My Next Phone: Part 21 – Phones I’m Considering

I was going to publish this blog a while ago, but since IFA and various product launches through the winter, I decided to hold back in case I was missing out on a great device.

After a lot of thought and consideration, here is a list of the devices which I’m considering:

  • HTC One A9S
  • HTC Desire 10 Pro/Lifestyle
  • Huawei P9
  • Huawei Nova
  • Huawei P9 Lite
  • iPhone 6S
  • iPhone SE
  • iPhones 4S/5/5S (see: Older Phones/Workarounds blog)
  • LG G5
  • LG G Flex 2
  • LG Nexus 5X
  • Medion Life X5020
  • Samsung Galaxy S7
  • Sony Xperia X
  • Sony Xperia X Compact
  • Sony Xperia XA
  • Sony Xperia XZ
  • Sony Xperia Z5
  • Sony Xperia Z5 Compact
  • Sony Xperia Z5 Premium
  • Wileyfox Swift
  • ZTE Blade v7 Lite

The phones highlighted in Bold font are ones that fit into my budget, but I’m considering the others as well, just in case of any price reduction or special offers that may come my way. Also, I realise there are many other phones available, but these are the ones I’m considering. I think I’ll be going back to Carphone Warehouse, as a lot of the monthly contract deals they offer are so far cheaper than going straight to the network. The Huawei P9, for instance – I went into my local EE store a couple of weeks ago, and the best deal they could offer me was 2GB of data at £35.99 pcm, whereas C.W. were offering the same contract, on EE, for £5 a month less.

Plus, C.W. often do deals with a free gift to go with the phone, such as a tablet or a games console, so this can set them apart from the competition, even though this isn’t the deciding factor. Although, the ‘free’ gift EE offered me along with the P9 was a Mobile WiFi ‘MiFi’ Hotspot box, costing an extra £10 a month, and which I later found out wasn’t free with a hidden upfront cost of £19.99.

However, that hasn’t stopped me from exploring further negotiations with EE, and I guess I’ll make a decision nearer the time.

My Next Phone: Security – Fingerprint Sensors

The Lock Screen

We all do it: we secure our device with a pattern, PIN or password that we use to unlock the device. It’s one of the most simple security measures to use and set up on a mobile device.

But for the people who just can’t be bothered to enter a password every time you receive a text message (i.e. myself), there’s a new way of doing things: fingerprints.

Fingerprint sensors aren’t a new technology, and they’ve been on Apple’s iPhones and Samsung’s Galaxy devices for a couple of years. But the feature is now steadily creeping onto more and more devices, including budget smartphones below the £/$150 mark.

Devices such as the LG G5 and Huawei P9, phones I’m considering for their unique cameras, both have fingerprint sensors on the back of the phone, as opposed to the iPhone 7 and Samsung Galaxy S7 which have a Home Button and fingerprint Sensor combination on the bottom bezel at the front of the device.

A fingerprint sensor can not only be used to unlock the device, but also as a secure method of authorising a payment or purchase. Fingerprint technology is therefore being implemented into mobile payment systems such as Apple Pay, Android Pay and Samsung Pay, and fingerprints can also be used on Android, in the place of a password, when buying digital items and apps from the Play Store.

Fingerprint Sensors: Are They Safe?

Even if a fingerprint is supposed to be more secure than a password, what’s to stop anyone from hacking the data of my fingerprint and being able to use it in future.

Maybe I’m being too paranoid, and maybe I’ve seen too many shows and films like 24 and Mission Impossible, but I don’t feel safe putting in another entry of personal information into my phone.

Also, what’s to stop someone from figuring out a way to bypass this security measure and unlock my device?

Fingerprint Variants

Naturally, I had to do a bit of reading on this. As Android Authority notes in this article published 13 December, there are three types of fingerprint sensors: optical, capacitive, and ultrasonic.

Optical Fingerprint Sensors

Optical sensors work like cameras, and take a digital photograph of your fingerprint. They then use an algorithm to detect “unique ridges and patterns” on your fingertips. Apparently the sensors have more diodes per inch than a regular camera, which helps to capture details and counteract the limitations of a finite resolution. As you’re covering the sensor with your finger, LED flashes come into action to capture the details in the dark.

AA highlights the lack of security with Optical sensors, as they take a 2D image and are easy to fool with prosthetics, as the main reason they’re being phased out, with the bulky technology a secondary reason as this creates a problem for slim phone designs.

Capacitive Fingerprint Sensors 

Capacitive sensors are more common in today’s smartphones, and use tiny capacitor circuits to collect data about a fingerprint.

From Android Authority:

As capacitors can store electrical charge, connecting them up to conductive plates on the surface of the scanner allows them to be used to track the details of a fingerprint. The charge stored in the capacitor will be changed slightly when a finger’s ridge is placed over the conductive plates, while an air gap will leave the charge at the capacitor relatively unchanged. An op-amp integrator circuit is used to track these changes, which can then be recorded by an analogue-to-digital converter.

