With the advent of mobile technology for communication, mobile users have access to email, the internet, GPS navigation, and many other applications on almost any part of the Earth. However, general perception about mobile security has not kept pace with traditional computer security.How to secure your device:
When it comes to protecting yourself against hackers, step one is always to install software updates as soon as they become available: that’s as true on smartphones as it is on computers. Yes, updating can be a tiresome and intrusive process, and it sometimes brings annoying changes to the interface that you’re used to. All the same, a huge proportion of successful hacks exploit vulnerabilities that have already been patched; exposing yourself unnecessarily is just daft.
Do not use unofficial tools to “root” your phone (known as “jailbreaking” on iOS), unless you know exactly what you’re doing. On a rooted phone, technical safeguards can be defeated, allowing apps to perform all sorts of actions that are normally prohibited – and that can include snooping on your personal data.
When you install a smartphone app, you may be asked to grant it various permissions, including the ability to read your files, access your camera or listen in to your microphone. There are legitimate uses for these capabilities, but they’re potentially open to abuse: think before you approve the request. That applies especially to Android users, as Google’s app-vetting process isn’t as strict as Apple’s, and there have been reports of malicious apps spending months on the Play Store before being spotted and taken down.
Android also lets you install apps from third-party sources: this allows services such as Amazon’s competing Appstore to operate, but it also provides an easy way for rogue apps to get onto your phone.
Even if the apps on your phone seemed simple and safe when you installed them, subsequent updates could have turned them into something more sinister. Take two minutes to review all the apps on your smartphone, and see which permissions they’re using: On iOS, you’ll find lots of relevant information under Settings > Privacy.
On Android, it’s harder to get an overview of which apps have which permissions, but there are plenty of security apps that help here, including free packages from Avast and McAfee. These tools can also jump in and alert you if you’re trying to install an app that’s known to be malicious, and warn you if a “phishing” attack is trying to trick you into entering a password into an untrusted app or webpage.
If a thief gets physical access to your phone, they can cause all sorts of trouble. For a start, your email app probably contains a trove of personal information. Make sure your phone is locked when not in use: both Android and iOS can be set to require a six-digit passcode. Do not use simple passwords like 123456. Your device may offer other options too, like fingerprints or facial recognition. Such methods aren’t perfect – a really determined hacker could copy your fingerprints from a drinking glass, or trick a camera with a photograph of you – but they’re a lot better than nothing.
And be wary of “smart unlock” features, which automatically unlock your phone when you’re at home, or when your smartwatch is near; these could let a thief bypass your unlock code altogether.
Plan ahead, so even if your phone is stolen, you know your data is safe. One option is to set your phone to automatically erase itself after a certain number of incorrect attempts to enter the passcode.
If that seems a bit drastic, don’t forget that both Apple and Google operate “find my device” services that can locate your phone on a map, and remotely lock or erase it. For Apple users, this is accessed through the iCloud website – you can check it’s enabled on the phone in Settings > iCloud > Find My iPhone. Android users can access Google’s service at android/device manager. You can also make a missing phone ring – helpful for drawing attention to the thief, or tracking down a handset that’s been merely mislaid.
Auto-login is a very convenient feature, especially since a virtual keyboard can make typing passwords a chore. It’s also a huge liability: an intruder simply needs to open your browser to gain access to all your online accounts.
Ideally, therefore, you shouldn’t use auto-login features at all. If you must, use a password manager app that requires you to regularly re-enter a master password. And don’t use the same password for more than one app or service: if that one password gets found out, it can be used to access a whole range of private information. This applies even if you’re perfectly scrupulous about keeping your smartphone secure: hackers regularly break into online services to steal user credentials, which they then try out on other sites.
We all know there’s a risk involved in using an open wireless network. But you may not realise how severe it is: anyone in the vicinity can snoop on what you’re doing online. This sort of attack demands specialist software and skills, so it’s unlikely to be a hazard in your local cafe, but it’s not a danger that can be ignored.
If you’re at all doubtful about a wireless network, don’t connect – stick with your phone’s mobile internet connection. Or use a VPN tool such as CyberGhost or TunnelBear (both available free for Android and iOS). These tools route your traffic through a private encrypted channel, so even if someone is monitoring your traffic they won’t be able to see what you’re up to.
Lots of apps pop up messages and notifications on your phone’s lockscreen. It’s worth thinking about what these notifications may reveal. If you work for a big banking company, for example, a visible email from a work colleague or a meeting reminder tells a thief that this might be a particularly interesting phone to steal.
A simple OTP message notification on your lock screen can make you lose your hard-earned money if triggered and seen by someone around you who knows where you keep your phone idle.
On iOS, also consider disabling access to Siri from the lockscreen. Siri isn’t supposed to give away personal information before you enter your passcode to unlock the iPhone, but past hacks have let intruders use Siri to unlock the device, access details of contacts and view photos. It’s safest to shut the feature off entirely: you’ll find the option under Settings > Touch ID & Passcode > Disable Siri on the Lockscreen.
A strong passcode helps keep thieves out of your phone, but what if a stranger snatches your phone while you’re using it? Or asks to borrow it to check a website, then bolts off down the street? On Android, as a second line of defence, you can lock individual apps, so even if someone can get past your lockscreen, they can’t open your email or banking app without a second password. This capability isn’t built into the OS, but there are plenty of free apps that provide it, such as AVG AntiVirus Free. iOS users can’t directly lock individual apps, but check out Folder Lock – free on the App Store – which can password-protect your documents and folders, reducing the amount of information a thief can access.
If you’re on the fence about investing in a smartwatch, here’s a little-known feature that could swing it: Apple Watch and Android Wear devices can warn you immediately if they lose Bluetooth contact with your phone. If you get this notification while you’re in a public place, there’s a good chance someone’s just picked your pocket, and is currently making off with your phone.
The device will normally be less than 50 metres away when the connection drops, so the warning gives you a chance to ring the phone right away with help of someone around, hopefully drawing attention to the thief and prompting them to jettison it. Failing that, you can lock it before the culprit has a chance to start trying to break in and steal your data.