|Updated December 2017.
Smartphones are inherently bad for privacy. You've basically got a tracking device in your pocket, pinging off cell towers and locking onto GPS satellites. All the while, the handset's data connection ensures that tracking cookies, advertising IDs, and usage stats follow you around the internet.
So no, there's no such thing as a perfectly secure and truly private smartphone, let's get that out of the way now. But in the information age, you practically need a smartphone just to get by in society, so the question then becomes: Which phone manages to be the lesser of all the evils?
With critical vulnerabilities such as the KRACK exploit and Blueborne, not to mention the FBI attempting to find a backdoor into practically every phone, that's a hard question to answer. So to find the most security-hardened devices, we tested the top smartphones on the market, looking for key factors like encryption strength, biometrics, hardware-assisted security, VPN availability, and security patch time frames. Our research narrowed the list down to four great phones, so let's discuss how well each of these devices protects your privacy.
When it came to comparing our four finalist phones, these were the key differentiating factors for privacy and security:
- Biometrics: There are two schools of thought involving fingerprint scanners and other biometric unlocking methods. First, there's the idea that if your biometric identifiers were ever stolen, you wouldn't be able to change them like a password, making them permanently compromised. The second line of thinking is that if a security method is easier for the user, they'll be more likely to actually use it, in which case biometrics are better for security in general. So in the end, it's your call as to whether a fingerprint sensor is a good or bad thing, but note that having such hardware enables other security-related features such as LastPass' fingerprint login.
- Encryption: Each of these phones uses one of two types of encryption: file-based (FBE) or full disk (FDE). File-based encryption is the more effective method of the two, as it allows individual files to be locked with different keys, whereas full disk encryption uses only one key to lock the entire data partition. All four of these phones use the AES encryption standard, and while some use 128-bit keys to decrypt the data, others use more advanced 256-bit keys.
- Hardware-Assisted Security: Each of the phones on our list calls upon the hardware to assist with the overall security of the device. While iOS devices use the hardware to assist with encryption, the Android devices on our list utilize the hardware to store cryptographic keys (more on this in the How We Chose These Phones section below).
- Sandboxed User Accounts: If privacy is one of your top considerations, you may want to maintain separate user spaces on your phone — perhaps one for work, and another for your personal usage. If so, it's important that the data from each user account be truly separated (or "sandboxed"), and the Android phones in this list offer that feature.
- Restrict Ad Tracking: Phones that ship with Apple and Google services preinstalled use a system-wide advertising tracking ID to help marketing partners deliver targeted ads. This ID follows you around as you use apps and services on your phone, which is sketchy behavior when it comes to privacy. Apple allows you to restrict apps' abilities to view and use this identifier, while Google merely lets you to reset the ID and opt out of seeing personalized ads on Android devices.
- Always-On VPN: A virtual private network, or VPN, allows you to reroute internet traffic through an external server. A good VPN service will even let you encrypt all data traffic for increased anonymity. With Android devices, you can funnel all types of internet traffic through a VPN. With an iPhone, however, you can only use a VPN over Wi-Fi, unless you're willing to reset your device and enable "Supervised Mode" to get the VPN working on your mobile data connection.
- Block Internet Access for Apps: If you don't want apps "phoning home," the ability to block internet access on a per-app basis is a huge plus. With Android, this can be done by setting up a local VPN like Netguard, which takes a little extra work. With iOS, you can easily disable mobile data access for an app, however, it's not possible to restrict Wi-Fi connectivity.
- Data Wipe After Failed Login: Some phones have a feature that triggers an automatic factory reset when someone attempts to enter your PIN or password too many times, if enabled. This is very effective when it comes to fending off intruders, as it makes brute-force password attacks all but impossible.
- LastPass: The popular password management service LastPass has varying degrees of functionality on each of these phones. Some of the devices allow you to log into the service using your fingerprint, others will auto-populate passwords into apps and websites for you.
- Stock Security Center App: If you're security-minded, it's good to have a centralized app that helps you handle all of your phone's security needs. For example, the DTEK security platform gives you an overview of your phone's security health and allows you to easily tweak important security settings, among other things.
- OS CVEs: All phones in this list run either iOS or Android. In recent years, both of these operating systems have had numerous common vulnerabilities and exposures (CVEs) discovered, so it's important to keep track of exactly how vulnerable they are.
- Security Patch Timeframe: Apple doesn't adhere to a specific timeframe with its security patches, however, updates are generally issued within a month of critical bugs being found. Android releases security patches monthly and leaves it to the OEM to distribute to their devices. Since the Pixel 2 is a Google device, it will get Android security patches first.
- Bug Bounties: Device manufacturers will usually offer a cash prize for anyone who can find glaring weaknesses in their phone's software, effectively crowd-sourcing the process of discovering and closing security loopholes. With a higher bounty, people will generally be more motivated to find these bugs. Some companies invite only trusted bug reporters to earn a bounty (depicted as "Closed" in the above chart), while others will let anybody report bugs and claim the bounty (shown as "Open" here).
