Americans spend an average of five hours a day on our smartphones, making them some of our most commonly-used electronic devices. But it’s exactly that popularity that makes them a favored target of hackers, too — they want to get at all the personal information we keep in our smartphones, like credit card numbers, passwords and so on. Because our smartphones contain so much of our most vital data, it’s that much worse when they get hacked.
So which phone is most secure against malicious hackers?
The simple answer is Apple’s iPhone, says Dan Kaminsky, chief scientist and founder of cybersecurity firm White Ops.
“Apple has done some extraordinary work around securing the physical device itself, and in making that secure operation as standard as airbags in cars or buildings that don’t trivially burn,” Kaminsky wrote in an email to TIME. “Everything is encrypted, and more importantly, the key to that encryption is extraordinarily difficult to extract.”
The statistics bear out what Kaminsky is saying, according to a mobile intelligence report from Skycure. Researchers found malware — short for malicious software — on less than 1% of the iOS devices they looked at, compared to 3 to 4% for Android phones. (iOS is the operating system powering the Apple iPhone and Apple iPad.)
Meanwhile, some older Android devices don’t have encryption turned on, according to Computer World, nor do they usually get updates with new security patches. Both are problematic, as encryption is an optimal way to protect data and patches prevent hackers from using known exploits to crack into your phone.
Part of the problem is that Android users have greater freedom in the software they can download and use, says Kaminsky. Apple iPhone users can only download apps from Apple’s carefully vetted App Store, but Android users can download apps from third party stores. While that gives developers more freedom in terms of app design and users more freedom to download apps, it also allows users to make a potentially unwise decision to download an untrustworthy app.
Still, it’s hard to say how much of the malware found on Android phones was the result of third-party apps, says Varun Kohli, vice president of marketing at SkyCure. And Apple devices may have less malware, but users can still expose themselves to hackers. For example, smartphone users who don’t update their phone regularly become more susceptible to malware. If Apple users didn’t download a recent software update, they were left vulnerable to hackers taking over their device.
Unfortunately, research suggests people aren’t good at updating their devices on their own — last year, 50% of Android users failed to update to the latest security patch when it became available. Android’s low rate of user-initiated updates may be due to the fact that Android device makers often rely on wireless carriers to push updates, slowing down the update process. Another problem: Android is a system that runs on several devices, including those made by Samsung, HTC, LG and more. Because of the fragmented Android ecosystem, many Android phones can’t run the most recent, and therefore safest, software. But it’s wise to download the latest updates as soon as they are available, especially if they address critical security flaws.
Meanwhile, both Android and Apple iPhone users have been imprudent when it comes to using risky public Wi-Fi networks, another favorite hacker target. According to data from SkyCure, 35.8% of iOS users in North America have tried to connect to an unsafe Wi-Fi network. About 44.9% of Android users tried to do the same.
In short, says Kohli, don’t just expect your phone to keep your data secure—it’s also up to you to make sure your behavior stays safe. “I don’t think there is one [phone] that is more hackable or more secure,” he says. Of course, there are steps you can take to maximize phone security. “Don’t click install or connect to anything you are not confident is safe,” Kohli says. “If a pop-up says cannot verify server identity, don’t continue.“