it's not the first thing I think of when I'm buying a gadget. And I think that's because I trust myself enough, and the experience I have buying technology for nearly two decades, to stick with brands and operating systems that I know I can trust.

Of course, sometimes that backfires on us. Sometimes there's an exploit, and I'm getting an email from Adobe, for instance, saying that it had to reset my password because of a security breach. Or, I hear of a text messaging scam going around that installs some sort of virus on your Android device. I try to stick to "the rules" — updating software and avoiding spam, for instance — to keep those type of predators at bay. It's worked so far.

I don't run ad blockers or virus scanners on my Android device, but I do try to do my research, even if it's merely for a new app I'm downloading from the Play Store. I may not realize that I'm doing that for security purposes, but I think that's because I've reached the point where I'm instinctively looking out for it anyway.

Jerry Hildenbrand

It's the first and most important consideration when I buy any connected thing.

Would you buy a front door that has no lock?

Security and Privacy are two very different things, but privacy depends on security. I wouldn't want someone to come into my home when I'm not there, so I lock the door. Locking the door wouldn't be very helpful if anyone who wanted to get in could download the key to it.

I'm not carrying around any national secrets on my phone. In fact, nothing I have on my phone would be important to anyone else. I would probably unlock it and hand it to you if you wanted or needed to look at something. I just want all the looking to be on my terms and not someone else's. The company who can offer that is where I start looking when I'm buying.

Ask yourself if you would want a random stranger reading your email and looking through all your photos. If you said no, then security matters for you, too.

Your take

What about you? Do you think about security when you buy connected things? If so, how important is it to you?

Let everyone know your thoughts in the comments down below.

Jerry Hildenbrand
Jerry Hildenbrand

Jerry is an amateur woodworker and struggling shade tree mechanic. There's nothing he can't take apart, but many things he can't reassemble. You'll find him writing and speaking his loud opinion on Android Central and occasionally on Twitter.

