Ben’s Phone Guide (2016 edition)

Phones depreciate in value fast, their useful life is less than their lifespan.  Not because old phones don’t work anymore.  But because manufacturers stop providing security updates after about 3 years (at best!)

old_phone

What If I Told You a Hacker Can Take over Your Phone with One Text… And You Don’t Even Have to Open It?

You might be hacked now and not even know it.

Exploits like like this and like this are real.  Vulnerabilities have been found in the past and exploited.  They will be found in the future and exploited.  Some exploits require you to do nothing but receive (not even open, just receive) an SMS message and a hacker can do what he wants with your phone.  He can install malware, use your phone to launch a DDoS attack against Krebs on Security, he can spy on you (or your kids if your kids have phones) activating the camera and microphone at will listening in on your conversations and reading every message passing through the device.

The only protection against this is either (1) not have a phone (more secure), or (2) if you must have a phone, keep it up to date constantly (not as foolproof but would block all but the most sophisticated hackers).

One of the big problems with phones is security.  For iPhones you get your updates through Apple.  For Android things aren’t as clean.  The Android OS itself gets security updates, but then it has to trickle down through the manufacturer (who often doesn’t provide an update) and then the carrier you bought the phone from.

Calculating Remaining Life Before You Buy

To calculate the real cost of a phone, find out how long the manufacturer and carrier will support security updates for it.  Divide the cost of the phone by the number of months left for security updates and that’s cost of the phone.

monthly cost = cost of phone / remaining life in months

e.g.
cost of phone: $500
remaining life for security updates: 29 months
monthly-cost: $500/29 = $17.24

Oddly, the price of phones doesn’t usually drop that much after the 1st year even though they have lost 1/3rd of their useful life!

There Are Only Two Options

A lot of phone manufacturers / carriers don’t even provide updates to their phones.  They’re unsupported from the moment you bought them!

For the sake of security, I only recommend two phone manufacturers.  Google and Apple.  Both have a track record of providing timely security updates.  Google pushes out a security update every month and Apple doesn’t have a schedule but does a good job getting them out timely.  I also only recommend Apple with the caveat that you trust them because it is a proprietary closed source OS.  You are trusting them to do the right thing and have decent security.

Google Nexus Devices

Nexus 5X

Google stopped selling the Nexus, but they still have 2 years of updates left and are reasonably priced on Amazon.

Google Guarantees Security Patches on Nexus devices 3-years from the release date or at least 18 months from when the Google Store last sold the device (whichever is longer).

As of October 2016, here is the cost per month as I calculate it:

Nexus 5X – security updates until October 2018.  $332. – 16GB.
Ben’s cost over remaining life:  $332/24mos = $13.83/mo
Nexus 6P – security updates until October 2018. $450 – 32GB.
Ben’s cost over remaining life: $450/24mos = $18.75/mo

(If you get a Nexus, note that there are U.S. and International versions of the phone, if you live in the U.S. you’ll want the U.S. version).

Google has not committed to EOL dates on the Pixel line but if it’s similar to Nexus you’re looking at:

Google Pixel – $650 – 32GB – probably until October 2019
Ben’s cost over remaining life: 650/36mos = ~$18.05/mo

Google Pixel XL – $770 – 32GB – probably until October 2019
Ben’s cost over remaining life: 770/36mos ~$21.38/mo

Apple Devices

iPhone 7

iOS is closed source so I consider it less secure and less open than Android, but they do a pretty decent job at keeping hackers out.  Most compromises I hear about are through hooking your iPhone up to a service like iCloud and not the iPhone itself.  I used to use an iPhone, but at the time it was the best phone (better than Blackberry).  Now that we have Android I don’t see a huge need to use a closed proprietary system.  However, it’s always good to have competition.

Here’s a comparison of iPhone models currently getting security updates with a guess of (but not guaranteed) security updates for 3-years.

iPhone 7 Plus – probably until September 2019
Ben’s cost over remaining life: $650/35mos ~$18.57/mo

iPhone 7 Plus – probably until September 2019
Ben’s cost over remaining life: $650/35mos ~$22.00/mo

iPhone 6S – probably until September 2018
iPhone 6 / 6 Plus – probably until September 2017
iPhone 5S / 5C – probably until the next major iOS update

Where Not to Buy a Phone

Mobile carriers typically install a lot of battery sucking bloatware, which can’t be deleted, and often delay pushing out security updates by months, even years, leaving your phone vulnerable to hackers.  Not only that some of the extra software installed introduces vulnerabilities.

Also, phones bought from a mobile carrier are usually locked to that carrier so you can’t switch to someone else without purchasing a new phone.

