Smartphones are inherently bad for privacy. You've basically got a tracking device in your pocket, pinging off cell towers and locking onto GPS satellites. All the while, the handset's data connection ensures that tracking cookies, advertising IDs, and usage stats follow you around the internet.
So no, there's no such thing as a perfectly secure and truly private smartphone, let's get that out of the way now. But in the information age, you practically need a smartphone just to get by in society, so the question then becomes: Which phone manages to be the lesser of all the evils?
With critical vulnerabilities such as the KRACK exploit and Blueborne, not to mention the FBI attempting to find a backdoor into practically every phone, that's a hard question to answer. So to find the most security-hardened devices, we tested the top smartphones on the market, looking for key factors like encryption strength, biometrics, hardware-assisted security, VPN availability, and security patch time frames. Our research narrowed the list down to four great phones, so let's discuss how well each of these devices protects your privacy.
Note: This article was last updated in June 2018.
When it came to comparing our four finalist phones, these were the key differentiating factors for privacy and security:
- Biometrics: There are two schools of thought involving fingerprint scanners and other biometric unlocking methods. First, there's the idea that if your biometric identifiers were ever stolen, you wouldn't be able to change them like a password, making them permanently compromised. The second line of thinking is that if a security method is easier for the user, they'll be more likely to actually use it, in which case biometrics are better for security in general. So in the end, it's your call as to whether a fingerprint sensor is a good or bad thing, but note that having such hardware enables other security-related features such as LastPass' fingerprint login.
- Encryption: Each of these phones uses one of two types of encryption: file-based (FBE) or full disk (FDE). File-based encryption is the more effective method of the two, as it allows individual files to be locked with different keys, whereas full disk encryption uses only one key to lock the entire data partition. All four of these phones use the AES encryption standard, and while some use 128-bit keys to decrypt the data, others use more advanced 256-bit keys.
- Hardware-Assisted Security: Each of the phones on our list calls upon the hardware to assist with the overall security of the device. While iOS devices use the hardware to assist with encryption, the Android devices on our list utilize the hardware to store cryptographic keys (more on this in the How We Chose These Phones section below).
- Sandboxed User Accounts: If privacy is one of your top considerations, you may want to maintain separate user spaces on your phone — perhaps one for work, and another for your personal usage. If so, it's important that the data from each user account be truly separated (or "sandboxed"), and the Android phones in this list offer that feature.
- Restrict Ad Tracking: Phones that ship with Apple and Google services preinstalled use a system-wide advertising tracking ID to help marketing partners deliver targeted ads. This ID follows you around as you use apps and services on your phone, which is sketchy behavior when it comes to privacy. Apple allows you to restrict apps' abilities to view and use this identifier, while Google merely lets you to reset the ID and opt out of seeing personalized ads on Android devices.
- Always-On VPN: A virtual private network, or VPN, allows you to reroute internet traffic through an external server. A good VPN service will even let you encrypt all data traffic for increased anonymity. With Android devices, you can funnel all types of internet traffic through a VPN. With an iPhone, however, you can only use a VPN over Wi-Fi, unless you're willing to reset your device and enable "Supervised Mode" to get the VPN working on your mobile data connection.
- Block Internet Access for Apps: If you don't want apps "phoning home," the ability to block internet access on a per-app basis is a huge plus. With Android, this can be done by setting up a local VPN like Netguard, which takes a little extra work. With iOS, you can easily disable mobile data access for an app, however, it's not possible to restrict Wi-Fi connectivity.
- Data Wipe After Failed Login: Some phones have a feature that triggers an automatic factory reset when someone attempts to enter your PIN or password too many times, if enabled. This is very effective when it comes to fending off intruders, as it makes brute-force password attacks all but impossible.
- Built-in Password Manager: The name of the included feature that stores your various login credentials. These screen names and passwords are stored in an encrypted vault, which offers the ability to auto-fill the stored information in the appropriate app or website.
- Password Generator: The password manager can generate a new password which is more secure than your existing passwords.
- Password Protected Folder: A secure folder which can store apps and files, protecting them from unauthorized access. Data within these folders should be hidden from the app drawer and file manager and require either a password or biometrics to access.
