I've been browsing the current wisdom on security best practices as well as the online info on what might be the most reasonable smartphone for the security conscious. It dawned on me that it really depends on the degree of one's paranoia. Here are the increasing levels of paranoia as I see them. If you're worried about losing the phone, or people shoulder surfing, you would use a passcode (indispensable in any case) and install apps for remote location and remote wipe. If you're worried about malware, install antimalware. If you're worried about apps stealing your personal info and/or inflicting you with ads, install permissions controllers and don't install apps indiscriminately. If you're an enterprise, you'd worry about policies for preventing loosy goosy users from bringing malware within the firewall, or making corporate info available to others while off-site. The 2nd most paranoid level is where I sit: If you worry about storing your most personal identification/authentication info on your phone, you avoid the cloud, eschew the vendor OS by going open source, and only install apps when necessary. And finally, the maximum level, if you're worried about certain national establishments (domestic or otherwise) spying on you...well, I'm not sure what people at that level do, but I've read about things with which I am unfamiliar, e.g. securing the baseband, possibly the firmware.
OK, so maybe my paranoia creeps a tiny bit into the maximum level, but only in the sense of being diligent against the possibility of spyware from nondomestic sources. It's such an opaque world that, unless one is willing to make this into a full time career, the available courses of action to users (not developers) to deal with this risk are limited. Speaking from an uninformed standpoint, perhaps a reasonable level of due diligence might be to select a phone made by a company from a country that one is comfortable with.
About the 2nd most paranoid level: I'm beginning to wonder whether it is even feasible trying to contend with perceived risk. I'm finding that it's actually harder to forgo the vendor OS than first thought -- and by vendor OS, I also mean specifically a carrier's variant of an open source OS like Android. The reason I lump that in with a vendor OS is because of the Carrier IQ issue from years back; although there may not have been ill intent, it shows that it is feasible for carriers to augment an open source OS with unwelcome "chaperon" code, and that it is in fact practiced.
Here are the challenges that I've found in trying to pro-actively contend with the 2nd most paranoid level. First, the terrain of open source alternatives is a wild west. I chose CyanogenMod (CM) because it seemed to be the most popular and (I reasoned) would be most mature. The problem, at least so far as I've guessed it to be, is that there are so many phones out there that the port of the OS to the specific phone that one owns is a hit-or-miss proposition. In my case, the images of CM for the 1st generation Moto-G were all nightlies, with no milestone versions, i.e., no verification of proper functionality. The Moto-G has a few more variants, so either the 1st gen has too small a user base or is just too "1st gen" to attract the attention that would lead to a milestone version of CM.
The 2nd challenge is related to the 1st: The recovery software to install non-native OSs (correction from "apps") also seems to be a wild west. I tried to 2 most popular, ClockworkMod and TeamWin. The first did not work and the 2nd worked sometimes. Again, there is no one on a paid staff porting these software to the multitude of phones out there, so one can only guess what forces lead to stable, robust releases for specific phones.
The 3rd challenge has to do with a lower level of paranoia, that of seemingly unreasonable permissions needed by apps. According to my tiering scheme, therefore, it doesn't fall under the 2nd most paranoid level, but it's related in that is has to with protecting your personal info. The most front-line course of action is simply to avoid apps that require permissions that you're not comfortable with, or which you can't fathom the need for. This would rule out a vast sea of apps, including those that you want. Additionally, you can inquire with the vendor about the permissions required by an app that you especially covet and/or install an app permission controller. Along the lines of the latter, CM has Privacy Guard, which would seem to be a magic bullet. It is better than nothing, but far from a magic bullet. Phone operation can break if you indiscriminately refuse permissions (especially to apps native to the OS, even though the permissions may not make sense to you). Furthermore, there are many apps on the list which are unrecognizable. This begins to look like the personal firewall situation of more than a decade ago: It is impossible for users to intelligently create permission rules without some rather deep expertise in how things work under the hood. I see an analogy with apps permission controllers.