  • Samsung is horrible at updating their phones. The S6 juste got Nougat. Add in carriers and it's worst.
  • Depends on the carrier. My T-Mobile Galaxy S7 Edge is on Nougat and the March security patch. Not updated quite as fast as a Pixel but fast enough..
  • Look at the S7. AT&T, T-Mobile, Sprint, Verizon, and even US Cellular are all on Nougat. But the unlocked, non-carrier US model isn't.
  • Just because Sammy isn't cutting edge on OS updates doesn't mean that they're not fairly good with security patches. They are decent. Why are you with Android if the current OS is dragging you so far down? I like that Sammy puts out a product with a tested OS so I don't have to find all of the bugs.
  • High.. I buy BlackBerry phones and i try to block and restrict permissions for apps as far as practical
  • My Sprint Note 4 gets security updates every month, about 2-3 weeks after the update is released.
  • Wow the Gs6 got Nougat? I have the complete opposite response, I think that's pretty impressive! Not many 2 year old phones are getting major updates like that, and some newer phones haven't even gotten Nougat yet. Plus Samsung seems to be better than LG and other phone makers as well. But like others have said, its the security patches that are really the most important thing.
  • Its not like nougat is actually better than marshmallow, I didn't see anything new on my S7 other than negative changes to the user interface.
  • I think Nougat is a good upgrade from marshmallow. The split screen and long press shortcuts are welcome improvements.
  • This article reminds me of something a computer tech once told me, "The best security is common sense."
  • unfortunately not everyone has common sense
  • Well it does factor in but this is Android we are talking about, which is hopeless. It's only pride in not wanting to buy a iPhone that keeps me on Android. Android is a shambles really but it's a risk that hasn't yet bitten me. I just stick to keeping apps installed to a bare minimum and only very popular ones. It's a shame the updates issue will never be fixed.
  • You're buying the wrong phones. There's no problems with updates.
  • Yeah sorry, what I said only applies to 98% of Android phones, not all of them. 2% get decent updates. Still pretty ******.
  • Android actually is pretty good about security, but it gets a lot of bag press. It's actually about on par with the iPhone, and most phones get more security patches and more frequently than the iPhone.
  • Pride? Gotta love humans and their feelings.
  • Honestly I don't think about it too much for smartphones mostly because I haven't personally experienced much for malware and security breaches on phones. Working in IT I see it all the time on PC's so I'm much more concerned when it comes to the PC. I have been using Nexus and Pixel phones for the last few years so you can't get much better for Android security than that, but it's not why I've been buying these phones.
  • Security is within the top 5 things that I consider in a device. I usually consider the ability to customize (not ROMs--mostly apps and appearance), processor+RAM, camera, security, and NFC (for NFC payments). It isn't pride that keeps me from buying iPhones. It's that everything is locked down (which can be good or bad, but to me, it's more bad than good) and I like to have a little more control over what my device is doing than most. For my family members who aren't very tech savvy, I say go for the iPhone (and let the Genius folks support you). I detest bloatware--either from the manufacturer or the carrier--so vanilla Android is where I've been putting my hard-earned money the last few years. I'm also a strong believer in common sense when it comes to electronics and being online, and I stick to the Play Store and very mainstream apps. I'm one of those nuts that actually reads the permissions explanations... Anyway, I'm very pleased that Nexus and Pixel get monthly updates. For the security issues that are waaaaay beyond my level of understanding, I like knowing that Google tries to address those issues in a fairly timely manner (at least for the Google devices). I used to be a Motorola fan, but the last few years have not been good for them in terms of product support and updates have been noticeably slow--especially given that they put out a pretty "pure" Android OS (which should take LESS resources to keep up to date). I hope they can improve on those topics as I like the looks of their devices and the modular idea is pretty neat.
  • Honestly, the software that Cellbrite sells to most Governments can crack and copy any Android phone in about 4 minutes .. even the Nexus/Pixel. It can do this to over 55 Samsung phones regardless of patch level as well. I have a Nexus 6P that I'll use as a daily drive but frankly if I'm traveling overseas I'm taking my iPhone 7+. Cellbrite can crack the iPhone 6/6+ but it takes about 4hrs. They have yet to do this to the 6S/6S+ or the 7's. I get folks want to install 3rd party roms, get root and do all kinds of monkeying around but frankly .. Google and their OEM's need to start thinking about security a lot more and I'm not talking patch levels for the OS but real security. I know that the iPhone 7 isn't impregnable but I'm going to make it as hard as I can for them to invade my privacy.
  • Sources please
  • GTMF
  • There is nothing on my phone that any government would want and I am not a criminal scared the man is going to get me. Spy away....