- Stock Security Center App: If you're security-minded, it's good to have a centralized app that helps you handle all of your phone's security needs. For example, the DTEK security platform gives you an overview of your phone's security health and allows you to easily tweak important security settings, among other things.
- OS CVEs: All phones in this list run either iOS or Android. In recent years, both of these operating systems have had numerous common vulnerabilities and exposures (CVEs) discovered, so it's important to keep track of exactly how vulnerable they are.
- Security Patch Timeframe: Apple doesn't adhere to a specific timeframe with its security patches, however, updates are generally issued within a month of critical bugs being found. Android releases security patches monthly and leaves it to the OEM to distribute to their devices. Since the Pixel 2 is a Google device, it will get Android security patches first.
- Bug Bounties: Device manufacturers will usually offer a cash prize for anyone who can find glaring weaknesses in their phone's software, effectively crowd-sourcing the process of discovering and closing security loopholes. With a higher bounty, people will generally be more motivated to find these bugs. Some companies invite only trusted bug reporters to earn a bounty (depicted as "Closed" in the above chart), while others will let anybody report bugs and claim the bounty (shown as "Open" here).
Our first requirement in choosing these phones was that they all had to be available for sale in the United States from a major carrier or from the manufacturer. Secondly, for a phone to make this list, it had to be encrypted by default to ensure that your data is protected against external access.
Another requirement was that the phones all offered granular permission management, which allows you to revoke an app's permission to access certain features like your camera and microphone. Then, to ensure that your data remains safe even when your phone is lost or stolen, we only selected phones with remote lock and wipe capabilities.
But what narrowed down this list was the hardware-assisted security requirement. Apple uses a hardware encryption chip to strengthen security, while the Android OEMs here use some variation of a hardware root of trust system. In effect, this means that there's a physical barrier between your data and any would-be attacker — while they may be able to hack the software, they'd need physical access to fully break the encryption, and even then it would be virtually impossible.
Popular phones that were lacking such a physical barrier include the HTC U12+, LG V35, LG G7 ThinQ, Moto Z2 Play, and Moto Z2 Force.
It's also worth noting that some of the phones which made our final cut had sibling devices that could've also been listed here — for example, Apple's older iPhone 7 models, Samsung's Galaxy S8 lineup, and the original Google Pixels. We left these devices off the list since there were newer and more future-proof models available in the iPhone X, Galaxy Note 8, and Pixel 2, but they're still solid phones from a privacy and security perspective.
From there, finalists were ranked based on how well the devices scored in the key comparison points above, and with that, the following phones rose to the top.
On last year's list, the BlackBerry KEYone won our top spot for privacy and security. Thanks to its low price and the numerous BB10 security enhancements which it brought to the Android platform, it was easy to recommend this device for anyone looking to prioritize their security and protect their privacy.
With the release of its sequel, our expectations were high that it would replace its predecessor on our list. And while pricing is no longer as strong an advantage as it once was, it is still the best smartphone for privacy and security.
Each time you boot the device up, the BlackBerry KEY2 takes extra steps to ensure your phone wasn't tampered with. Known as the Hardware Root of Trust, cryptographic keys are injected into the processor to verify the device and to ensure no tampering occurred. These keys are unique to the smartphone and one of the key reasons why the KEYone (and hopefully, KEY2) will remain unrooted. This is because on every bootup, each layer of your device is checked for alteration. From the hardware to the operating system, the KEY2 looks for any modification and will not boot up if any layer doesn't pass inspection.
Because the Linux kernel is a craved target for smartphone hacking, BlackBerry hardens the kernel during manufacturing. BlackBerry signs and verifies each Key2 leaving the factory to ensure that the each phone leaves in the desired state, both its hardware and software. But the hardening process doesn't end after the phone leaves the factory.
BlackBerry promises two years of Android monthly security patches which address any new vulnerabilities including any potential compromises to the kernel. And it's not just Google's security commits — BlackBerry adds their own security patches to address any vulnerabilities found that might specifically compromise their device.