Our first requirement in choosing these phones was that they all had to be available for sale in the United States from a major carrier or from the manufacturer. Secondly, for a phone to make this list, it had to be encrypted by default to ensure that your data is protected against external access.
Another requirement was that the phones all offered granular permission management, which allows you to revoke an app's permission to access certain features like your camera and microphone. Then, to ensure that your data remains safe even when your phone is lost or stolen, we only selected phones with remote lock and wipe capabilities.
But what really narrowed down this list was the hardware-assisted security requirement. Apple uses a hardware encryption chip to strengthen security, while the Android OEMs here use some variation of a hardware root of trust system. In effect, this means that there's a physical barrier between your data and any would-be attacker — while they may be able to hack the software, they'd need physical access to fully break the encryption, and even then it would be virtually impossible.
Popular phones that were lacking such a physical barrier include the HTC U11, LG V30, LG G6, Moto Z2 Play, and Moto Z2 Force.
It's also worth noting that some of the phones which made our final cut had sibling devices that could've also been listed here — for example, Apple's older iPhone 7 models, Samsung's Galaxy S8 lineup, and the original Google Pixels. We left these devices off the list since there were newer and more future-proof models available in the iPhone X, Galaxy Note 8, and Pixel 2, but they're still solid phones from a privacy and security perspective.
From there, finalists were ranked based on how well the devices scored in the key comparison points above, and with that, the following phones rose to the top.
BlackBerry has always been synonymous with privacy. The company prides itself on making devices as secure as possible for both enterprise and individuals. A few years back, BlackBerry was forced to transition from their own operating system to Android. Despite switching, BlackBerry brought their security features along. Combined with TCL-constructed hardware, the BlackBerry KEYone is the best smartphone for the privacy-conscious user.
Each time you boot the device up, the BlackBerry KEYone takes extra steps to ensure your phone isn't tampered with. This starts with the Hardware Root of Trust. Cryptographic keys are injected into the processor to verify the device and to ensure no tampering occurred. On every bootup, using the keys, each layer of your device is checked for alteration. From the hardware to the operating system, the KEYone looks for any modification and will not boot up if any layer doesn't pass inspection.
Because the Linux kernel is a high target for smartphone hacking, BlackBerry hardens it by sending additional security patches to address vulnerabilities. The KEYone also receives monthly Android security patches, which BlackBerry guarantees for two years. The system memory, which temporarily houses cryptographic keys during verification, is scrambled to combat attacks. This combination of hardware and software security is the reason BlackBerry KEYone has never been rooted. Although, modders may be disappointed, rooting opens up devices to additional vulnerabilities.
Additionally, the KEYone adds small software features that showcase its commitment to privacy. A great example of this is the Privacy Shade, which obstructs the view of all but a small section of your screen. This obstruction allows you interact with your smartphone without having to worry about someone viewing your display over your shoulder.
Another unique security feature is Picture Password, which is a different way to unlock your device, allowing you to hide a number in a secret location within a picture. To unlock, you must shift a grid of numbers, moving the secret number to the secret location. It's designed for quick access and to mitigate the chance of someone figuring out your password by watching you.
The BlackBerry KEYone comes with a security system called DTEK. This monitors your device, checking apps' actions and behaviors, and alerts you to anything out of the ordinary. For example, DTEK checks if apps are sending your location or accessing your text messages. DTEK also evaluates the current integrity of your smartphone and informs you if there is a chink in your armor.
Finally, BlackBerry opted for full-disk encryption instead of Android's newer file-based encryption. While file-based encryption has the ability to isolate some files from others, full-disk encryption ensures everything stored on your hard drive (from your pictures to the root folder) is secured via AES-128 encryption standard.
A majority of the security and privacy features available to the iPhone X come courtesy of iOS. Apple's mobile operating system has several advantages over its competitors that protect the device from various threats.
One example of this is Apple's ability to update all iOS devices much quicker than Google. Because of the open-source nature of Android, OEMs have added skins onto the operating system to diversify their smartphones. However, these skins make updating devices difficult, as updates normally break some of the skin's features. iOS devices don't have skins because there is only one manufacturer. This allows Apple to test a few devices to make sure updates are compatible, then push it out to the masses. While the majority of Apple products are on the latest firmware, only 0.5% of Android devices are running the latest version of Android.
Another advantage of iOS is how it handles encryption. While both Android and iOS utilize file-based encryption, Apple's implementation is a much more refined model. iOS encrypts both files and their metadata (information about the file) separately using unique keys. These keys are then encrypted by another key that is derived from the user's passcode and the hardware.
This second set of keys protects files based on their contents. For files requiring a higher level of security, the keys unlock its content only after the device is turned on and unlocked. For other files, authentication is needed only once to access them. There are four classes of security for these keys, which allows Apple more refined control over file encryption.
The number of CVEs (or Common Vulnerabilities and Exposures) is less than Android and decreasing each year. Since last year, iOS's CVEs have increased by 204, compared to Android which increased by 318 in the same span.
