On Smartphone Security

HackingThis week, a weakness in the Wifi standard was revealed. This flaw was found in the standard itself, not in a device where it was just implemented wrong. That’s surprising. It means it affects just about every wifi-enabled device out there. The question now becomes: how do we make our devices safe again? I’ve ranted about IoT things before, this time I’m focusing on smartphones.

Smartphones and patches

Earlier this summer, the broadpwn vulnerability was released. I went online to figure out when the Nexus 5 I bought (new) one-and-a-half-year ago was going to be patched… and found out it wasn’t going to be. Updates stopped last October, ten months after I bought it.

This happened to me with my previous smartphones as well, with both my Samsung Galaxy S3, and my HTC Hero before that. And I’m getting fed up with it. I don’t like to walk around with a hackable smartphone, or buy a new one every six months. European law provides two years of warranty on things, but that doesn’t apply for smartphone security patches, apparently. A Dutch consumer organization went after Samsung about that in court, but they lost the case.

So, where does that leave me?

Installing Lineage OS

Rooting a smartphone is the process of giving yourself administrator access to it, so you can fiddle with things you normally can’t. Namely, you can install your own operating system.

Depending on what type of phone you have, this can allow you to install an alternative OS. For an iPhone this is pretty useless, as there isn’t a viable OS to install (I think), and Apple actually provides some four years of updates anyway. For Android, which is partially open source, there is a viable alternative.

Lineage OS (built on CyanogenMod), is an open source alternative OS, that provides custom installations (ROMs) for a number of devices, such as my own Nexus 5. And while Google is unlikely to patch my Nexus 5, LineageOS has already been patched.

The downside of this is approach is that you have to hack your own phone, voiding your warranty, and you risk bricking it. After surviving the install of your alternative OS, you are at the mercy of the open source community. That last is not so bad, really. I trust the open source community more than I trust a company like Samsung. Still, it’s a thing to keep in mind. There’s no customer support to call if things go wrong.

Buying a different smartphone

Another approach to get my smartphone patched is to buy a new phone. I already said I don’t like buying a new phone every six months, but maybe I can find a more durable phone.

To that end, I’ve been digging into how long various manufacturers provide security updates for their smartphones.

Next, I took the costs of buying the smartphone (new) and calculated the cost if I buy it in December and use it until the (estimated) end of support. The result for some of the more popular (and recent) smartphones is in the table below.

SmartphoneCostReleasedEstimated end of supportActual cost per month
iPhone 7 128gb€711Sep-16Sep-21€11,85
iPhone 7 256gb€760Sep-16Sep-21€12,67
iPhone 7plus 128gb€838Sep-16Sep-21€13,97
iPhone 7plus 256gb€918Sep-16Sep-21€15,30
iPhone 8 256gb€963Sep-17Sep-22€16,05
iPhone 8 plus 265gb€1079Sep-17Sep-22€17,98
Galaxy S8 64gb€589Apr-17Jun-20€15,50
Galaxy S7 32gb€459Apr-16Jun-19€12,08
OnePlus 5 64gb€599Jun-17Jun-19€24,96
OnePlus 5 128gb€699Jun-17Jun-19€29,13
Motorola Moto Z Force 64gb€799Sep-16Sep-18€33,29
Lenovo Phab 2 64gb€499Nov-16Nov-18€20,79
HTC U Ultra 64gb€428Feb-17Feb-20€11,89
HTC U11€650Jun-17Jun-20€18,06
Google PixelN/A
Google Pixel 2N/A

What’s interesting about this table, is that the iPhone 7 is suddenly the cheapest phone of the bunch. This is actually not surprising, as Apple provides by far the longest support, even for a year-old model.

Now, there are some caveats to keep in mind. I pulled these prices from internet shops. I did some checking around, but not much, so you might find a cheaper alternative somewhere, or only more expensive ones.

Another thing is that I assume the phone lasts until its end of support. I have not had any phones die on me so far, or dropped them in a way that shattered their touch screens. If you are more prone to that, mileage may vary. Heck, if you get a new phone from your provider every two years anyway, then this entire calculation is pretty useless.

Also, the end-of-security updates is a guess. Things change. There is growing attention for security, which may mean a company like Samsung will support their phones longer. Or Apple might decide to drop support early.

And finally, US prices may vary. Phones are cheaper there, and smartphones like a Google Pixel are actually available.

All in all, it’s mostly guess-work, but educated guess-work. With interesting results.

What am I going to do?

I don’t know yet. I used to buy phones at roughly 300 euro or less, and use them for three years or so. Upping my costs to 600-700 euros at once is a pretty big deal. So, I might go the Lineage OS route.

On the other hand, I use my smartphone more and more, which increases the money I’m willing to sink into it.

Everybody will have to make this call for themselves, but I hope this blog will help make the choice a little easier.

Martin Stellinga Written by:

I'm a science fiction and fantasy writer from the Netherlands