  • 4 minutes, 4 hours, what's the difference (besides the 3hrs and 56mins) if they can do it at all? I always say that when it comes to software, all bets are off when it comes to security, no matter if it's iOS, W10m, or Android, no matter if it's TrueCrypt or bitlocker, no matter if it's Samsung Knox or whatever. If it's software, somebody somewhere can break in. Remember when the FBI was trying to gain access to that terrorist's iPhone, and all those Apple people were boasting about how they'll never gain access? Well, we all know how that turned out, don't we? You can't guarantee bug-free software, so you can't guarantee that an exploit won't exist for someone to abuse. Reminds me of all those video game companies putting DRM on their games, hoping to stop people from pirating their products. That stuff NEVER works, and somebody ALWAYS finds a way to get around it. All those people using iPhones and W10m boasting about their "impenetrable security" need to get it through their heads that it's a false sense of security.
  • Nice rant but you left out a lot of things about the San Bernardino shooters phone and all the rest. But thanks for the ranty attempted at mansplaining. Cheers.
  • I don't think that people concerned about their security are worried too much about having their phones seized by government agency. It's mostly about feeling safer when it comes to random hacking online or in cases when they lose their phones.
    If it's in the right hands, there is no impenetrable device.
  • Huge. This is one of the major reasons I'm not sure about getting the S8. The Pixel, even though more secure with monthly updates, just hasn't grabbed me yet.
  • Hardened kernel, common sense, protonmail, signal and my BlackBerry with fast security updates keep me happy.
  • Can you be more specific about hardened kernel ?
  • It's in my top 3 considerations. Hence I only buy Nexus/Pixels, they meet all my needs. I'd consider a blackberry or Oneplus however. They seem to be on top of it.
  • Very important decision when buying a new phone. Looking forward to a new all touch BlackBerry, even though the KeyOne is looking like a nice upcoming device, I personally don't need the PKB. Currently using the Priv, Blackberry is a pioneer when it comes to security, been around way longer than iOS and Android, they're the Originals.
  • I'm with Andrew on this one. It's not the top thing for me but I would rather get a phone that gets updates here and there over no updates at all.
  • I would like to believe I'm a security-forward buyer.
    But as you said, security can definitely mean different things to different people. I owned an iPhone3g, a DroidX, a Nexus4, then Nexus6.
    From my experience with the iPhone and DroidX, I decided I would never buy a non-nexus Android device again.
    I have stuck to that decision for the last ~5 years, and don't expect that to change anytime soon.
    I also avoid most IoT devices like the plague. Very few IoT companies have even demonstrated a desire to attempt to secure their devices, much less the technical expertise to actually do so. I also don't expect that to change anytime soon...
  • When I decided to jump ship and head from iOS to Android security was my biggest concern and why I went with a Nexus 5x on Google Fi. A good but not great phone but I never need worry about updates being timely. I'll trade off some features and performance for security peace of mind any day.
  • Security is something I don't think about when it comes to buying a phone.
    If I can't root it and make it what I want then I'm not buying it.
  • Telus isn't that great with security updates either. Until a few days ago when I got nougat update, my Note 5 was still on November security patch.
  • Security is definitely up there. I don't necessarily care about OS feature updates at this point. But I would like to see timely security updates and will support a company that does it regularly. Which is very few it seems. I'm not caring national secrets or whatever, but I do not want myself, or anyone I know, fall victim to a security flaw. And I want to see updates for longer than 1yr from first sale day. I want to see at least 1 yr from last sale date.. ideally 2yrs (again, talking about security updates). Basically, Apple and Google sit at the top of this list. I think the international versions of the S lineup have been decent as well? I'd like to see that more in the US. Moto... was good. Seems ok now, but I don't think the G3 is updated anymore? I have to double check.
  • Not in any way whatsoever. I take care of myself.
  • For me, it's a factor, but not the number one factor. If it's the number one factor for you, Google and BlackBerry are the only reliable phone makers for security.
  • I relate to numerous points, but it really depends on the kind of device and situation. For phones, I'm mostly with Andrew with a hint of Jerry. I want to experience cutting edge and great features. Sadly, in such a profitable world, those aren't always found with top-notch security. When I buy a phone with security vulnerabilities, I know, and I make sure to avoid it if possible. With devices such as smart watches or other connected devices, I'm more with Daniel in that I kinda just trust my instincts and don't think much about it, but also because I don't use the devices much. That said, I regularly scrub my connected services and logins on Google, Facebook, Evernote, etc, and disable old logins and devices from time to time, even if I'm still using them, just to get a fresh start and feel more secure. With devices like laptops or desktops, however, I'm much more on the side of Jerry. Those are things I'm going to be storing sensitive and/or important documents on. If I don't know the brand, its history, its statements on the device, the other companies involved, the works... I don't want it. There are few exceptions.
  • I'm with Jerry's perspective on this. HOWEVER, I do not actively look at security when picking up a device. I do have some ground rules on life in general though: - I only buy from companies I trust;
