Android vs iOS vs BlackBerry: Which is the most secure holiday gift?

Which smartphone and tablet OS provide the best security? Steve Hunt and the Neohapsis team provide a guide for holiday gift-givers.

As the holiday season approaches, smartphones and tablets are some of the most in-demand items for anyone with even a hint of gadget love in their DNA. Coverage of these exciting new tools is full of hype about new features (SIRI) and also new fears (Carrier IQ). With the sheer volume of marketing and fear being thrown around--eclipsing even the number of holiday songs on the radio--it can be hard for even well-informed users to discern meaning from marketing when it comes to security on mobile devices.

[Also see 5 questions to ask about tablet security | CA discovers fake antivirus smartphone app]

It's a bit like gifting a car: The right choice can greatly improve the recipient's life, while a bad choice could leave them with problems for years to come. This guide is to help you with the security side of the decision, to enable you to take it into account and make the right choices for that special someone (or special self!)

Neohapsis Labs (an independent security think tank based in Chicago) has looked into the general security issues and distilled them down to this short guide (a more detailed report will be released early next year). While there are many available choices of device, the main security decision is what platform to get. There are some main contenders at present (iOS, Android, Blackberry) and a few aspiring players (e.g. Windows Phone, Meego, WebOS, Bada). We are not covering Symbian due to Nokia's recent decision to move to windows phone 7 in 2012. We will focus on the differences between the platforms and not go into any cross-platform issues such as widespread use of mobile analytics packages to track users for advertising purposes.

To continue reading, register here to become an Insider. You'll get free access to premium content from CIO, Computerworld, CSO, InfoWorld, and Network World. See more Insider content or sign in.

As the holiday season approaches, smartphones and tablets are some of the most in-demand items for anyone with even a hint of gadget love in their DNA. Coverage of these exciting new tools is full of hype about new features (SIRI) and also new fears (Carrier IQ). With the sheer volume of marketing and fear being thrown around--eclipsing even the number of holiday songs on the radio--it can be hard for even well-informed users to discern meaning from marketing when it comes to security on mobile devices.

[Also see 5 questions to ask about tablet security | CA discovers fake antivirus smartphone app]

It's a bit like gifting a car: The right choice can greatly improve the recipient's life, while a bad choice could leave them with problems for years to come. This guide is to help you with the security side of the decision, to enable you to take it into account and make the right choices for that special someone (or special self!)

Neohapsis Labs (an independent security think tank based in Chicago) has looked into the general security issues and distilled them down to this short guide (a more detailed report will be released early next year). While there are many available choices of device, the main security decision is what platform to get. There are some main contenders at present (iOS, Android, Blackberry) and a few aspiring players (e.g. Windows Phone, Meego, WebOS, Bada). We are not covering Symbian due to Nokia's recent decision to move to windows phone 7 in 2012. We will focus on the differences between the platforms and not go into any cross-platform issues such as widespread use of mobile analytics packages to track users for advertising purposes.

Android

Google's Android operating system is the most widely deployed platform on tablets and smartphones at present, with a large number of vendors providing their own customized versions. Integrating smoothly with many Google services, Android is rapidly evolving with the latest version (the very well reviewed Ice Cream Sandwich) offering a slew of new features.

Unfortunately, when it comes to security, Android still has a long way to go. The large delay in releasing fixes for security issues is problematic as it requires a different release for each carrier, manufacturer and model. As a result, many Android devices are stuck using old and insecure versions of the operating system.

When it comes to applications, the primary source of applications is the Android Market, which contains tens of thousands of applications, most of them free. These applications are uploaded by developers and go through no review before being published, allowing fast turnaround, but leaving the door open for malicious apps to linger until Google hits the remote kill switch to remove them from devices (as has happened numerous times). Alternatively, curated markets such as the Amazon Appstore show promise for preventing malicious apps getting in--however they also have drawn complaints for the slow rollout of application updates.

Because it uses a very flexible model for applications, Android apps can do things that cannot be done on the other platforms. A user is notified what an application will be allowed to do at install time, and can choose to install it or not. Once installed, third party apps can (if authorized at install time) read and send messages, make and receive calls, access the internet and turn the microphone or camera on and off.

Because users are not very good at either reading or understanding the implications of these permissions, Android applications have been caught sending and receiving premium rate calls and messages, recording users keystrokes or sounds, tracking user locations, or even containing botnet-style malware as might be found on a desktop machine. There are quite a few third party solutions available that purport to secure your device, but their effectiveness is in many cases under question.

The flexibility of Android makes it a great choice for a highly capable user, but it can require quite a bit of knowledge to keep secure in the long run--often this will require that users root the device and install their own custom updates directly if the carrier does not provide them. Clearly not for the technical novice!

Blackberry

While Android is taking the biggest bite out of the consumer market, Blackberry has been very much the jewel of the business world. With its users being likened to drug addicts for their dependence upon the device, RIM's Blackbery devices have earned the designation Crackberry. Even President Obama couldn't part with his device, reportedly much to the irritation of the Secret Service and delight of Research in Motion.

Security and control are some of the main selling points of Blackberry, with the ability to completely encrypt data, tightly control what is done with the device, restrict what individual applications can and cannot do, require tunneling of any and all internet traffic through the company's servers, control apps and much more. The downside is that this control comes at a cost, and the ease of management to keep your device secure can be time consuming for a non-enterprise user.

[Also read Al Sacco's Mobile predictions for 2012: Security, payments, Windows phone and more on cio.com]

Blackberry App World, the source for third party applications, offers a degree of review over all submissions. However, source code is not reviewed by RIM, and only so much can be understood of application behavior. While Blackberry hasn't been targeted by nearly the same amount of spyware or malware as Android, there have been instances of nefarious applications and spyware-trojaned carrier updates.

The ability to lock down and secure Blackberry devices is definitely a plus, but because much of it was designed with enterprises in mind it can get a bit complex for a standard user unless they are careful. The release of more consumer oriented devices based upon Blackberry 10 shows promise, but as it is unreleased at present, this one should stay on hold for individual users for now.