Once again, BlackBerry opted for full-disk encryption instead of Android's newer file-based encryption. While file-based encryption can isolate some files from others, full-disk encryption ensures everything stored on your hard drive (from your pictures to the root folder) is secured via AES-128 encryption standard. More than likely, BB opted for this method of encryption to keep it FIPS 140-2 compliant. FIPS 140-2 is a US government computer security standard used to approve cryptography of hardware and software components.
Not all of the KEY2's security enhancements are under the hood; there are some improvements that you can not only see, but interact with. A great example of this is the Privacy Shade, which obstructs the view of all but a small section of your screen. Especially when using your phone in public, this protect your privacy against those nosey neighbors who can't help but look at your screen.
Another great example of this is DTEK. DTEK is the dashboard which allows you to interact with many of the software-based changes implemented by BlackBerry and acts as central hub for your KEY2's security. DTEK automatically monitors the operating system and apps for any potential risk to your privacy and rates the device's level of integrity using a gauge. If DTEK discovers any privacy risks, it will recommend a course of action which can be performed within the app.
However, with the KEY2, BlackBerry stepped up DTEK's abilities. The KEY2 introduces a new feature known as BlackBerry Integrity Protection which alerts users of malicious apps performing suspicious behavior (such as turning on the microphone in the background). Additionally, users can set up their own triggers for similar unwanted behaviors such as when an app request use of the camera in the background.
There are too many security enhancements in the BlackBerry KEY2 to mention them all in this article. For a cliff notes version, when it comes to security and privacy, there is no other smartphone we recommend more. BlackBerry builds the KEY2 from the ground up with security in mind, allowing them to be ahead of their competition.
A majority of the security and privacy features available to the iPhone X come courtesy of iOS. Apple's mobile operating system has several advantages over its competitors that protect the device from various threats.
One example of this is Apple's ability to update all iOS devices much quicker than Google. Because of the open-source nature of Android, OEMs have added skins onto the operating system to diversify their smartphones. However, these skins make updating devices difficult, as updates normally break some of the skin's features. iOS devices don't have skins because there is only one manufacturer. This allows Apple to test a few devices to make sure updates are compatible, then push it out to the masses. While the majority of Apple products are on the latest firmware, only 0.5% of Android devices are running the latest version of Android.
Another advantage of iOS is how it handles encryption. While both Android and iOS utilize file-based encryption, Apple's implementation is a much more refined model. iOS encrypts both files and their metadata (information about the file) separately using unique keys. These keys are then encrypted by another key that is derived from the user's passcode and the hardware.
This second set of keys protects files based on their contents. For files requiring a higher level of security, the keys unlock its content only after the device is turned on and unlocked. For other files, authentication is needed only once to access them. There are four classes of security for these keys, which allows Apple more refined control over file encryption.
The number of CVEs (or Common Vulnerabilities and Exposures) is less than Android and decreasing each year. Since last year, iOS's CVEs have increased by 204, compared to Android which increased by 318 in the same span.
Due to Apple's closed ecosystem, the App Store has far fewer malware apps than the Play Store. Since each app is manually reviewed by a team at Apple, malicious apps have a harder time making it to the App Store.
One major point we should note: The reason we chose the iPhone X over the iPhone 8 or 8 Plus is its facial recognition system. Despite some anecdotal examples across the internet, Apple's statistics show that Face ID is more secure than Touch ID.
Apple has also taken steps to ensure that your Face ID data is as secure as possible. The map of your face is encrypted and stored in the Secure Enclave, an isolated piece of hardware inside of the iPhone X. With the exception of diagnostic data for Apple support, the Face ID data never leave the device. Apps which use Face ID for authentication are only informed that authentication is successful and aren't allowed access to the data.
There's another nice privacy feature that comes along with Face ID. When someone besides you picks up your iPhone X, any notifications will be blocked, preserving your privacy. However, once the TrueDepth camera authenticates a valid user (you), it will reveal the contents.
Aside from Face ID, all other security benefits from the iPhone X will also apply to Apple's cheaper 2017 flagships, the iPhone 8 and 8 Plus. If you're not willing to pay over a grand after taxes, the iPhone 8 models are almost exactly as secure as the iPhone X, so you can't go wrong either way. That said, the X is the absolute top-tier Apple phone when it comes to security and privacy.
The Samsung Galaxy Note 8 utilizes a similar security offering to the Blackberry suite. Known as Samsung Knox, this security platform provides deep-level protection that combines both hardware and software solutions. Knox's goal is to separate your work environment from your personal environment and provide the necessary protection to isolate each area effectively.
The Galaxy Note 8 achieves this goal using a multitude of features. Similar to Blackberry, it starts with the Hardware Root of Trust. The Device Root Key (a cryptographic key) is injected into each Galaxy Note 8 during the manufacturing process and is only accessible in a secure environment known as the Trust Zone. This key is unique to each Galaxy Note 8 and is therefore used to identify the device. These keys are also used to encrypt enterprise data, permanently typing the data to the device.
The Galaxy Note 8 also has a Secure Boot key, which is used to validate each component during bootup to ensure nothing was manipulated. These keys are used to conduct Secure Boot, a mechanism that looks to prevent users from changing the bootloader or operating system of the device. Making these changes to your device severely impacts the integrity of the security. However, unlike BlackBerry KEYone, this hasn't prevented users from rooting the device.
Samsung also employs rollback prevention, which ties certain Samsung programs and executables to the latest version of the firmware. Since older firmware will have vulnerabilities, this ensures that all Galaxy Note 8 models are running the latest software.
While the Knox platform is extensive (with many more features that aren't relevant to this article), its inability to prevent rooting does show an exploit not found on the KEYone. Also, unlike the other smartphones on this list, much of the Knox platform is behind a paywall. While the Note 8 is one of the best overall phones on our list, these limitations have forced it to the number three position.
The advantages iOS has over Android have forced the Pixel 2 (and/or Pixel 2 XL) to be placed last on our list, but this is by no means an insecure smartphone. Although the Pixel 2 had some hiccups, such as a late patching of the KRACK vunerability, Google's flagship is still one of the most secure smartphones available, and the reason can be found in its hardware.
The Pixel 2 has moved the authentication process from a software-based secure environment (known as TrustZone) to a chip that is physicall separated from the SoC. This Security Module contains all the resources needed to conduct authentication on your Pixel 2 device. It is resistant to both software-based and physical attacks, providing high-level protection of your cryptographic keys.
Unlike the majority of Android devices, the Pixel 2 and 2 XL always have the latest version of Android and its security patches — Google has even pledged to offer full Android updates for three years on these phones. Security patches are submitted monthly, protecting the phone from any potential new threats.
Google has one of the best bug bounty programs of all the manufacturers on this list. They'll offer up to $200,000 for critical bugs found, and the program is open to the public, so there should always be plenty of folks scouring the Pixel 2's code base for security loopholes.
The KEYone continues BlackBerry's tradition of enterprise-grade privacy and security, so it tops our list pretty easily. With its DTEK security platform, Full Disk Encryption and extensive Verified Secure Boot, BlackBerry has designed this device for those who wish to keep their phones and their data secure.
The KEY2 is one of the best BlackBerry devices in years. It embodies BlackBerry's security reputation and adopts it to the preferences of the current market. The result is one of the most secure smartphones on the market which benefits from the Android OS and its millions of apps. With the DTEK security platform, Full Disk Encryption, and extensive Verified Secure Boot, BlackBerry has designed this device for those who wish to keep their phones and their data secure.
While the KEY2 is more expensive than its predecessor, the increased cost does come with some improvements. The KEY2 has a smaller "forehead," a 20% larger physical keyboard, a faster Qualcomm Snapdragon processor, and 6 GB of RAM.
Having said that, if you'd rather not use an Android phone, then the iPhone X is the best iOS device for the privacy-conscious user. Not only does iOS have amazing features built into the OS to protect its users, but Apple improved authentication with the introduction of Face ID. And once again, an iPhone was able to thwart the best efforts of the FBI after the Texas Church Shooting, providing a real-world example of how secure iOS is.