The world's most secure smartphones - and why they're all Androids
Part of the problem with standard smartphones is that they do so much: thanks to a hyper-competitive marketplace there's a constant race to add more capabilities, which means that security often tends to lag behind.
"When you look at the standard off-the-shelf commercial smartphone, especially these days, the attack surface is enormous, and for a determined attacker it would be relatively easy to hack the device and obtain data of any kind," warns Bjoern Rupp, CEO of GSMK, a Berlin-based secure phone maker.
"An illusion is being created by many players that something is more secure or robust than in reality. If you have a determined attacker, this thing lasts for not even a minute," he warns.
Since it was revealed by NSA-contractor-turned-whistleblower Edward Snowden that governments had been sweeping up vast quantities of our online communications, many companies have boosted the security around their messaging apps: Apple's iMessage and Facebook's WhatsApp are both now using end-to-end encryption, for example.
But encryption can only protect you so far: while an app might be secure, that's not much help if you've already been tricked into downloading a piece of malware that's sending screen grabs of your messages or recording your calls.
All of which means that if someone really wants to spy on your communications, secure software alone will not be enough to protect you, Rupp argues.
"You also need to secure the phone itself against attacks from the outside, and that is something you can only do if you harden the operating system -- and that in turn means you have to ship complete phones because you can't do that in the form of an application."
One thing these security-hardened phones have in common is that they all run versions of Google's Android operating system. This may seem odd, as Android has long been dogged by a poor reputation for security. However, building on Android is much easier than building a smartphone OS from scratch. Also, because the core of Android is open source, it's much more likely that bugs will be spotted and fixed.
"Android had the advantage that, in essence, the core of Android is open-source so it was much easier to compile our operating system from the source code just the way we wanted, without special permissions or licences," said Rupp.
Other secure smartphone makers agree. Choosing Android is mainly about simplicity, says Vic Hyder, chief strategist at Silent Circle, another maker of privacy-focused phones.
"It's mainly economics and timeliness: Android is fighting a stigma of being not secure because there are so many different versions out there, and those versions can't all be updated simultaneously," says Hyder. Silent Circle operates its own bug bounty programme and has paid out thousands of dollars to researchers who spot flaws in its operating system, promising to patches major vulnerabilities in 72 hours.
Security-hardened software and hardware isn't cheap: a CryptoPhone handset from GSMK can cost €2,450. So what can you expect for the money?
GSMK's CryptoPhones use a heavily stripped-down version of Android that lacks some common smartphone features because of the security risk: they don't support MMS and you won't be able to connect your Bluetooth headset, for example.
The phones are designed so the company itself can't snoop: the encryption keys are generated automatically on the device in a random pattern.
"We don't have all these multimedia codecs which are at the heart of most of Android vulnerabilities: we just don't include them and other components of the OS are stripped down by intention and modified," said Rupp.
The internal processes of the smartphone also come in for additional scrutiny, including the obscure-but-essential baseband processor, which manages all of the phone's wireless communications.
That's because a determined attacker could hack into the baseband processor, open the microphone and thus listen to a conversation before it was encrypted -- something that standard antivirus software would never spot because that only monitors the application processor.
"As a general principle we do not trust the hardware, but always monitor everything," said Rupp.
GSMK sells to governments, police and military, NGOs and multinationals in sectors such as energy, automotive, lawyers and journalists -- people who are likely to come under surveillance from well-funded rivals or government agencies.
"Our customers have to assume these attacks are being carried out either because they are conducting a billion-dollar transaction in the case of an investment bank for instance, where there is a very strong economic motivation to use advanced attacks because they can potentially provide you with a huge payoff, or because they are governments or international organizations where even lives may be at stake," says Rupp.