Smartphone Security For The Privacy Paranoid

Advanced Guide To Practical Privacy

This post is Part 2 of a two part series article. Check out Part 1 first.👇

The following article series is a fusion of substantive summary and selective compilation of various public domain write-ups on smartphone privacy/ security. All the references are denoted at the end of the article.

SMARTPHONE PRIVACY ESSENTIALS

Personal data stored on a smartphone is often worth more than the smartphone itself. It also means that more people are holding potential security threats right in their hands. While the functionalities of mobile phones are endless, the risks to our personal privacy are very real.

Smartphones can be made to leak your personal data by exploiting/ attacking them in four ways, which include;

  • OS attacks: OS attacks exploit the gaps found at the OS level.
  • App attacks: App attacks are typically a result of bad development and coding.
  • Malware attacks: Malware attacks, which are increasing in numbers, can steal your photos, hijack your camera, and erase important files.
  • Communication based attacks, such as those on Wi-Fi or Bluetooth: Attacks on communication networks happen when users log into an insecure or faulty network.

In addition to personal pictures, contacts, files, mobile applications, passwords and authentication tokens can be considered as sensitive information. It is critical to protect these files from unauthorised access.

Privacy intruders can threaten a smartphone in lots of ways, and if you want (or need) to lock it down completely, ironclad protection gets a little complicated. Fortunately, there are steps that can be taken to make big improvements to your smartphone privacy. They don’t eliminate all risks, but they are a solid baseline for any smartphone owner.

1. Know Your Apps

The first step is to know exactly what data is being collected by apps you use, including contacts, photos, Internet data, and call logs. You should also understand how your data is being used by these applications.

Android and iOS have added granular tools to make it simpler to control precisely what each application on your devices can and can’t access. These permissions not only control data access like contacts list, photos, and calendar, but they also control hardware access to components like camera and microphone. By restricting the permissions an app has, to just the things it truly needs to work (or only the features you care about), you can limit an app’s ability to collect more of your personal data.

Flash Keyboard, a popular Android app, sought far more permissions than it needed to operate and was caught tracking its users, serving potentially malicious ads, and transmitting data back to China.

Every time you install and open an app for the first time, your phone gives you an opportunity to customize its permissions, but it is also a good idea to check back periodically and make sure everything is set how you want it.

Android

  • Go to Settings > Apps, which will show a list of installed apps.
  • Select your app of choice, then tap Permissions.
  • From there, you can exercise granular control over what the app can and can’t access.
  • Also consider removing administrator privileges of unwanted applications by visiting Settings > Security & lock screen > Device admin apps.

iOS

  • Go to Settings > Privacy, where you can see permissions grouped by type to sniff out who’s tracking your location at a glance.
  • Or go app by app; just tap Settings and scroll until you hit the app you want to audit.

Taking stock matters because we sometimes grant apps permissions without realizing it, like saying yes to microphone access just because you accidentally hit a dictation button once in a messaging app. It is better to turn things off by default and turn them on again as you run into situations where you actually need them.

2. Avoid Third-Party Applications

Always download the apps directly from the operating system’s official application store, instead of following links or search engine results that could lead you to imposter pages.

If you are an Android user, only download apps from the Google Play Store. Even this does not completely eliminate your risk of accidentally downloading a malicious app, but it will reduce it significantly.

iPhone, on the other hand, can’t download apps from outside of Apple’s App Store unless you jailbreak it — and if you jailbreak your phone, you hopefully already know the risks of downloading software from sketchy sources. While malware-ridden apps occasionally sneak by Apple’s stringent development rules, the iPhone’s App Store is generally a very safe place.

To further reduce your risk on both Google Play and the App Store, stick to mainstream apps with consistently genuine high ratings and known developers.

Luckily, cybercriminals have yet to figure out a sure-fire way to get their fake apps onto our devices. By paying extra attention to detail, you can learn to identify a fake app before downloading it. Here’s how:

  • Check for typos and poor grammar: Double check the app developer name, product title, and description for typos and grammatical errors. Malicious developers often spoof real developer IDs, even just by a single letter, to seem legitimate. If there are promises of discounts, or the description just feels off, those signals should be taken as red flags.
  • Look at the download statistics: If you are attempting to download a popular app like WhatsApp, but it has an inexplicably low number of downloads, that is a fairly good indicator that an app is most likely fraudulent.
  • Read what others are saying: When it comes to fake apps, user reviews are your ally. Just going through a few can provide vital information as to whether an app is authentic or not.

3. Set a Strong Password

Lock your smartphone so no one can get into it if it is lost, stolen, or left alone for a few minutes. While it is convenient to leave your device unlocked, the security risks far outweigh the benefit. The easiest solution for most people, is to use a fingerprint or face scanner to lock your device; that way it only takes a touch or a glance to get back in.

Tip for Journalists / Activists: Keep in mind that those biometric sensors can be fooled, albeit with a lot of effort. During an encounter with law enforcement, agents can compel you to open your phone if you rely on those biometric mechanisms. In iOS 11, you can squeeze the side button and either volume button simultaneously to deactivate Touch ID and Face ID in a pinch. If that is at all a concern for you, stick with a trusty passcode.

Passwords with strings of six digits or more are nearly impossible for an attacker to brute force without getting locked out of the device. So, use a six-digit code at minimum, or even better, a custom alphanumeric code (not your pet’s name / phone / car’s registration number). Release the full power of your keyboard! Set different passwords for all of your accounts. And don’t bother with unlock patterns; they are generally not as secure as a six-character PIN.

4. Stay Patched

Download software updates regularly. Update your apps, operating system and security patches. Depending on what handset you have, it requires different steps to check for updates. Make sure you check what is available for your device and consider buying smartphones that run stock Android so you can always get Google security releases right away.

5. Install A Reputable Antivirus Program

If you are installing apps outside of your official app store, installing an antivirus app is one way to keep yourself safe. Modern AVs also have a feature to scan for phishing URLs in browser / SMS app and provide alerts when any are detected to ensure a safer experience while surfing the web. Our pick of the best is Malwarebytes.

6. Manage Your Google’s Security & Privacy Settings

First, if you have multiple Google accounts — like say, one for work and one you use personally — sign-in the one you want to perform security and privacy check-up.

(Note: The steps provided here will help you modify your google security settings on a desktop system (via any search engine). However, this modification will get synced automatically on all your devices — phones, tablets, etc.)

Google’s About Me

Visit Google’s About me page. Next to a type of info, select the icon. This icon shows who currently sees this info. Choose Private.

By this setting, you can control what people see about you. Changes you make here show up across Google services like YouTube, Drive, Photos & others. Better change/ remove any personal information that you wouldn’t like to share with people on the internet.

Security Check-up

Visit Google’s Security Check-up page. This page will show the following dropdown options:

  • