Find a phone which has a large community around it, and lots of custom ROMs available. An official Cyanogenmod release is a good sign. It's also a sign that your phone will have a longer usable life than whatever the manufacturer promises you now.
Custom ROMs have a long history of extending the life of phones. For example the HTC G1 was abandoned by Google at Donut (1.6) but unofficially received up to Gingerbread (2.3). It's a bit of a perverse example, but hopefully enough to make the point. Phones with good community support receive current versions of Android long after both Google and the manufacturer have stopped giving a shit.
To the people who say "you can't trust a random stranger on the internet making a custom ROM to be any more secure than the manufacturer ROM" you're right. If someone wanted to make a custom ROM with malware in it, there's a pretty good chance it may not be noticed.
If your threat model includes a three letter agency, then don't use Android. Full stop. The iPhone is the ecosystem you want.
I recommend to all my friends and family to buy phones with good community support just to receive updates to ROMs like Cyanogen. The first thing I do when they say they're considering "Phone XYZ" is to look on XDA Developers[0] to gauge the level of community around the model. If it looks dead (e.g. look up any tablet based on the NVidia Tegra for what not to buy [1]) then I recommend they keep looking.
I've had really good luck with Chinese phones which are also sold in markets like South East Asia and India. There are millions of users of these phones, so the custom ROM community is quite strong. The hardware is also quite cheap, I have a Xiaomi Redmi 2 I bought last year for $125 USD including shipping, and it runs Android 7 thanks to community developers [2].
"If your threat model includes a three letter agency, then don't use Android. Full stop. The iPhone is the ecosystem you want."
I wouldn't count on that either.. It depends on how "interesting" you are for them, given their reach, I would be really surprised if some of these agencies doesn't have zero-days and/or backdoors stockpiled for high value targets.
Heck, or they even have cooperation from Apple. Apple claims they dont have a backdoor, and the FBI moans that they can't hack current iPhones.
But honestly, who can ensure to me that there is no national security letter (or other mechanism I don't know about) forcing Apple to cooperate, with a gag order forcing them to keep silent?
Who can ensure me that the NSA et al have are not bribing, blackmailing, or using court orders on the three or four vocal security experts I can name (like Bruce Schneier, tptacek, Moxie Marlinspike, ...). Everything they say on this topic might be manipulated, who knows.
There could be backdoors everywhere, in apps, hardware, routers, lamps, whatever. Occam's razor suggests that this is crazy, but then people found spam sending wifi chips in clothes irons, so I guess nothing is too far fetched.
If you suspect "they" might be out to get you, the only thing you can really do is to stay under the radar, and hope they don't notice you and target you individually.
If we turn completely cynical and tell everyone that all manufacturers are equal, we take away all incentives for them to actually try to protect their users' privacy.
Apple deserves some recognition for their attempts. At some point they were fighting several lawsuits seeking to protect their users, and were under massive attack by some politicians because one of the cases was a terrorist. That's quite risky – with the current political climate, being associated with one of the parties has the potential to cut your revenue in half.
The FBI may have ultimately gotten the data after buying a zero-day exploit, which is unfortunate. But Apple seemed to be winning in court at that time and the gov may have been quite happy to find a way to drop the lawsuits without losing face.
I spent a day battling with getting a custom ROM on my Redmi 3 and gave up. In case anyone reads this: Xioami make amazing phones for the price. This $120 USD phone outperforms my S3. But getting a custom ROM on a Xioami is getting increasingly difficult - you have to ask for permission, jump through hoops to unlock the phone and sometimes it just does not work. Xioami is the Apple of China - great UI but increasingly closed ecosystem. Their OS is called MIUI, which is basically Android with more customization options (necessary for the markets they serve). It is a great phone and OS, but it is more complex than just flashing CyanogenMod (unfortunately).
This does not blanket apply to all Xiaomi devices. There are official builds of CM available for the Mi3, Mi4, Redmi Note 3, and a fully open source unofficial build for the Mi4C and Mi4S.
Unlocking their bootloader can be done officially through a request, or unofficially. Changing the recovery by replacing a single file in the EDL and retaining bootloader lock is also possible.
Custom roms never run stable from my experience and that is why I have stuck with Google Nexus devices in the past.
Maybe if the phone is past its supported update lifespan then I would consider custom roms, otherwise I don't want to have to deal with these frustrations on a brand new device.
YMMV obviously but having used CyanogenMod for the past few years on various devices I've found it to generally exceed the stability of vendor-provided Android. Not to mention the better user experience and more rapid security patching.
"Custom roms never run stable from my experience and that is why I have stuck with Google Nexus devices in the past."
Coincidentally enough, the custom ROMs for the N4 and N5 are ubiquitous & surprisingly stable. My N4 running CM 10.1.3 has yet to crash or freeze w/out my fiddling with Privacy Guard(been fiddling with it for 2 years, became daily phone only recently). The Sailfish OS ROM has come a long way and is still actively updated. Sure they're dated & SFOS is somewhat limited(and trust isn't quite on par w/ Maemo) but what else is there? Yeah, Neo900 was an admirable reboot attempt, but roadblocks have put them even further behind the curve.
Nexus 6P (Marshmallow); any time I lost phone signal the messaging app would get itself stuck in a tight loop until it had to be force stopped. You'd think they would have tested that on a brand new device..
Cyanogen Mod has been great in the past, as you say, to extend the life of old phones. Quite stable too.
Get a phone that supports CyanogenMod. Sure, baseband still remains a blackbox and possibly backdoored, but at least you can get rid of most spyware/adware that comes preinstalled with Android. While we don't have fully open source OS with open drivers for smartphones, you cannot trust any manufacturer.
Baseband concerns are legitimate. A good tinfoil hat approach is to use an iPod touch running an end-to-end encrypted messaging/calling app of your choice, connected to a secure hotspot. Cuts out most baseband vulnerabilities (since your data is encrypted before touching any hardware or software connected to a potentially compromised baseband).
All other concerns raised elsewhere here still apply, but the baseband threat is mitigated. Worth it...? Check that threat model again.
"A good tinfoil hat approach is to use an iPod touch running an end-to-end encrypted messaging/calling app of your choice, connected to a secure hotspot."
Yes, but it's not much of a phone if it's WiFi only. You could use any laptop for such scenario as well.
You could, though the attack surface on a laptop is arguably much larger than that on an iPod. And considering most security-conscious users are unlikely to use a classical cellular phone call for a sensitive conversation, it's actually pretty comparable to a phone, considering your hotspot can be as dumb as you like. An iPod + a prepaid portable hotspot is a damn sight more usable on the go than a laptop.
All of them except phones made/designed/whatever by Google. That leaves you the Nexus and Pixel lines only. There's a fair bit more oversight there and no shady third-party ROM with 'helpful' spying applications shipped by default (and often uninstallable). Nor do carriers get to modify the ROM themselves or install their own apps.
Android is pretty much a wasteland outside of the Nexus/Pixel line. Ignoring security and privacy, you just have a lot of shovelware involved along with a lack of commitment to timely, or if any, updates.
I would feel confident a Nexus/Pixel is a secure and nonsense free as a phone running CyanogenMod. Of course, that's difficult to prove, but historically we haven't seen anything like this on a Nexus/Pixel device.
I will have to disagree. AFAIK, the recent Qualcomm exploits don't affect Samsung's Exynos SoC. I have an Exynos S7 Edge and it ships with a feature to disallow (read: kill) apps trying to work in the background. After I fine-tuned this list, the phone's battery life improved noticeably.
Battery life has actually been slowly and steadily improving after each update by Samsung. I imagine this is a sign of Samsung not liking Google's spyware very much and trying their best to limit background activity.
None of us has solid proof of course, but judging by observable facts (and by the pretty awful battery life of the Nexus 6P and the Pixels -- compared to the Exynos S7 Edge at least), I'd say mine aren't that crazy.
Maybe phones that support Cyanogenmod or Replicant?
Perhaps device makers that know how to compile source and host the updates themselves are more likely to have more control over the firmware. So we might ask, what the update policy is, do they provide updates?
We have to start somewhere. I am asking anyone who can to go for it (I have no connection to this company). We can hope that later it will become more affordable.
"Because Adups has not published a list of affected phones, it is not clear how users can determine whether their phones are vulnerable. “People who have some technical skills could,” Mr. Karygiannis, the Kryptowire vice president, said. “But the average consumer? No.”"
Seems to be some work ahead if you want to find out which phone doesn't use this service. And we're only talking about this particular service.
If you are in the US, the same phone has different submodels for each US operator, and some of these submodels (likely from AT&T and Verizon) may have a locked bootloader, preventing you from installing custom ROMs.
For example, Samsung Galaxy S5 from T-Mobile (SM-G900T) you can put Cyanogenmod on, but Samsumg Galaxy S5 from AT&T (SM-G900A) you can not.
Find a phone which has a large community around it, and lots of custom ROMs available. An official Cyanogenmod release is a good sign. It's also a sign that your phone will have a longer usable life than whatever the manufacturer promises you now.
Custom ROMs have a long history of extending the life of phones. For example the HTC G1 was abandoned by Google at Donut (1.6) but unofficially received up to Gingerbread (2.3). It's a bit of a perverse example, but hopefully enough to make the point. Phones with good community support receive current versions of Android long after both Google and the manufacturer have stopped giving a shit.
To the people who say "you can't trust a random stranger on the internet making a custom ROM to be any more secure than the manufacturer ROM" you're right. If someone wanted to make a custom ROM with malware in it, there's a pretty good chance it may not be noticed.
If your threat model includes a three letter agency, then don't use Android. Full stop. The iPhone is the ecosystem you want.
I recommend to all my friends and family to buy phones with good community support just to receive updates to ROMs like Cyanogen. The first thing I do when they say they're considering "Phone XYZ" is to look on XDA Developers[0] to gauge the level of community around the model. If it looks dead (e.g. look up any tablet based on the NVidia Tegra for what not to buy [1]) then I recommend they keep looking.
I've had really good luck with Chinese phones which are also sold in markets like South East Asia and India. There are millions of users of these phones, so the custom ROM community is quite strong. The hardware is also quite cheap, I have a Xiaomi Redmi 2 I bought last year for $125 USD including shipping, and it runs Android 7 thanks to community developers [2].
[0] http://forum.xda-developers.com
[1] http://forum.xda-developers.com/mi-pad
[2] http://forum.xda-developers.com/redmi-2