    - I do NOT buy from companies based on mainland China;
    - I do use an antivirus on Android (because, well, it comes free with the one I use on my Windows machines anyway);
    - I use all the available security protocols I'm offered (fingerprint to unlock apps, two-step verification, complicated and long passwords etc) However, thinking about smartphones in particular, I don't really care if the phone gets the monthly security updates. And if the phone's software does all I want it to do, I don't even care if it gets updated at all. For example, I couldn't care less if the S7 I currently use hadn't received Nougat. Security updates etc are on the bottom of my priorities when picking up a phone to be honest. But also because of the four things I listed above.
  • Security is pretty important to me and is playing a big part in which phone I choose since I'm looking to upgrade right now. I don't much care about the version of Android as much as I care about the security patches. My first thought is the manufacturer's reputation for security updates and then how popular the brand is with alternate ROMs so that I can continue to get monthly patches for a while after the manufacturers give up. I still like to play with my phone more than Apple will allow so I stick with Android.
  • Not a whole lot, tbh
  • First thing I do on a new phone is set up a lock code or fingerprint lock and turn off on screen notifications. I only download apps from the official store. I guess this means I am fairly security concious.
  • I care little about security. Phone carriers and internet service providers monitor what we do, our government is spying on us, and most products are used to spy on us in one way or another. I don't really see anything as more secure than something else, hackers can find a way into anything.
  • I would say it's not much a factor to me. I also take a lot of risks with my phone and I understand what could potentially happen.
  • my Samsung Galaxy S5 on T-Mobile was on the November 2016 security update up until a few days ago when it was finally patched to March 2017. I'm going to have to say the updates are pretty slow.
  • I could care less about the security updates. The steps you need to go through to actually get one of these "viruses/bugs" is ridiculous, and if you manage to do so you are a real winner. Im not saying it can't happen I've just never known or met anybody that got a bad virus or bug on their device. And I have known a lot of people from all over the country being military.
  • Security / Privacy is paramount. I'm with Jerry on this one. I have nothing to hide but if you want to walk into my digital house wanting to rummage through my stuff then you should first be authorised to do so and it should be with my consent. Blackberry all the way. And after installing any new app I first go to check every single app permission and disable those I do not feel comfortable with. If this cripples the app's functionality then I do not need the app. The only exception being WhatsApp where I do not like how many times it goes through my contact database (a few thousand times a day) but I give in since its the only app which allows cross platform ease of communication with practically all the contacts I wish to communicate with by way of messaging, voice or video. VPN is always on when connecting to any public network and also in countries I travel to where I am not comfortable with overall rules on respect for privacy.
  • Not at all. Just be smart about what you install. Most of the security issues they fix anymore aren't even bring exploited in the wild.
  • Since coming out of the security industry, both physical and electronic processing security, BlackBerry was always my first option, because their reputation and history with security and privacy. Even today, when they are basically selling Android phones on steroids, in terms of security, they are my first option. Even though I am using a Dtek60, I am eager to see what they come up with next after the KEYone.
  • Anyone that places top priority on having a secure device and thinks that because they buy from a trusted manufacturer and their device is always at the latest patch level is a fool. If you're okay with what is essentially the 80/20 rule when it comes to your device's security, then that's a decent strategy.
  • If u buy a Google tagged phone ur always first in the queue for security updates so I'm not following u. Enjoy your 80/20 rule. Some of us enjoy the peace of mind of actually getting timely security updates.
  • I'm saying that buying a google phone and keeping it up the latest patch level IS living by the 80/20 rule. Granted, it's the best option for most that doesn't require more technical means of protection or veer too far into most people's tolerance for inconvenience.
  • I'm not buying an Android phone unless the vendor commits to regular security updates. And I'm not buying from a phone from a carrier unless they also make that commitment. Regular updates hopefully means monthly, but I am willing to compromise and accept a commitment to deliver security updates within 2 months of their release date. Security updates are different from version upgrades. I'd like to get regular version upgrades as well, but no commitment on security updates is a deal breaker for me.
  • Security doesn't factor at all in my purchasing decision of a smartphone. Not that I don't care about it but because they all already include basic security features that make the device secure enough for my needs. Then again I'm not like most in that I don't use a smartphone for anything of sensitive nature; basically just web browsing and an occasional email. No personal pictures or anything financial what-so-ever (only my locked down PC and home network are trusted for such things!).