The final challenge in contending with the 2nd most paranoid level is where I am currently at an impasse. The OS developers don't just progress the evolution of the OS; at some point, they can decide that the OS will require a different bootloader. This means that you need to download the bootloader from a 3rd party site. It's one thing to put one's faith in open source sites for software that is open to the scrutiny of a large body of users. It's another to go to a less-known site to get a low level piece of software. For example, you wouldn't get a BIOS for your PC from an unknown source (or at least, I wouldn't). So you're faced with the decision of how long to go without an OS upgrade before tossing the phone.
OK, so maybe my paranoia creeps a tiny bit into the maximum level, but only in the sense of being diligent against the possibility of spyware from nondomestic sources. It's such an opaque world that, unless one is willing to make this into a full time career, the available courses of action to users (not developers) to deal with this risk are limited. Speaking from an uninformed standpoint, perhaps a reasonable level of due diligence might be to select a phone made by a company from a country that one is comfortable with.
About the 2nd most paranoid level: I'm beginning to wonder whether it is even feasible trying to contend with perceived risk. I'm finding that it's actually harder to forgo the vendor OS than first thought -- and by vendor OS, I also mean specifically a carrier's variant of an open source OS like Android. The reason I lump that in with a vendor OS is because of the Carrier IQ issue from years back; although there may not have been ill intent, it shows that it is feasible for carriers to augment an open source OS with unwelcome "chaperon" code, and that it is in fact practiced.
Here are the challenges that I've found in trying to pro-actively contend with the 2nd most paranoid level. First, the terrain of open source alternatives is a wild west. I chose CyanogenMod (CM) because it seemed to be the most popular and (I reasoned) would be most mature. The problem, at least so far as I've guessed it to be, is that there are so many phones out there that the port of the OS to the specific phone that one owns is a hit-or-miss proposition. In my case, the images of CM for the 1st generation Moto-G were all nightlies, with no milestone versions, i.e., no verification of proper functionality. The Moto-G has a few more variants, so either the 1st gen has too small a user base or is just too "1st gen" to attract the attention that would lead to a milestone version of CM.
The 2nd challenge is related to the 1st: The recovery software to install non-native OSs (correction from "apps") also seems to be a wild west. I tried to 2 most popular, ClockworkMod and TeamWin. The first did not work and the 2nd worked sometimes. Again, there is no one on a paid staff porting these software to the multitude of phones out there, so one can only guess what forces lead to stable, robust releases for specific phones.
The 3rd challenge has to do with a lower level of paranoia, that of seemingly unreasonable permissions needed by apps. According to my tiering scheme, therefore, it doesn't fall under the 2nd most paranoid level, but it's related in that is has to with protecting your personal info. The most front-line course of action is simply to avoid apps that require permissions that you're not comfortable with, or which you can't fathom the need for. This would rule out a vast sea of apps, including those that you want. Additionally, you can inquire with the vendor about the permissions required by an app that you especially covet and/or install an app permission controller. Along the lines of the latter, CM has Privacy Guard, which would seem to be a magic bullet. It is better than nothing, but far from a magic bullet. Phone operation can break if you indiscriminately refuse permissions (especially to apps native to the OS, even though the permissions may not make sense to you). Furthermore, there are many apps on the list which are unrecognizable. This begins to look like the personal firewall situation of more than a decade ago: It is impossible for users to intelligently create permission rules without some rather deep expertise in how things work under the hood. I see an analogy with apps permission controllers.
The final challenge in contending with the 2nd most paranoid level is where I am currently at an impasse. The OS developers don't just progress the evolution of the OS; at some point, they can decide that the OS will require a different bootloader. This means that you need to download the bootloader from a 3rd party site. It's one thing to put one's faith in open source sites for software that is open to the scrutiny of a large body of users. It's another to go to a less-known site to get a low level piece of software. For example, you wouldn't get a BIOS for your PC from an unknown source (or at least, I wouldn't). So you're faced with the decision of how long to go without an OS upgrade before tossing the phone.
Last edited: