We Sunset Devices For Better Security, Not (Just) Better Hardware

We only offer SKY ECC on phones from Apple, Google, and BlackBerry. You’re no stranger to that fact. What you might not know is that over time we stop offering SKY ECC on older phones. We sunset phones not because we want to force everyone on new, shiny devices, it’s because as time passes older devices:

  • Aren’t getting OS updates with security patches
  • The security chips and features in newer devices are better and more secure

We sunset devices to ensure you are using the most secure device possible. Simple as that. Without continued security updates, we can’t maintain the highest level of device and software security we demand in our devices (and you expect). This is the bottom line. It’s about security, not pushing the latest and greatest hardware.

How the process works

Here’s how we decide which devices to sunset and when.

First and foremost is when a device stops getting OS updates. For Apple devices, when a device hits about five years old it won’t be supported with the newest OS. My recently-retired iPhone 6 has maxed out at iOS 12.4.1, iOS 13.1 isn’t available for it. This means my (formerly) trusty and well-used iPhone won’t get the new privacy improvements or security fixes in iOS 13. And, except in cases of extreme security issues that can be fixed in older versions of iOS, iOS 12.4.1 is where that device will stay.

Update: Just as I hit publish on this post Apple released 12.4.2 for older devices. Which is pretty rare to happen right after a major OS release (13 and 13.1), but just in case you’re wondering if I’m keeping tabs…I am.

For some people this might be okay, but me…nope. I can’t have a device without the latest security patches. I think you would be pretty horrified if anyone here at Sky was using an insecure device at work. That just isn’t done.

We know a device that is secure one day, but the next day can’t load the latest version of a mobile OS, isn’t immediately insecure:

  • It would take a while for new vulnerabilities to crop up.
  • Given the layers of protection we employ on all devices, there is a significant amount of protection built into each SKY ECC phone, regardless of the OS it’s running on top of.

Still, we think it’s prudent to set a time when we no longer support new accounts on old devices and over time upgrade older devices to new hardware.

We will, of course, sunset a device if we find it has been compromised in a substantial way. This hasn’t happened recently, but if a flaw is found in an underlying chipset, we’d stop supporting the device and might even go so far as forcing it off our private secured network entirely.

We want customers to have secure devices and the network to have an overall extremely high level of security and this is what’s required to achieve it. Just as banking, shopping, and government websites require recent browsers on updated/recent operating systems to ensure your connection is secure, we do the same. Except we set a pretty high bar for what it means to be secure and have tighter tolerances around OS versions and devices.

How devices get on the list

Now you know how a device comes off the list, but how do they get on the list? Devices from Apple, Google, and BlackBerry are fast tracked through the process. They’ve been vetted as secure devices so our checks are for compatibility and confirming the security we expect is still present. Just in case the newest device works just a little different than previous models we run through QA checks as well, just to be sure.

For devices from totally new vendors, it’s a lot more rigorous. Starting from the “zero-trust” principle, our devices are assumed to be insecure. They have to prove themselves secure to pass muster. Here’s how it looks.

Hardware check

The first check is if the devices are well-made and use high quality materials. Cheap phones:

  • Look cheap
  • Perform poorly
  • Don’t last long
  • Tend to lack security chips.

For a device to pass muster here, it needs to have:

  • TEE (Trusted Execution Environment) as a separate chip (as Apple and Google do)
  • Security embedded in the processor (as BlackBerry does).

TEE (more detail is available here on Wikipedia) provides both cryptographic protections for the OS and the secure environment needed to protect SKY ECC from other applications (and the OS itself).

TEE, for example, ensures your device can’t be rolled back to an older version of the OS without you knowing or if your device is rooted/jailbroken it will lock down and go into factory-reset mode.

I happen to sit close to our security expert, so I get to hear about him trying and testing new devices. You’d be very, very surprised at how many handsets from major manufacturers don’t pass muster. I won’t go into all the details of what we do, but suffice to say we try to see if a device’s security claims stand up by trying to compromise it.

If we compromise it, we assume someone else can, so … fail.

We’re realistic enough to know there is no “perfect computer security” (fine, perfect computer security is don’t use a computer, or don’t turn it on, or turn it on but don’t connect it to anything), we go in depth, we do a lot of checking and testing, we even send devices out for third party testing, but we know nothing in the world is 100% secure. That said, what we call secure is much more secure than our closest competitors.

If a device passes all the hardware checks and includes all the security modules needed for a secure foundation, we give a look into the OS. In this case, we’re only talking about Android, because iOS doesn’t change device to device, whereas different manufacturers can do wildly different things with Android.

Software check

This isn’t checking if iOS or Android itself is insecure—we do those checks with each big update—it’s if a manufacturer has modified Android or added extraneous software to the device. Extraneous software or features can lead to unintentional security vulnerabilities. As part of Android One status a device maker must disclose all the additional software they include on the device. You don’t want surprises or bloatware on your devices, and neither do we.

When OS updates are released, we test and QA SKY ECC against the update and release any patches needed to stay compatible or deal with bugs that crop up. We keep our ears to the ground between updates and if there are OS-level issues—we deal with them and mitigate any possible risk.

This, by the way, is one of the reasons we don’t have our own version of Android for devices. The amount of testing required to make sure we didn’t introduce a vulnerability far exceeds using well-established tools like mobile device management to secure devices. We take a good OS and layer onto it additional security without modifying the underlying OS.

Confirmation of its lifespan

The last check is how long we think, based on all the available information, any given device will get major OS updates. We can only use past experience to gauge this. In the case of iOS, for example, Apple supports devices made within the last four or five years. Which means we can project next year the iPhone SE and 6S might not be able to run iOS 14.

We know that there will be new devices entering the pipeline by then and existing devices like the iPhone 7 have a solid lifespan ahead. Same goes for Pixel and KeyONE devices and Android. The funny thing is, many older devices are still computationally capable of handling a lot of new apps, even if the iOS can’t be updated. A quick look at any app store listing will tell you how many versions back an app supports (for iOS it’s typically two). This means older devices can often handle the tasks apps ask of them, it’s a pity the older devices don’t get the security updates required to use them as secure communications devices.

That’s the crux of it. If older devices could be kept secure, we could keep using them. Because they can’t, we have to phase them out. You demand the most secure devices for SKY ECC, and that’s what we deliver. Visit our store to see what devices are still secure: