Discussion on:

Please, hack my smartphone: Five surefire tips

3 - your point 4 above quickly explains point 3 and vice-versa...

2 - that's a given, but people feel more secure jailbreaking theirs because the OS or phone vendor never bothered to add in stuff like a proper firewall... oops...

5 - then let's hope the OS manufacturers and hardware vendors both keep up to date. So far, many phone vendors (Verizon, AT&T, etc) tend to be a tad slower with OS updates...

4 - doesn't this point contradict point 3, making one wonder why one would then protect the phone at all? Yeah, some kid might get through it - unless the security is so badly designed (such as face recognition or security bypass features that have not been fully tested...)...

1 - that's a given

nm

"Jailbreak your smartphone. There seems to be some appeal to be the guy at lunch who holds up his smartphone and proudly says it???s been jailbroken (modified to bypass the original security features). At the risk of offending my tech fiends, I always think of this as the geek version of, ???Hey, y???all, watch this!??? There???s a reason they don???t let lawn tractors into hotel lobbies, just as there???s a reason to trust Apple, Google, and Microsoft to have built smartphone operating systems that protect us from security risks. Everyone who thinks they???re smarter than the guys at Google, mount your lawn tractors for the 3:00 A.M. race."

You really don't get it , those of us that jailbreak our iPhones do it add things not circumvent what's there. Apps like "Firewall IP" add an extra level of security that is not provided by Apple. It is very similar to "Little Snitch" for OSX ( little snitch is the app that detected that Apple had OSX sending data to Apple without telling customers).

Many of the "new" features that show up for the iphone are things that are in the jailbroken world long before they show up in a IOS. Good example is "MobileNotifier" , Apple thought this was such a great App they hired the developer that wrote it to improve their notification system
http://www.appleinsider.com/articles/11/0/03/apple_hires_iphone_jailbreak_notification_developer_for_ios_team_at_corporate_hq.html

Most of the jailbreak Apps have to do with modifying the look of the icons,etc. that allows people to express their individuality, something Apple holds in contempt as apparently do you. This is FUD nothing more.

you say the kid next door could by pass the pass-code you setup. The FBI might need to higher the pasty kid....read the link below

he state parole agent assigned to monitor Dears seized the pimp's Samsung Exhibit II Android phone on Jan. 17, but Dears refused to unlock the phone's screen or provide the agent with his login credentials. (His refusal violates the conditions of his parole, which state that he "Shall not use any method to hide or prevent unauthorized users from viewing specific data or files" on his phone.)

On Feb. 14, agents at the FBI Regional Computer Forensics Lab in Orange County were unable to get past Dears' "pattern lock," Soghoian explained; without Dears' Gmail username and password, their efforts to crack his phone came to a standstill.

http://www.securitynewsdaily.com/1623-fbi-warrant-pimp-android.html

I'm on Virgin, & the only way to get an upgraded OS is to buy a newer phone. I understand that, since they don't hold customers to yearly contracts, they need a different way to maximize profit, but that not exactly a way to endear one to the customers. I've been mulling over hacking my Triumph because, with the release of Jelly Bean, I'm 3 upgrades behind now. Plus there are glitches in my current OS that will NEVER be fixed, so it starts to look better all the time. I just wish rooting was not such an increased risk in security.

1. I agree about unverified apps. But there have been security breaches even on authorized platforms, just as there have been on desktops and supposedly safe websites. The key is not that you should only download from the authorized locations, it's that you should know who makes the app and whether it's legit. There are plenty of apps with excess permissions and questionable code - I zap them before they get installed. Not to mention that the real problem is all the crapware loaded by the carriers as part of the preinstall, making the phone run more slowly and giving more places for a breach to occur (because most crapware is busy sending out your information constantly). All of the institutions that you trust so much have been guilty of spying on their customers and/or uploading data without notice, or installing bug reporters to use their customers as testing guinea pigs.

2. Jailbreaking/Rooting - since you said Smartphone, not iPhone, I'm going to include rooting because it's much more dynamic than jailbreaking, though I understand using them interchangeably by some people (they are not used that way in the android dev community). Probably the best thing you can do for security. Wipes out bloatware/crapware and trackers/senders that can be piggybacked by a trojan or malware, allows the user (now superuser) to install a REAL firewall, encrypt files and data, and install security software and utilities that aren't carried in the official app stores because they are for "evil rooted" devices. Blah blah blah. It only took the ICS update to finally have something resembling a BACKUP program without rooting. A freakin' backup program. And you think those guys are on the bleeding edge? No way.

3. Only an idiot doesn't have a password. As for the pasty kid, what the hell is he doing in your house to begin with? And I'm pretty sure he can break a 4-digit password, but I'm pretty sure he can't break military level 64-bit encryption. The real risk is black hat hackers in the cloud who use the stock OS vulnerabilities to break the security protocols.

4. Duh. As if people are scanning all their important documents and loading them on their smartphones. Not.

5. Hmmm....you mean the first release that everyone (almost) downloads right away and installs for those security fixes? The one with all the bugs that will be patched over in a month or two after the carriers and phone manufacturers have figured out the additional vulnerabilities by having their customers use them? Yeah, that sounds great. No thanks, I think I'll wait until the sheeple have tested it, then I'll flash over my previous leaked version of the ROM that was carefully deodexed, zipaligned and debugged by an experienced developer, with the newer version of the stock operating system, once again deodexed, zipaligned and debugged.

It appears that you have no idea what is happening in the real world, since you just spewed out a bunch of general guidelines that followed the decision tree rules of (1) Carriers and phone manufacturers good; (2) Third party developers bad; (3) Anything that's official is good; (4) Anything that's not official is bad; (5) Adults are stupid and should not be allowed to make decisions about the phone they own, but should be told by egomaniacal, deluded people (Verizon: We run the internet!) what they can and cannot do. You can put glasspacks, a Detroit locker and a Hurst shifter in your car, but don't be making changes to that phone, the entire technological universe will come crashing down upon us. Oh, and btw, can we spy on you for our marketing department?

And they wonder why people hate them so much.