Mobile Carriers

Having an unlocked phone I avoid the main carriers and instead use MVNOs (Mobile Virtual Network Operator).  These MVNOs use the same network that Verizon, AT&T, Sprint, and T-Mobile have, but most often for a better price.  For great service and prices I like Google Fi (Sprint & T-Mobile Network), Ting (Spring or T-Mobile), and TracFone (Verizon or AT&T) and there are plenty of other MVNO operators to choose from.  You can find one that offers the best plan for your situation.  Using TracFone (which is a pre-paid service) we pay less than $10/month for a voice/data/text plan for a Nexus 5X on Verizon’s network.

Don’t Save Money with a Used Phone

I used to buy used phones off eBay to save money but now I don’t think it’s a good idea with the recent USB firmware hacks and the amount of malware out there.  Used phones are a security risk–you have no idea if a used phone has been compromised, and if it’s been plugged into a compromised USB device that rewrote it’s firmware.  Physical security is paramount.  To be safe, I always buy my phones new.

Personal Data on Work Phones and Work Data on Personal Phones

Think carefully before using your personal phone for work.  If you connect your phone to work email it almost always gives your employer complete control of the device.  They can wipe your phone when you leave, track your location, install software on your phone, and have access to all your personal data.

And similarly, if you put your personal information or your personal email account on a work phone your employer has access to that data.

What Phone Do I Have?

Kris and I both use the Nexus 5X.  I’ve reviewed the Nexus 5X here.  I will likely replace them both when security updates go EOL which will likely be 2018.  Pixel phones are bit expensive so I’m hoping they release some new phones on the Nexus line again next year.

Phone Safety Tips

  1. Always use a phone that’s getting regular (monthly) security updates.  As soon as the phone goes out of support, get a new phone.
  2. Minimize the number of apps you install.  Limit yourself to the official Google Play Store or iOS store and avoid 3rd party stores like the Amazon Store where authors don’t do as good a job at keeping things updated.
  3. Favor installing well known apps with lots of downloads as they’re more likely to be reviewed and have better security practices.
  4. Uninstall apps that you don’t use.
  5. Always buy a new phone.
  6. Don’t use a phone at all.
  7. If you have a Samsung Note 7, you might want to return it before you catch on fire.

 

Nexus 5X Review

The stock ROMS on Verizon/Samsung phones are awful.  The phones come shipped with Samsung Touchwiz which makes the UI ugly and a half a dozen apps that you can’t uninstall–some eating up battery, some sending telemetry data to Samsung (using up your data), some of the changes Samsung does introduces vulnerabilities not to mention it takes Samsung and Verizon so long to push out updates after Android exploits are announced.  Then Verizon locks out the hotspot feature–which I rarely use but when you need that feature you need it.  But on the Samsung S3 and S4 I got around all of those problems by flashing Cyanogenmod (now owned by Microsoft).   When I upgraded to the Samsung S6 I thought I’d do the same thing but the bootloader is now locked out so that I can’t install a custom ROM.  That’s ridiculous.  I’m done with Verizon and Samsung phones.  It would be like purchasing a computer with a BIOS that locked out all operating systems except for Windows 8.  Oh, and it will only work with AOL.  If you move and want to use Comcast you’ll need to buy a new computer.

So I ordered the Nexus 5X which came yesterday.

Photo of Nexus 5X
It looks sort of like a communication device. Here it is in a minimal case.

The Nexus 5X is only available at the Google Store, and priced at $379.  This is actually not a bad price considering the phone is not subsidized and it will work on pretty much any carrier.

Flashlight

The most important feature of any Android phone is the flashlight.  I am happy to report that the Nexus 5X makes an excellent flashlight.

Charging

The USB cord is the new type-C connector.  Type-C is a huge improvement.  Both ends are the same, and it can be inserted upside down or right-side up.  This is a nice change, I can’t tell you how many times I try to plug in a USB cable at night in the dark and it’s always upside-down.  Every time.  Then I’ll rotate it and it’s somehow still upside down!  Not the case with Type-C.  Just plug it in.  The only way it could be better is if they made it circular.  Maybe that will come with USB-D.  The USB cable that came with the Nexus 5X is too short, looks to be about 3 feet.  It can’t reach my end table from the outlet.  I bought a Longer USB-C to USB-C cable.  If you plan on connecting your computer you’ll need a new computer with a USB-C connector or a USB-C to USB-A cable.

The Nexus 5X is missing is wireless charging capability–I never used that feature but it probably should have been in the phone.

Size Comparison

Side by side photo of S4, S6, and Nexus 5X
Left to right: Samsung S4, Samsung S6, and Nexus 5X all shown with minimal cases.