The TL;DR of that is that it captures your fingerprint in parts. Your phone may ask you to move your finger around the sensor so that it can record different features. The captured digital data can then be compared and used to detect features of your finger in the future.

It’s not as easy to fool a capacitive scanner as it is an optical sensor, making it more secure, but it’s not immune from software or hardware hacking.

Also from Android Authority:

Creating a large enough array of these capacitors, typically hundreds if not thousands in a single scanner, allows for a highly detailed image of the ridges and valleys of a fingerprint to be created from nothing more than electrical signals. Just like the optical scanner, more capacitors results in a higher resolution scanner, increasing the level of security, up to a certain point.

As capacitive sensors are costly, earlier versions opted to cut the number of capacitors needed by using something called a ‘swipe scanner,’ which would “collect data from a smaller number of capacitor components by quickly refreshing the results as a finger is pulled over the sensor.”

As many consumers complained at the time, this method was very finicky and often required several attempts to scan the result correctly. Fortunately, these days, the simple press and hold design is far more common.

Ultrasonic Fingerprint Sensors

This is the newest form of fingerprint sensor technology to enter the mobile phone space, and incorporates an ultrasonic transmitter and receiver into the design. A pulse is sent out by the transmitter, and while some of the pulse is absorbed by your finger, some of it bounces back to the receiver from the ridges and pores of your finger.

Instead of implementing a microphone to listen for signals, a sensor to “detect the mechanical stress is used to calculate the intensity of the returning ultrasonic pulse at different points on the scanner.”

The aforementioned Android Authority article notes explains that, as ultrasonic sensors capture three dimensional images of your fingerprint, they are more secure than optical or capacitive sensors put together:

Scanning for longer periods of time allows for additional depth data to be captured, resulting in a highly detailed 3D reproduction of the scanned fingerprint. The 3D nature of this capture technique makes it an even more secure alternative to capacitive scanners.

The article also mentions that there is more technology at play than simply the fingerprint Sensor, such as the supporting infrastructure of software and hardware, such as a dedicated IC, various algorithms and cryptography, and also notes how a sensor will capture small parts of information (minutae) at a time:

Typically these algorithms look for where ridges and lines end, or where a ridge splits in two. Collectively, these and other distinctive features are called minutiae. If a scanned fingerprint matches several of these minutiae then it will be considered a match. Rather than comparing the whole fingerprint each time, comparing minutiae reduces the amount of processing power required to identify each fingerprint, helps avoid errors if the scanned fingerprint is smudged, and also allows the finger to placed off-centre or be identified with only a partial print.

The article also details what kind of security is used to keep this information secure, and area which I’m particularly interested in:

ARM processors can keep this information securely on the physical chip using its Trusted Execution Environment (TEE) based TrustZone technology.

[…]

Qualcomm’s take on this is built into its Secure MSM architecture while Apple talks this up as the “Secure Enclave”, but it is all based on the same principle of keeping this secure data on a separate part of the processor that cannot be accessed by apps operating in the regular operating system environment.

This is interesting as I didn’t realise the types of fingerprint sensors and different technologies varied so greatly, and the quotes above and below reassure me a little bit when it comes to the data associated with my fingerprint, how it is stored on my phone, and how it is used by companies and banks:

The FIDO (Fast IDentity Online) Alliance has developed strong cryptographic protocols that use these protected hardware zones to enable password-less authentication handshakes between hardware and services. So you can log into a website or online shop using your fingerprint without your unique data ever having to leave your smartphone. This is accomplished by passing digital keys rather than biometric data to servers.

Reading all of this has reassured me that my fingerprints are in good hands, but I’m still weary of the technology. After all, the Galaxy S7 is the first phone I’ve the had with a fingerprint sensor, and idea of using a fingerprint rather than a swipe to unlock my device, or a password to pay for music from the Play Store, is still so new to me.

My Next Phone: Part 11 – Security

Security has been a huge topic of consideration in the mobile phone world in recent years. In this post, I’ll explore some of the things I need to consider before deciding what device to go with.

End-to-end message encryption

End-to-end encryption allows a user to send an encrypted message to another person, and vice versa. The information in the message is encrypted so that only those people you authorise can view it.

End-to-end message encryption is useful when sending sensitive data to another person, and for a journalist, message encryption is essential when interviewing sources or witnesses to an event who wish to remain anonymous.

On both iOS and Android, various apps offer end-to-end encryption services, although Apple’s iOS is often touted as the more secure of the two operating systems.

WhatsApp is well known for its message encryption facility, but in 2016, Facebook also launched the service on its Messenger app.

Facebook Messenger: Secret Conversations

Referred to as Secret Conversations, this allows one person to message another under full encryption.

It’s very easy to use and set up. In the Messenger app for Android, under the Profile tab (the image of a person) scroll down and tap on Secret Conversations, and enable the feature in the sub-menu.

To use the feature, simply start a message thread in the usual manner, and tap on the padlock toggle in the upper right corner of the screen. The window should then turn from Blue to black to tell you that Secret mode has been enabled.

What’s brilliant about Secret Conversations, and slightly annoying at the same time, is that you can only use this feature on one device at a time.

Enabling the feature on another device erases all of your previous conversations. It’s a pretty neat trick, and certainly helps to improve the security of sending messages, but I can see this feature being annoyingly too secure when you’re trying to work across devices.

Another caveat with SC is that both the sender and receiver have to be Facebook users with active Facebook accounts.

This means the feature is a Facebook-only service, but for those times when you’d rather have a super-secret conversation away from prying eyes, it’s a useful feature nonetheless.

Sideloading apps: Unknown Sources (Android)

When an app you want to install isn’t avaliable on the Play Store, you can sideload the app. Unfortunately, you can’t do this on an iPhone without ‘jailbreaking’ your device, even though you used to be able to (and possibly still can) install custom certificates that allow you to download company apps or those apps still in beta.

But on Android, it’s actually pretty easy to sideload an app. In the Settings app, head to the Security menu (exact name may vary between devices) and turn on the ‘Unknown Sources’ toggle button. You’ll get a warning about your device being less secure, but that is always going to be a caveat of this feature.

What this allows you to do is to download and install the .APK file of an app not found on the Play Store.

Amazon is a good example. While it’s easy to stream or download your favourite movies and shows on an iOS device, if you’re a Prime Video subscriber with an Android phone, you’ll notice there’s no Prime Video app on the Play Store. In order to access the Prime VOD service, you first need to download the Amazon Underground app from the Amazon website, and then install the Prime Video app from within the Underground app. Don’t ask me why Amazon make it so hard to use their service, but without the Unknown Sources feature, you wouldn’t be able to stream or download Prime movies and TV shows to your mobile.

But there’s a number of reasons why you’d want to sideload an app. One reason could be that the app developer is a startup business, or that the app is in a closed beta and therefore not ready to be published to the Play Store.

Another reason could be that you’ve tried to install an app from the Play Store that’s incompatible with your device  (or vice versa). Such instances can be annoying, but as long as you download the .APK from a reputable, safe source, sideloading can overcome this obstacle.

The key word there is ‘safe’ – it has been known for an app APK file to contain viruses, so you should do this at your own discretion and only after doing some research on the topic. Also, it would be a good idea to have some form of AntiVirus software installed on your phone, like Norton or McAfee, to check downloaded files for harmful viruses or malware. 

The reason I’m thinking about Sideloading is that I have made use of the feature in the past. I may also use this feature again, possibly to review an indie game or two. Therefore, from a review perspective, Android certainly seems the better choice for me.

SMS Viruses (e.g. Stagefright)

TrueMessenger (Inbox/Spam)

Gh

AntiVirus apps (Norton, etc.)

As mobile hacks and scams become more frequent, it’s a good idea to have an AntiVirus app installed, even if you never actually need it.

I’ve always used Norton software by Symantec for my computers, and although there are other apps available such as Knox or Lookout for Samsung devices, my Norton 360 subscription allows for installs on multiple devices, including phones and tablets, so I’ve been able to make use of the extra security without the extra cost.

Norton’s app is useful in that it scans apps on the Play Store even before I’ve hit the Install button – just because an app is on the Play Store doesn’t necessarily it’s secure.

Tapping on the bar that appears in the footer, you’re presented with a list of things to consider about the app, such how much mobile data the app will use on a scale (see image above) as well as how much battery will drain from using the app. These are useful considerations for anybody, and it’s good to see them in an app that’s primarily about device security.

As is the case with other security apps like McAfee and Kaspersky, the Norton app performs regular device scans (and SD card scans, if enabled) in the background to keep you secure. I like this as I can continue to work without needing to do anything.

I’m familiar with both Android and iOS, so whichever operating system I choose, I know I’ll be in safe hands when it comes to security and AntiVirus apps (if needed).

Virtual Private Networks

While I’ve had a VPN feature on my HTC Desire Eye, I’ve never actually used it. That’s because I need rmto know profile details and DNS server settings to set one up, but it’s actually easier to subscribe to a VPN like tunnelBear.

I’ve also never really needed to use a VPN. I can see one of the benefits of using a VPN: protecting your data while mobile banking in a café on a public, insecure WiFi network.

But as I don’t tend to do mobile banking or any sensitive activity on the move, I’m not sure I’ll need this feature baked-in to the Settings app on a phone.

As I said before, if I need to use a VPN, I’ll likely use a service such as tunnelBear which is easy to use and set up: download the app, sign up/in and voila.

__________________________

As this post was getting a bit detailed, I decided to post a separate section on Fingerprints and the Lock Screen, which you can read in the next blog post of this series.