This guide looks at security threats and the smartphone features used to combat them before looking at the most secure phones in the world and the most secure for British consumers.
Our top pick for customers committed to security is the BlackBerry Key2, but read on for details of other popular phones and their security measures.
Types of mobile security threat
Security threats to smartphones seem to increase every year as hackers become more sophisticated and mobile manufacturers scramble to keep up.
Examples of security threats which could impact your smartphone include:
- Riskware - Mobile apps which leak data to advertisers or criminals thanks to sweeping permissions being granted by user.
- Malware - Overarching term for malicious software which include viruses, worms, Trojans, adware and spyware. It interferes with your smartphone to help hackers collect personal information or trigger charges.
- Madware - Short for "mobile adware", these programs collect data to help target you with ads but can often be installed without consent.
- Spyware - Programs which collect information and data about you which can include keyloggers to steal your usernames and passwords.
- Phishing - Apps can work in the same way as phishing emails have in the past by collecting the information you input into an app you believe is genuine.
- Grayware - Not usually malicious but can expose users to privacy problems.
- Browser Exploits - Known security flaws in mobile browsers are exploited.
- Spoofing - Networks in public places are set up to look like real wi-fi networks which can be used to steal data and encourage users to give away login information.
- Unsecured Wi-Fi - Hacked public networks can give access to personal data held on your smartphone.
These are examples of common security threats and flaws, but there are others and specific names are given to high-profile cases of hacking and security failures such as TimpDoor, for example.
TimpDoor is a backdoor smartphone threat hidden inside Google Play store apps or tools and now targeting users in America via SMS. It became the most widespread backdoor exploitation in 2018, with detections spiking in September and December.
McAfee, in their Mobile Threat Report for Q1 2019, highlighted that attacks like this are becoming stealthier and will continue to be a huge problem.
So, with all these threats in mind, how do manufacturers make their smartphones more secure?
What makes a smartphone secure?
Security and privacy measures used to protect smartphone users can be as varied as the threats facing them. However, there are some key elements that serve to make some smartphones more secure than others.
Encryption processes essentially scramble data so that it can't be accessed by people who don't have the right key to unlock the code.
On mobile devices, file-based (FBE) and full disk (FDE) are both common methods of encryption, with file-based being the more secure of the two options. This is because it allows individual files to be encrypted with different keys, while full disk encryption only uses one key to secure encrypted data.
AES (advanced encryption standard) is used worldwide and comes in key sizes of 128, 192 and 256. A higher key size means better encryption and therefore improved security.
Authentication covers all the ways that users can unlock their smartphone for use and how they can access data within the phone and within apps.
Biometric authentication comes in the form of fingerprint and face identification which have uses beyond simply unlocking the phone screen, with some mobile banking apps allowing authentication with Apple Face ID, for example.
Fingerprint unlock is common across smartphones, especially those in the higher price brackets from major manufacturers like Samsung and Apple.
This isn't to say that fingerprint recognition is fool-proof, although improving security has been a priority since flaws were identified in 2015.
Other authentication methods commonly found on smartphones include pin numbers and passwords, although these methods are deemed to be less secure.
Authentication only works if the methods are simple to use as users are likely to bypass complex security measures in favour of convenience. So, for this reason, biometric methods such as facial identification and fingerprint recognition are preferable for many.
Due to the amount of personal information kept on smartphones, including access to email accounts and other sensitive data, anti-theft protections should be in place.
There are three main elements of remote anti-theft protection which is important to smartphones: remote lock, remote wipe and remote tracking.
These are all self-explanatory and work to ensure that data can be controlled remotely if the smartphone is lost or stolen. Phone which have these capabilities are more secure in an emergency where users might need to control the data.
While the above are some of the headline security features of smartphones, there are plenty of others that fly under the radar but are equally as important to the overall integrity of the phone.
The ability for a phone to wipe data after multiple failed login attempts can serve as a useful backup if a phone falls into the wrong hands, for example.
In addition, smartphones can include password security features which limit the number of times a user needs to enter their password and therefore improves security against keyloggers and other malware.
Phones with built-in password managers ensure that login credentials are encrypted and can then be auto-filled into sites or apps to avoid re-entering the details. An associated feature is general password autofill which can be supplied by a third party as well as through the manufacturer's own encryption.
Some phones have a password generator which can help users create strong passwords which are then stored in the phone. Along with this, some phones allow individual apps and files to be password protected or doubly protected with biometrics.
Apple vs Android
One of the first questions usually asked in the smartphone security debate is whether Apple or Android phones are more secure. While this frames the argument as a battle between two different pieces of software, it's a good place to start.
The general argument is that Apple's iOS is more secure as all apps sold through their official store go through comprehensive security scanning before they can be distributed.
While users can circumvent this and unlock their iPhones to accept other apps, this isn't recommended as it can seriously compromise the security of the device.
Android and the Play store are more open to app developers which, while improving choice, paves the way for more malware to enter the store and endanger the security of smartphones.
There's also a history of Android devices not responding to security threats as rapidly as their iOS counterparts. This is because phone manufacturers are responsible for pushing patches and security fixes to users, but this doesn't always happen in a timely manner.
That doesn't mean that devices running Android software can't be secure, although there is more onus placed on the user to be mindful of what they're downloading to their device.
Read our full comparison of iOS and Android here.
Secure but rare
Some of the most secure smartphones in the world are either unavailable in the UK or their price tag renders them unattainable for many people. While you're unlikely to find one of these phones on the market, they're worth being aware of.
- Sirin Finney - Uses the Sirin OS and describes itself as the "ultra-secured Blockchain smartphone". It retails for around $1000 and includes many advanced features.
- KATIM Phone - Uses the KATIM OS and is designed by cybersecurity professionals but isn't ideal for everyday tasks.
- Blackphone 2 - Uses the Silent OS and has won awards for its security-orientated design extended rapid support for vulnerability.
- Boeing Black - Built in collaboration with BlackBerry, this phone is targeted at US government and military officials and can automatically self-destruct.
- Turing Phone - Authenticates encryption locally instead of on a remote service and promises "total protection" against malware.
These smartphones are the ultimate in security, but what about the options you can find on the high street and on our comparison pages?
UK's most secure smartphones
We've assembled a list of four widely-available smartphones which are currently the most secure on the UK mobile market.
This list doesn't include any of the top Huawei phones available due in part to security concerns which have limited the manufacturer's role in 5G development.
It is also based on the current 4G market and there will be changes to how smartphone security is perceived and integrated with home and public networks as 5G evolves and providers like EE release their first 5G phones.
So, which phones are the smartest when it comes to security?
Samsung Galaxy S9
The flagship phone from one of the major manufacturers has to keep a focus on security and it manages it, despite the pitfalls mentioned above with running on a basic Android platform.
Samsung mitigate any malware dangers by acting quickly to update software and protect users against vulnerabilities. As its flagship product, much of Samsung's support is centred on the Galaxy S9.
The phone incorporates TrustZones, which are virtual drives users can assign to different activities and therefore keep potentially invasive apps separate to everyday ones. Plus, encryption has been at the heart of development and has a Secure Folder feature for enhanced security.
Along with this, biometric IRIS unlocking is enabled on the S9 and has been rigorously tested to ensure copies of a user's iris can't be used instead of the real thing.
Perhaps one of the best things about the Galaxy S9 is that, as a widely used smartphone, Samsung are constantly receiving feedback and updates about bugs and vulnerabilities to act on as soon as they can.
Read our comparison of the Samsung Galaxy S9 and the Huawei P20 Pro.
Google Pixel 3
While Google's privacy policies are not to everyone's tastes, that doesn't mean their flagship phone range is insecure. In fact, as the company behind Android, Google is in a unique position to roll out updates and patches faster than any other.
Thanks to Google's efforts to reduce data leakage through apps, there are fewer ways for modifications to be made on the Pixel 3 by malware. Nothing is fool-proof but it's at least proactive.
As well as this, the Google Pixel 3 utilises file-based encryption which encodes different files with different keys for improved security, plus it's an excellent option for multi-tasking while maintaining security.
Apple's latest iPhone was bound to make the list, not least because of its Face ID feature that's even being used by banks to authenticate access.
The Safari browser on iOS 12 now blocks cookies from third parties, plus it's put a dent in the ability of other sites like social media organisations to track users around the internet.
As mentioned above, the iOS is generally considered superior to the Android base which the other phones in this list operate on. However, iPhones come with a heftier price tag and not all users are content to pay more for a phone that hasn't received a design update since its previous incarnation was released.
Read our in-depth review of the iPhone XS here.
BlackBerry Key 2
You might not think of BlackBerry devices as in the same stratosphere as Apple and Samsung, but the company hasn't disappeared completely. The Key2 represents the most secure phone available on the consumer market.
Certainly, the BlackBerry Key2 is different aesthetically to other phones due to the mechanical keyboard which can be off-putting for users familiar with full displays from leading smartphone manufacturers. The trade with a smaller screen is a better battery life.
Perhaps the best element of the Key2's security system is its ability to learn and adjust depending on usage and settings. It advises users on improvements to their security behaviour and highlights when a device is at risk.
Proactive security is at the forefront of BlackBerry's latest smartphones and it's also a good phone with a dual camera and customised Android base software.
Be security conscious
Whichever smartphone you choose, remember that security is a joint effort between the manufacturer and the user (along with any intermediaries like Google Play).
So, take all necessary precautions to ensure your personal details don't end up in the wrong hands and think before downloading apps or opening messages that might pose a threat.
More details about safeguarding the security of your mobile phone can be found here.
Our guide to mobile banking app security also contains useful tips that can be applied to downloads and interactions beyond just the banking sector.
Finally, mobile deals from major manufacturers and networks can be compared using the Choose mobile comparison tool.