What do you look for when you buy a new smartphone? Screen size? Camera quality? Sleek design?
Well, it's likely that you're going to start paying a lot more attention to phones' security features, because the threats to smartphones -- from lone hackers to spying governments -- are only growing, and the damage can be catastrophic for a user. It only takes one hacker or virus getting into your smartphone to steal your passwords, banking or credit card details or other sensitive data.
All of this means that the phone maker -- whether it's Apple (AAPL - Get Report) , Samsung (SSNLF) or another company -- that best educates consumers about security and builds the most secure phones could get a leg up on the competition. Thus, investors in these stocks should pay close attention to security issues.
Don't think there are serious threats to your phone's security? Apple just last week issued a patch that fixes a very worrisome flaw. It came to light after a well-known dissident in the United Arab Emirates found a text message on his phone inviting him to click on a link. He alerted researchers, who determined that the link would have allowed software to remotely control his iPhone. Reuters reported that this is the first known case of software that can do this to an up-to-date iPhone 6.
According to a recent report by mobile cybersecurity company Mobileiron, the following mobile attacks either emerged or worsened in the last six months:
- Android GMBot: Spyware that remotely controls infected devices and attempts to fool victims into providing bank credentials.
- AceDeceiver: This malware is designed to steal a person's Apple ID.
- SideStepper iOS "vulnerability": This technique intercepts and manipulate traffic between an MDM server and a managed device.
- High-severity OpenSSL issues: These flaws can affect large numbers of applications and services.
- Marcher Android: This malware attempts to trick users into entering bank account login information.
Smartphone users rely on Alphabet's (GOOGL - Get Report) Google and Apple to provide the necessary security to protect them against threats like this. Apple and Google each released three updates so far this this quarter. Nevertheless, Android users can run into problems if they don't download an app from the Google Play store, and iPhone users who "jailbreak" (i.e., remove their security restrictions on) their phones run the risk of malware when they download an app from outside the App Store.
Apple and Alphabet are holdings in Jim Cramer's Action Alerts PLUS Charitable Trust Portfolio. See how Cramer rates the stocks here. Want to be alerted before Cramer buys or sells AAPL and GOOGL Learn more now.
Besides malicious code that is intentionally hidden in apps during development, there can be unintentional security problems. These occur when sensitive data can be stored in an unsecured location on a smartphone. Hacking can also occur through the air when smartphone users open Bluetooth or WiFi.
These threats aren't just to consumers either. Smartphones and tablets are replacing company-issued computers as tools for gaining access to company networks. Employees want to use their own devices, and enterprises want to realize the benefits of increased productivity that come with the bring-your-own-device, or BYOD, approach.
In early 2015, Tech Pro Research reported that 74% of organizations allowed, or planned to allow, employees to use their personal mobile devices for work. This has created headaches for IT departments, however.
"Security incidents are often the precursor to a breach because they leave a device or app vulnerable and that can put enterprise data at risk," said the aforementioned Mobileiron report, which added that missing devices increased in the latest quarter, while only 8% of companies were enforcing OS updates and less than 5% of companies had deployed app reputation software.
Siobhan MacDermott, a principal with EY's cybersecurity advisory practice, has said, "With the advent of BYOD and the global nature of mobile malware, we're seeing an increase in overall network vulnerabilities... We're observing the personalization of malware, targeting top executives as opposed to broadly sending out emails to many employees hoping that someone clicks on a link."
So smartphones have become a prime target for hackers, criminals and spies. Developers of phone operating systems know this and are working on security at the device level. Each operating system offers its own security, but which is best?
In a report published in April 2016, Gartner compared 12 mobile device platforms: Android 4, 5, and 6; BlackBerry 10; BlackBerry Android; Apple's iOS 8 and 9; Samsung's Knox; and Microsoft's Windows Phone 8.1 and 10 (Lumia), and Windows 8.1 and 10 (Surface).
Gartner's said it looked at a variety of core functions including biometrics, kernel security and OS updates. It also looked at functions relevant to IT administration: encryption management, workspace isolation and jailbreak/root protection.
Knox was the only operating system awarded "strong" ratings for every control in the corporate managed security section. The runner-up in this section was BlackBerry 10, which received ratings of "strong" in every category except Device Firewall Management, where it was rated "average."
Knox 2.6 is the latest version of Samsung's security platform, available on the Galaxy S7 and S7 edge products. It can coexist with Google's managed container technology, Android for Work.
As noted earlier, 97% of mobile malware threats are aimed at Android phones. This is because individuals using Android easily can download apps outside the Google Play store and for the simple reason that there are more Android phones in operation.
As for iOS for the iPhone, the common belief is that it is more secure than Android, particularly in light of the difficulty the Federal Bureau of Investigation had in cracking the encrypted iPhone left behind by one of the attackers in the San Bernardino shootings. But keep in mind that aforementioned attempted attack on that dissident's iPhone in the United Arab Emirates and how it would have given hackers complete control over his phone.
Security has not been a selling point for new mobile phones, but this will change as more employees take advantage of BYOD policies and as consumers get accustomed to controlling smart homes with their phones. (Imagine hackers gaining access to your smartphone's functions that control your home's alarm system and locks!)
We're starting to see this change, however. Blackberry introduced DTEK50 and touted it as the "world's most secure Android smartphone" in July. Blackberry has a long history of focusing on security, and the BlackBerry 7 was rated as the most secure enterprise-ready OS by Trend Micro back in April 2012.
We won't make a recommendation as to what is the best phone or most-secure operating system. We do want to stress, however, how recent news events show how smartphone security is becoming a growing concern for both consumers and corporations.
For a long time it seemed that only Blackberry promoted security in its advertisements. For example, on the Samsung Galaxy 7 landing page on the Samsung's website, there is no mention of Knox. But now Apple appears to be emphasizing security, mentioned it on the landing page for the iPhone.
That will change more, and security will become one of the key things that smartphone purchasers look at. This is particularly true for individuals who intend to use their smartphones for work on the enterprise, as IT management will enforce a more strict posture on cybersecurity.