I have friends and family who switch cell phones. When they ask me, I always say to get an iPhone, even an old refurbished iPhone. Why? Security.
Summary:
- Android:
- Users who are not experts do not get security updates often enough, fast enough, or for long enough.
- Cell phone companies AND phone manufacturers get in the way.
- Google, maker of the Android OS, does not prevent the situation.
- In some cases you can buy an older device from a store and get updates for less than 2 years, if ever.
- Costs less.
- iPhone
- Users get updates as needed for a long time directly from Apple.
- Even 5-year-old devices can get updates at this time. (I rarely see a reputable provider selling an Apple device more than 2 years old - so they typically get updates for at least 3 years).
- Costs more, but worth it.
- If you buy a used device, buy it from a reputable source. This is absolutely critical. Don't buy a 4-year old device in any case; it isn't worth it.
What can happen when security is compromised?   A bad actor or even possibly nearly all bad actors can:
- Get all of your contact information on your phone (for everyone in your address book)
- Get information about all calls you make, up to and including recordings of your calls, text messages, pictures you take, locations you are including where your phone is right now, and if you are moving, and if so, in what direction.
- If you use a web browser or other applications with passwords - all of your usernames and passwords. If you enter credit card information - they get that too.
- They sometimes can cause purchases of applications or services on your phone.
- Your phone can be used as part of a bot net to attack other parts of the internet.
- Illegal content such as stolen data or illegal pornography can be hidden on your device, implicating you!
Some articles I refer to:
- https://www.theverge.com/circuitbreaker/2017/4/27/15457044/google-nexus-android-phones-security-updates-list
- Paraphrasing - it says you have 18 months to 3 years AT MOST for security updates.
- https://www.extremetech.com/mobile/197346-google-throws-nearly-a-billion-android-users-under-the-bus-refuses-to-patch-os-vulnerability
- The headline says it all?
- https://www.theverge.com/circuitbreaker/2016/5/4/11589630/android-6-marshmallow-os-distribution-statistics
- Less than 10% of Android Devices are running the most recent Android OS.
- https://www.macrumors.com/2017/02/22/ios-10-nearly-80-percent-adoption/
- More than 80% of iPhones are running the most recent OS
- http://www.imore.com/switch-iphone-years-free-software-updates
- The iPhone from 2012 - 5 years ago - is still getting security updates.
Some additional thoughts and background:
- Everyone I talk to is getting a smartphone. No one asks me for advice on a "feature phone" - the name now given to non-smartphone cell phones. And if they are undecided, it is often a decision "Apple or Android?" And, they clearly do not have a strong preference at this point, or they would already have decided. Often price is a guiding factor. Android phones are cheaper, especially in the world we live in without cell company subsidies.
- I have friends with Android devices who run them securely. They talk to me about how they are more secure (the way they run them) than an iPhone. However, they are often jailbroken. And these friends are experts who spend quite a bit of time on their Android device, its configuration, and security. Some even compile Android themselves and install it. These are not folks asking me for advice. They have a clear and strong preference, and expertise.
- Google often does not have a direct OS relationship with purchasers of Android devices. The manufacturer or cell phone provider usually owns that relationship. Your security is not their top priority.
