My smartphone is a simple affair. I have a hardened Firefox as my default browser (uBlock Origin with JS disabled by default with HTTPS-Everywhere addon with EASE turned on).
I keep my app-count to a minimum. There are people who need every app imaginable, but that increases the attack surface of the phone. Try to minimize the amount of apps on your phone please!
Then of course all the usual OPSEC practices like not clicking on suspicious links in Whatsapp, E-mail or SMS always apply. You have to consider the human element of all this. So many people have been owned by fat-fingering some suspicious link in an SMS that then took over their phone.
But there is always the argument that: phones ship with malware anyway so you're pwned either way.
You can do a little more if you have root access, like use XPrivacyLua to restrict the amount of data and hardware apps like your browser have access to, and AdAway to block ads globally (protects you from app telemetry that shares data with third parties). You can also run a DoT server and point your phone there to protect your DNS queries from random WiFi networks you may have to connect to, or better run a VPN server and stay connected to it. Also whenever you can, always replace the OS that comes preinstalled with LineageOS (just makes sure everything works for your phone, like the camera and LTE). With the latest LineageOS you can also restrict internet access per app and per network type, though AFWall+ still gives better control over that. For the extremely suspicious apps you can install them on the work profile for extra isolation with Island (Play Store) or Insular (F-Droid).
This happened months ago but I still can't see much info. Also, I see check point reported 4-5 issues to qcomm, not 400.
To people complaining android never gets updates: Android has been providing monthly security updates for some years now. It is even possible that this was fixed even faster since modern android can update some system libraries right from the store (Project Treble announced in 2017)
400 vulnerabilities! Good luck getting any reasonable percentage of users to install these patches. The software update situation on Android is horrible.
Apple doesn't have a spotless record with security. However, they are significantly better at pushing updates. A large majority of eligible iOS devices install OS updates, and iOS devices tend to be eligible for updates for many years.
Additionally, because sales are much lower for iOS than Android, it's hard to get to the same scale. I don't know about iPad numbers, but 1 billion iPhones is about 5 years of sales, and five years is around where Apple stops providing updates (edit: as pointed out below, they're doing closer to 8 years from release now, but not all sales are from current model phones) and that combines with other factors and very few devices make it past five years of use.
______-|4 years ago
I keep my app-count to a minimum. There are people who need every app imaginable, but that increases the attack surface of the phone. Try to minimize the amount of apps on your phone please!
Then of course all the usual OPSEC practices like not clicking on suspicious links in Whatsapp, E-mail or SMS always apply. You have to consider the human element of all this. So many people have been owned by fat-fingering some suspicious link in an SMS that then took over their phone.
But there is always the argument that: phones ship with malware anyway so you're pwned either way.
livre|4 years ago
zibzab|4 years ago
This happened months ago but I still can't see much info. Also, I see check point reported 4-5 issues to qcomm, not 400.
To people complaining android never gets updates: Android has been providing monthly security updates for some years now. It is even possible that this was fixed even faster since modern android can update some system libraries right from the store (Project Treble announced in 2017)
unknown|4 years ago
[deleted]
afrcnc|4 years ago
johnthuss|4 years ago
smiley1437|4 years ago
zibzab|4 years ago
Apple _just_ patched some really big zero-days.
Update: since this is getting down voted be skeptics, here are some sources for you
https://www.bleepingcomputer.com/news/apple/apple-fixes-2-io...
https://www.bleepingcomputer.com/news/security/apple-fixes-m...
https://www.bleepingcomputer.com/news/security/apple-fixes-a...
toast0|4 years ago
Additionally, because sales are much lower for iOS than Android, it's hard to get to the same scale. I don't know about iPad numbers, but 1 billion iPhones is about 5 years of sales, and five years is around where Apple stops providing updates (edit: as pointed out below, they're doing closer to 8 years from release now, but not all sales are from current model phones) and that combines with other factors and very few devices make it past five years of use.
Saris|4 years ago
It seems like even expensive flagship android devices get a year or maybe 2 of updates now and then you're just left on your own.
deadmutex|4 years ago
lawtalkinghuman|4 years ago
Proven|4 years ago
That's pretty cool - you can pay almost nothing for the s/w and still get a phone that works.
lambda_obrien|4 years ago