I prefer smaller single-handed phones, so the Nexus 5X is on the larger size of what I’ll tolerate, I’d probably prefer slightly smaller but when you’re main criteria is an unadulterated Android phone the only options are large (5X), and super-large (6, 6P).  For practical purposes the Nexus 5X doesn’t feel any bigger than the S6 even though it’s slightly larger.

Phone Cases, some more evil than others

I’m not a big fan of phone cases since they add to a phone’s bulk, but the Samsung S6 is extremely slick with the glass material so it easily slips off of any surface with the slightest bump and has tried to commit suicide a few times by vibrating itself off the end-table so I’ve started using thin cases.  When I searched Amazon for Nexus 5X cases, before the phone had even come out I noticed a 5-star rated Spigen case before the 5X phone had even be released.  How could reviewers possibly know how well the case is without the phone?  Apparently Spigen paid a bunch of people or gave them free cases in exchange for reviews.  Ironically, now that the Nexus 5X has started shipping and people are trying on their cases the Spigen case actually blocks the the Nexus 5X microphone!  Oops.

I, fortunately having at least an ounce of discernment saw through the Spigen case scam and ordered a black Ringke case.  The Ringke adds almost no bulk and fits the phone well and is a matte finish so it isn’t slippery.  I don’t use the screen protector that came with it, I’ve found they cut back on the screen responsiveness and I’m pretty careful and so far have never broken a screen.

Phone Material and Build Quality.

The build quality and material are fantastic.  I’ve read a few reviews saying the phone doesn’t feel as premium as an iPhone or Samsung S6 or Nexus 6P.  But does anyone really care to have an exotic glass or metal back on a phone?  I could care less whether my phone is made out of metal, glass, plastic or wood.  All I want in the build quality is the phone to be comfortable to hold and survive without breaking for 3 years.  I think the plastic material not only feels better but is a lot more likely than other materials to absorb damage from an accidental drop.  Also, the Nexus 5X is a lot lighter compared to the S6 because of the plastic build which to me is a nice plus.

Kris’s white Nexus 5X is also the same material, a nice non-slip plastic/rubber surface.

White Nexus 5X

Battery Life

This morning I woke up around 6am and used the phone pretty heavily all day.  The battery was at 18% by 9pm.  This is an improvement over the Samsung S6 which is usually down to 5% by then… although I’m not sure if it’s more of a factor of the Verizon/Samsung battery draining apps on the S6 or Lollipop vs. Marshmallow.

Camera

A big difference between the Samsung S6 and the Nexus 5X is the camera sensor–the S6 has a 16MP 16:9 aspect ratio sensor while the Nexus 5X uses the traditional 4:3 aspect ratio.  Both cameras can shoot in their non-native aspect ratios but will lose megapixels doing so (around 11MP for the S6 and 8MP for the 5X).

In low light conditions both did well, here is a shot of my messy bookshelf in full auto on both camera.  The 5X decided to HDR the shot and the S6 did not so I took one more with the 5X with HDR off.  In my opinion the images on the S6 are a little more detailed and less grainy than the 5X.  The Nexus 5X seems to have a slightly narrower depth of focus so for artistic shots (not that I have any photography skills) it’s slightly easier to get the depth of field that I want.

You’ll notice the 5X has a wider angle so it almost covers the same width as the S6 but crops less at the top and bottom–so the Nexus 5X will be better at taking a photo of everyone in a short room, the S6 will be zoomed in slightly more making it a little better for distant shots but it still manages to grab a little more data width-wise because of the 16:9 aspect ratio.  For practical purposes the S6 is probably better in this regard.

Here’s a few pictures I took with the 5X today…

One feature I don’t think the S6 has, is the 5X will take three shots for every photo you take, and automatically pick the best one…e.g. where eyes aren’t blinking.  I think this feature is more valuable than burst mode because now I don’t have to do the work of finding the best photo.  Let the computer choose the correct photo–that’s a great job to automate!  I find the colors tend to be a little better for most pictures on the Nexus 5X but sometimes the S6 does a better job depending on the shot–the 5X seems to have washed out background colors on some shots, usually the S6 gets it better but sometimes the 5X does a better job.

The camera on the Nexus 5X is a great, but the one on the Samsung S6 is better.  The images are slightly sharper and less grainy in low light, it focuses faster, it can do rapid continuous shooting (the 5X on the other hand can’t shoot rapidly at all), and more megapixels.  The default camera app for Samsung also allows more control of the camera if you want to adjust ISO, metering, etc.  I also found that the Nexus 5X took a little longer to focus than the Samsung S6.  Not to say the Nexus 5X camera is bad, it’s great.  It’s better than any point and shoot I’ve ever used and in some ways it beats my DSLR.  And you probably wouldn’t even notice except by comparing the photos side-by-side.  But if you’re buying a phone for the camera the S6 will be the better choice.

Pure Android OS — but what about the hotspot?!

The pure Android OS is fantastic.  One feature I like on Android is multi-user support–great for people that have kids.  I’m not sure why Samsung strips this stuff out in TouchWiz.

nexus5x_2

A pure Android OS is missing a few things that CyanogenMod adds–like the ability to automatically red-shift the screen when the sun sets so that using the phone in the evening doesn’t emit as much light in the blue spectrum which suppresses  melatonin delaying your ability to fall asleep.  There are Android apps that can redshift, but it’s nicer and more secure to have the OS do this.

The one thing I am disappointed in is that when enabling Mobile Hotspot (on Verizon at least) the phone checks to see if it has a hotspot subscription–this is very annoying because part of the FCC requirements on the 700MHz spectrum is that Verizon can’t deny, limit, or restrict the ability of customers to use devices or applications of their choice–including a hotspot.  This is one of the main reasons I wanted a pure Android OS.  Yes, I know there are work-a-rounds but I shouldn’t have to go to that trouble.

The way this is limited is probably a violation of Isaac Asimov’s 2nd law of robotics.  The owner of the phone should have control over this–if networks want to restrict something like this they need to restrict it on the network side (which they can’t because of the FCC requirements) but not on a device that’s not owned by them.

Hotspot crippling only on Verizon and certain carriers?

On Kris’s Nexus 5X which is activated on the Verizon network via TracFone does not check for a hotspot subscription–so the crippling may be specific to certain carriers.

Screen

The screen is great, I had no trouble seeing it in the sun outside, the pixel density isn’t as high as some phones but I can’t tell the difference.  I can’t see the individual pixels on the 5X–looks pretty smooth to me.

Carrier Portability

Probably one of the greatest features of this phone is it can be used on any carrier, Verizon, AT&T, T-Mobile, Sprint, and probably most carriers outside the United States as well.  Just pop in a SIM card and go.

NFC

NFC antenna is much better than the S6.  It’s located near the top instead of an arbitrary spot in the middle of the phone.  I have no trouble reading and writing data via NFC where the S6 struggled to even make a connection.

Fingerprint Scanner

I never used the thumbprint scanner on the S6 because I wasn’t sure if it would get uploaded to Samsung’s servers.  Google doesn’t upload your fingerprints to the cloud so it stays secure on the device.

The Nexus 5X has a scanner on the back of the phone, you can scan your finger in at a few different angles, it instantly unlocks the phone–you don’t even have to push the unlock button first, just pull the phone out of your pocket and get your finger on the scanner and it’s unlocked by the time you bring it up.

I do not believe that fingerprints are a secure means of securing a device since they can be easily forged, however it is extremely convenient so users will have to make their own assessment on whether they’ll use the feature or not.

Ben’s Rating

4 out of 5 stars.  Knocking a star for the crippled hotspot feature but otherwise a great phone and excellent value for the price.

The Side Affects of Smart Phones

I’m not much of a phone fanatic, but smart phones are very useful tools–I use them for just about everything other than making calls (actually I do make a call on occasion to order sushi).  In addition to being a fantastic flashlight Android phones are great tools to search and lookup information, the camera is better than any point and shoot I’ve used and it’s always with me unlike my DSLR, GPS navigation, hunting maps, star gazing, I’ve read a few books using the Kindle app, and on occasion I’ll be trying to figure out how to do something very simple that I’m completely incompetent at and I can find a YouTube video that tells me how to do it all without having to leave the task at hand.

I think one of the dangers from modern smart phones is they are way too distracting–I can’t tell you how many times I’ve seen people sit down for a meal and pull out their phones instead of having a conversation.  Unfortunately I can’t say I’m not guilty of this myself.  I’ve notice that people who do this tend to keep the conversation on topics that can be quickly discussed–you will never have a deep conversation with other people if their phones are out.  The mere sight of a phone sort of subconsciously tells everyone to keep to trivial topics.

With every new innovation society changes, we lose some things and gain some things–Socrates didn’t like books because they lost the dialogue which he believed to be essential to knowledge.  So while our culture may lose some things with cell phones, the benefits are also great.  While phones are incredibly useful, we need to make sure they don’t rule our lives.  I almost always leave my phone on because when there are emergencies and urgent issues I want to be available.  But I keep all the notifications off (especially email) except for calendar reminders, texting, and phone calls.  I tell people to send me an email if they can wait a day for a response,  Send me a text or call if an issue is so urgent that it’s worth interrupting me.  Some people have a hard time doing that, but it’s easy (in pure Android) to disable SMS notifications (and even silence the ringtone) when calls are from certain people.