President Donald Trump is causing quite the stir at the White House as he continues to use his personal smartphone for some purposes.
Trump still uses his “old, unsecured Android phone, to the protests of some of his aides,” The New York Times revealed this week. It’s not clear exactly how old his personal phone is, but Android Central speculates it’s a Samsung Galaxy S3, which came out in 2012 and Google hasn’t updated since 2015. Mobile security experts agree that Trump’s Android phone poses a major security risk.
“If it were anyone else other than [the president], he’d be walked out the door,” said Jack Gold, principal analyst and founder of J. Gold Associates, a mobile analyst firm in Northborough, Mass. “If you’re an employee and you don’t use a secure device your company gives you and you use your own, you are toast. You just can’t do that.”
Trump’s Android presents huge risk
Trump received a secure and encrypted phone approved by the Secret Service, according to The New York Times, but he still uses Twitter on his personal Android phone.
An out-of-date device can leave users open to unpatched security vulnerabilities that hackers can exploit to steal data, intercept communications and track its location. Google has taken steps to improve Android security in recent versions, but older versions of a given operating system are less secure. The latest version to run on the Galaxy S3 is Android 4.4.4 KitKat, which came out in June 2014.
“Anyone in government who uses government-protected data has to make sure their devices are clean of all malware in regular intervals,” said Robby Hill, founder and CEO of HillSouth, an IT consultancy and service provider in Florence, S.C. “The law enforcement rule books are clear that you can’t connect to a government network otherwise.”
Using an off-the-shelf device is a personal safety risk, too, said Hill, whose company works with clients in highly regulated industries and state and local governments.
“The Secret Service’s attitude is, we don’t want people to know exactly where he is or how to get a hold of the president of the United States,” he said. “Giving away his GPS location is a hugely underplayed risk.”
Security options abound
Typically a government owned device must be heavily locked down with enterprise mobility management software, at the minimum, if it will access sensitive information. If Trump’s personal phone lacks that protection, it’d be surprising if it has access to confidential data, Hill said.
“I can’t imagine the commander in chief will have access to government data without the most secure device,” Hill said.
Trump’s predecessor, President Barack Obama, used a secure BlackBerry smartphone for the majority of his time in office, and it was stripped of many of its functionalities for security purposes. It’s likely that Trump’s Android phone is too, said Steven Kantorowitz, president of CelPro Associates, a mobile systems integrator in New York, which serves regulated industries and government clients.
In that case, the user can only call a short list of contacts and would be restricted from texts, emails, downloading apps and other functionality. Additionally, Trump’s Android phone likely has some form of security software installed to prevent hacking, Kantorowitz said.
Having a dated OS on the device, however, limits its ability to take advantage of the protections provided by any security software, Gold said.
“The fact he’s using an unsecured device should be very troubling,” Gold said. “Why somebody in the White House isn’t all over him, I don’t know.”