I am curious how safe is having an Fairphone 3 with Android. Can hackers get into the phone and steal all data, including photos and messages? I come from having an iphone for more than 6 years and never had a phone with android. Is it safe to have one? Can hackers root the device and install hidden apps?
How safe is Android on a Fairphone 3 compared to Apple iOS? Or compared to Samsung which is based on Android but comes with Knox, the security foundation built into Samsung devices?
Do I need to install an antivirus or is it safe without one?
Can I go with older Android versions or do I need to update to Android 11 for security updates?
Do hackers have a easier job to dig into Fairphones because the code is open source?
Unless you install some shady apps or download “win a free iPhone”-files, it’s very unlikely.
Also, very unlikely. In general, you have to have physical access to a device to root it.
I don’t really know what this does (besides apparently being a real pain in the butt when you want to install a custom ROM because it blocks e.g. the camera from being used on one), but after a quick DuckDuckGo search I think it encrypts your device and also secures business data if you use your phone for business as well as privately. You can encrypt a FP too, so I don’t think that there is much difference here, although a quick search wouldn’t harm.
No. Phone antivirus apps are adware at best and malware at worst. There are no viruses for Android like there are for Windows.
FPOS (the operating system that ships with a newly purchased FP) is not open source. Also, in general, open source software is “harder to hack”, because security flaws can easier be found out and fixed if everyone can look at the code rather than just one company.
The Fairphone 3 already comes encrypted. (see: Security - encryption and registration)
For me personally it feels much safer using software which is in general open source, as the lags and flaws can be seen by the whole community (and will be reported by them on a finding).
The past showed that iOS is not safer than other software:
FP comes encrypted by default and with a locked bootloader. To unlock the bootloader, you need a code. To get this code, you have to log into your fairphone account and enter the IMEI and Serial number of your phone. If one really manages to get that code, he might be able to unlock the bootloader. But this will lead to a factory reset with any data wiped off completely.
I would consider this as quite safe.
Of course you have to be logged into your phone in order to enter the bootloader code.
Well, personally I wouldn’t consider any smartphone a safe device, that’s why I for example would never do e.g. online banking or other sensitive things with a smartphone. But as long as you have a device like the FP3 which gets regular security updates, have some awareness about which apps you install and you’re not a person of very special interest, it’s not too likely that your smartphone gets hacked, although it definitely makes sense to turn off any wireless modes (WiFi, Bluetooth, NFC etc.) you’re not using at the moment (also for saving battery).
If you install an alternate OS like /e/ you get the advantage that this is indeed open source, so the source code can be inspected by everyone and they also have a public bug tracker where you can report and discuss issues directly to/with them.
Nothing is 100% safe. If you get targeted by a cunning adversary, it can be game over quite easily (example being physical access).
There’s a bunch of rules of thumbs which should help you keeping you out of reach from scriptkiddies and other mass-targeting. Some of the tips were mentioned here.
Make sure you always run the latest version of firmware and of applications, don’t install weird applications (Play Store contains questionable apps), install as little as possible, and prefer FOSS applications.
There are pretty much only these things you need to look out for. If you do, you’ll be fine:
Install updates when they’re available, both for apps and for the OS.
Do not download random .apk files. Either use the Google Play store or use F-Droid. Do not install apps from other sources.
Look at the permissions when you install apps. Like, a flashlight app does not need access to your contacts and locations. In fact, you don’t even need a flashlight app, it is built into Android, but malicious apps like these are one of the worst privacy/security disasters and it surprises me that Google sometimes allows such apps to be published in the Play Store.