Due to Apple's closed ecosystem, the App Store has far fewer malware apps than the Play Store. Since each app is manually reviewed by a team at Apple, malicious apps have a harder time making it to the App Store.
One major point we should note: The reason we chose the iPhone X over the iPhone 8 or 8 Plus is its facial recognition system. Despite some anecdotal examples across the internet, Apple's statistics show that Face ID is more secure than Touch ID.
Apple has also taken steps to ensure that your Face ID data is as secure as possible. The map of your face is encrypted and stored in the Secure Enclave, an isolated piece of hardware inside of the iPhone X. With the exception of diagnostic data for Apple support, the Face ID data never leave the device. Apps which use Face ID for authentication are only informed that authentication is successful and aren't allowed access to the data.
There's another nice privacy feature that comes along with Face ID. When someone besides you picks up your iPhone X, any notifications will be blocked, preserving your privacy. However, once the TrueDepth camera authenticates a valid user (you), it will reveal the contents.
Aside from Face ID, all other security benefits from the iPhone X will also apply to Apple's cheaper 2017 flagships, the iPhone 8 and 8 Plus. If you're not willing to pay over a grand after taxes, the iPhone 8 models are almost exactly as secure as the iPhone X, so you can't go wrong either way. That said, the X is the absolute top-tier Apple phone when it comes to security and privacy.
The Samsung Galaxy Note 8 utilizes a similar security offering to the Blackberry suite. Known as Samsung Knox, this security platform provides deep-level protection that combines both hardware and software solutions. Knox's goal is to separate your work environment from your personal environment and provide the necessary protection to isolate each area effectively.
The Galaxy Note 8 achieves this goal using a multitude of features. Similar to Blackberry, it starts with the Hardware Root of Trust. The Device Root Key (a cryptographic key) is injected into each Galaxy Note 8 during the manufacturing process and is only accessible in a secure environment known as the Trust Zone. This key is unique to each Galaxy Note 8 and is therefore used to identify the device. These keys are also used to encrypt enterprise data, permanently typing the data to the device.
The Galaxy Note 8 also has a Secure Boot key, which is used to validate each component during bootup to ensure nothing was manipulated. These keys are used to conduct Secure Boot, a mechanism that looks to prevent users from changing the bootloader or operating system of the device. Making these changes to your device severely impacts the integrity of the security. However, unlike BlackBerry KEYone, this hasn't prevented users from rooting the device.
Samsung also employs rollback prevention, which ties certain Samsung programs and executables to the latest version of the firmware. Since older firmware will have vulnerabilities, this ensures that all Galaxy Note 8 models are running the latest software.
While the Knox platform is extensive (with many more features that aren't relevant to this article), its inability to prevent rooting does show an exploit not found on the KEYone. Also, unlike the other smartphones on this list, much of the Knox platform is behind a paywall. While the Note 8 is one of the best overall phones on our list, these limitations have forced it to the number three position.
The advantages iOS has over Android have forced the Pixel 2 (and/or Pixel 2 XL) to be placed last on our list, but this is by no means an insecure smartphone. Although the Pixel 2 had some hiccups, such as a late patching of the KRACK vunerability, Google's flagship is still one of the most secure smartphones available, and the reason can be found in its hardware.
The Pixel 2 has moved the authentication process from a software-based secure environment (known as TrustZone) to a chip that is physicall separated from the SoC. This Security Module contains all the resources needed to conduct authentication on your Pixel 2 device. It is resistant to both software-based and physical attacks, providing high-level protection of your cryptographic keys.
Unlike the majority of Android devices, the Pixel 2 and 2 XL always have the latest version of Android and its security patches — Google has even pledged to offer full Android updates for three years on these phones. Security patches are submitted monthly, protecting the phone from any potential new threats.
Google has one of the best bug bounty programs of all the manufacturers on this list. They'll offer up to $200,000 for critical bugs found, and the program is open to the public, so there should always be plenty of folks scouring the Pixel 2's code base for security loopholes.
The KEYone continues BlackBerry's tradition of enterprise-grade privacy and security, so it tops our list pretty easily. With its DTEK security platform, Full Disk Encryption and extensive Verified Secure Boot, BlackBerry has designed this device for those who wish to keep their phones and their data secure.
BlackBerry's hardware and software security features have qualified them for multiple certifications, including FIPS 140-2(Federal Information Processing Standard) for its Cryptographic Kernel. This standard was created by the NIST to ensure that cryptographic modules provide the necessary protection for use by the US government.
Having said that, if you'd rather not use an Android phone, then the iPhone X is the best iOS device for the privacy-conscious user. Not only does iOS have amazing features built-in to the OS to protect its users, but Apple improved authentication with the introduction of Face ID. Also, once again, an iPhone was able to thwart the best efforts of the FBI after the Texas Church Shooting, providing a real-world example of how secure iOS is.
Do you agree with our list? What smartphone do you believe is the best at security and privacy? Let us know in the comments below.