How to Choose a Secure Smartphone Without Regrets
Mobile devices have become virtually the only means of corporate communication during the pandemic. Ensuring information security when accessing corporate resources remotely is not a luxury—it’s a matter of business survival. Below, we’ll look at options for secure smartphones and evaluate the (in)conveniences associated with using them.
Free Cheese Is Only in a Mousetrap
It’s no secret that all free, convenient apps feed on our data and our time spent watching ads. The more they know about us, the more accurately they can target ads. Sometimes, they even charge users to remove ads—while still collecting their data. We’ve long gotten used to this barter and have agreed to it by default.
There are less obvious problems, too, like data being collected “for sale.” For example, some Chinese smartphones have built-in media players that won’t let you watch videos unless you grant access to your call and message logs. Security experts call such apps “grayware”—not quite malware, but potentially unsafe because they put your data at risk.
With corporate devices, the situation is even more complicated: not only could your home videos end up on the dark web, but so could your company’s secrets.
Want an iPhone?
Ideally, you’d first identify your threats, then choose effective security measures, and finally select a device. In reality, most people pick a smartphone first and only then think about protecting their data.
Let’s start with iPhones and iPads. Apple has long claimed to value user data and trust. You start to believe it when you have to confirm every app installation or can’t lock a lost device, for example. But Apple Care support, after politely asking for your confirmation, can connect to any iOS device’s screen and even show their cursor—no extra software like TeamViewer needed. It’s all built-in. The user agreement warns that third-party software may transmit data during and after an Apple Care session. Not exactly comforting!
You can prevent such “connections” by disabling screenshots.
About Containerization
In iOS, all apps, URLs, and accounts are divided into “managed” (corporate) and “unmanaged” (personal). The only action you can block between corporate and personal resources is Open In. This prevents users from sending attachments from corporate email to personal WhatsApp as files, but they can still copy the text via the clipboard. Apple calls this protection against “unintentional” leaks.
The only real solution is to use special apps for accessing and processing corporate data, like a secure email client. Convenience and functionality aren’t guaranteed, but the cost almost always goes up.
Where Apple devices really shine (besides their design) is in resisting mobile forensics. Extracting data from an iPhone without the passcode is nearly impossible. But don’t use biometric login—otherwise, someone could just show your iPhone screen to your face and unlock everything.
If iPhone Isn’t for You: Android
Maybe iPhone isn’t your choice. With Android, you have endless options in terms of brands and models—but that’s also the problem. Each manufacturer has its own Android build, and security updates may never arrive. We’ve covered this issue in detail in previous articles.
Android Security Mechanisms
Let’s start with containers, which are actually better on Android than iOS. Since Android 6, you can create a “work profile” that appears as a folder, separate desktop, or, with some Chinese brands, extra icons on work apps.
Apps in the work profile can be restricted by a corporate admin so that data can’t be moved outside the profile. The work profile has its own clipboard, file transfer can be blocked, and so on. Apps in the profile act as if apps outside the profile don’t exist. You can place separate work apps or duplicates of existing apps in the profile. It all seems secure, but there’s a catch.
For example, if you set up Gmail in the work profile, users can’t copy attachments or text to WhatsApp outside the profile, but nothing stops them from saving attachments to Google Drive. The only major Android email client without built-in cloud saving is Samsung’s. But even then, if you don’t block users from adding their own accounts to the work profile, they can copy any downloaded emails to those accounts with a single click—no DLP system will notice.
As with iOS, the most comprehensive solution is specialized apps that are designed to prevent corporate data leaks. Sometimes, this means sacrificing business functionality or being forced to use buggy, unfinished products.
Are There Alternatives?
According to Data Bridge Market Research, the global ultra-secure smartphone market is projected to reach $5,967.3 million by 2027, growing at 19.8% annually (2020–2027). Factors driving this growth include increased demand for secure smartphones, more military and commercial applications, and higher security standards. However, rising product prices and the need for compatible phones are restraining factors.
What’s Available on the Market?
- Purism Librem 5
This smartphone runs PureOS (Linux-based) with pre-installed free, open-source software. There’s no access to Google Play or other major app stores. The default browser is a modified Firefox with DuckDuckGo as the search engine. Price: $799, with Purism promising ongoing updates.
The phone features hardware kill switches for the camera, microphone, Wi-Fi, Bluetooth, and GPS. These can’t be controlled remotely, so in B2B/B2G settings, they’re of limited use since you can’t rely on users to remember to use them.
Specs: Removable 3500 mAh battery, 13MP main camera, 32GB storage (expandable to 2TB via microSD), USB-C charging. - Pine64 PinePhone
A modular Linux-based smartphone starting at $149, allowing users to remove unnecessary components. The downside: users can just as easily add missing modules, like a camera.
Specs: Quad-core Allwinner A64 processor, 2GB RAM, 16GB storage, removable 3000 mAh battery (USB-C charging), 5MP main and 2MP selfie cameras—specs reminiscent of smartphones from five years ago. - MIG C55 (Aurora OS)
A Russian-made secure smartphone costing over 100,000 rubles, running Aurora OS. It survived a 1.5-meter drop at +60°C in a dusty room—hard to imagine a real-world scenario for this, but if you drop it in a hot, dirty sauna, it’ll keep working. A solid device for serious users.
The main drawback of these secure solutions is the limited number of available apps. While Android and iOS have millions, these platforms have far fewer. No matter how much is invested in independent platforms, they started 10 years after Google and Apple, so many familiar features are still missing or under development.
For example, in October, Sailfish 3.4 (the Russian port is Aurora OS) added the ability to select and copy text in email messages—a convenience feature, not a security risk.
Epilogue
The main users of ultra-secure smartphones are corporate executives or people who need trusted devices from the case to the software. They’re willing to sacrifice convenience and service variety. But even in top government agencies, such users are rare.
No matter how secure a smartphone is, you still won’t be allowed to bring it into a classified meeting.
Still, there are growing calls for a universal switch to sovereign, secure devices. What’s the risk? In companies with excessive security, employees eventually start secretly using personal smartphones because it’s easier to meet KPIs—or sometimes it’s the only way. As a result, corporate data ends up in public messengers, personal email, file-sharing services, and so on.
The tighter the security, the more cumbersome the work tools, and the thicker the “shadow” layer of corporate data. This is often ignored, but it leads to significant losses.
There’s no perfect solution. When choosing a security-focused smartphone, you need to decide which risks and missing services you’re willing to accept—and which you’re not. If you don’t make these decisions up front, you may regret your choice later.