Apple makes the most secure phones in the world. At least, that’s the common misassumption when it comes to Mobile Phone Forensics
Android phones have been getting more secure thanks to Google updates, which may soon not be accessible to Huawei phone customers.
But increasingly Android models are as difficult, if not trickier, to break into as the iPhone, according to search warrants and forensic industry sources.
One warrant unearthed by Forbes detailed a case in which cops seized an LG Android phone after swooping on suspected drug dealer, Angel Angulo, who’d allegedly sold methamphetamine to an undercover cop. Upon Angulo’s arrest the police obtained the phone from inside the his Ford Mustang, though the search warrant didn’t detail what exact LG model.
The police obtained the LG in January and even had permission to force open the device by holding it up to Angulo’s face or depressing his fingerprint to unlock with facial or fingerprint recognition. But agents at the Bureau of Alcohol, Tobacco, Firearms and Explosives (ATF) have not been able to find a way to bypass the lock screen with their current forensic tools and techniques. They’ve now asked for an additional 120 days to access the device, according to a filing from the ATF. (No legal representation was listed for the defendant. The Department of Justice hadn’t responded to a request for comment at the time of publication).
iPhones less secure than Android now?
Sources in the forensics community tell Forbes that the security of Google’s operating system has become, in some cases, too strong to allow police (or anyone else with direct access to an Android phone) inside. “Some would say iPhones are less secure,” said one source from a large forensics provider.
Google, like Apple, has been continually adding security features to Android, said Vladimir Katalov, CEO of Russian forensics provider Elcomsoft. One of the key updates to Android over the years remains Secure Startup, which encrypts all internal storage so the data within should be accessible only to someone with a passcode or other form of authentication, like a face or a finger.
The anonymous source noted that a considerable amount of resources go into penetrating the defenses of iPhone operating systems, and once a hack works on one iOS device, it should work on all the others. The same cannot be said for Android, which is fragmented across manufacturers’ home-brew updates and countless phone models. If a police officer or forensics professional finds a way to break into a Google Pixel, for instance, the same hack might not work on any other devices.
“While some Android phones can be accessed using generic methods, each new model may contain unique features which require a more customized approach,” said Peter Sommer, professor of digital forensics at Birmingham City University in the U.K. “In addition there are instances of standard Android phones being heavily modified to have secure features.”
The issue of Android security is particularly pressing for Huawei, the world’s largest manufacturer of Android phones, which is set to lose access to Google’s security updates on newer devices. That’s because of the Trump administration’s ban on American companies doing business with the Chinese telecoms giant.
iPhone still trumps Android in some cases, though. When Forbes tested a range of Android phones’ facial recognition systems, there were clear disparities in the security of the technology across the different devices. A 3D-printed head was able to open all the Android phones tested, but it worked much quicker and in all light conditions on a OnePlus 6, whereas Samsung and LG phones were tougher to crack. Forbes also tested Apple’s facial recognition with the fake head. In that case, it proved impenetrable.