When buying a mobile, it is normal to look at the screen, the resolution and the number of rear cameras, the processor, the RAM or the battery. To choose an operating system, either by fashion or by tradition, the sides are usually clear, those faithful to Android and the followers of the apple company. Despite the constant scandals about security and privacy, this aspect is not usually decisive when deciding between Android and iOS, something that can change.

This year it seems that the US Government's war against strong encryption continues. The Executive requires technology companies to incorporate back doors in smartphones to facilitate easy access to device data. Is this safe for users? Do you need those backdoors to hack a terminal? Both answers are negative.

A report, recently made available to the public, indicates that law enforcement authorities don't even need these backdoors. Supposedly, the US government wants to put an end to encryption to fight terrorism, but taking into account that they already have tools that circumvent this security mole, media such as Motherboard theorize about whether they actually intend to eliminate these obstacles to impose massive surveillance on its citizens.

The document, published by the United States National Institute of Standards and Technology (NIST), reveals that the United States government has been more successful in hacking iPhone, considered for years as the mobile with the highest security standard, than Android.

Tests carried out with tools such as those of the company Cellebrite, a manufacturer of data extraction, transfer and analysis devices, which also investigates 'zero days' (vulnerabilities that have not yet been made public) for use by governments, have revealed which systems are more difficult to break.

The report specifies that the devices, which correspond to those used in the tests of the US authorities, do not represent the full potential of the tools that use reverse engineering to extract large amounts of information. In addition, it adds that the more recent the software version of the terminal, the more complicated it is to decrypt its content.

The iPhone is not unbreakable

The results of the test with the company's UFED InField Kiosk 7.5 (a favorite forensic extraction device of the police departments and the FBI) ​​reveals the list of which terminals are totally or partially vulnerable to their methods: Iphone 4, iPhone 5s, iPhone 6S Plus, iPhone 7 Plus, iPad Mini v9.1, iPad Mini v11.3, Samsung Galaxy s3, Samsung Galaxy S5, LG G4, LG G5, Motorola Droid Turbo 2, Galaxy S6 Edge Plus, Samsung J3 and Google Pixel XL.

The company's tool is capable of taking an iPhone X and accurately extracting messages, partial information from applications such as Instagram, LinkedIn, Snapchat, Pinterest or Twitter, as well as GPS data and call logs. In more recent models, the result is similar, except with emails, which during the test could be partially decrypted, although, it is also true that the police can gain access to cloud email services, such as Gmail, with a court order.

Android makes it harder

The investigation reveals that, during tests, Huawei's P20 Pro was unbreakable, while the Samsung Galaxy S9 and Google Pixel 2 allowed very little data to be extracted. On these devices, Cellebite's tool was unable to extract information from GPS, social media, or browsing history. In the case of the Huawei P20 Pro, not a single data could be extracted, pointing to the Chinese mobile as the most difficult device to hack of those tested.

Cellebrite is not the only company that offers this type of service. Grayshift is one of them, long known in the sector for manufacturing the GrayKey software (used by the FBI and the American and British police forces), considered to be the best tool to unlock the iPhone. Paraben with its E3 tool: DS and MSAB with XRY, also work in this forensic field of data extraction and recovery, but with less powerful tools than the Israeli giant.

Prevent being spied on?

The field of computer security is complex and constantly evolving. Not only the smartphone model matters, it is equally or more important to have the terminal updated, because each update is a patch that covers the security holes that are discovered.

It should be noted that in the device-person relationship, the human being is the weakest link, so it is probably easier to compromise our security by granting excessive access to a terminal application.

Likewise, taking into account that the use of this type of tool can cost around 10,000 euros, unless we are Carmen Sandiego or Villarejo, that is, someone truly important, it is difficult for a person to use Cellebite's services to access the four direct messages from our Instagram fans, emails from our boss or interesting GPS positions from home to work.

If, however, someone prefers to spend that money on breaking our fragile privacy instead of going on a vacation around the world, we will definitely be safer with an Android than with an iPhone.

According to the criteria of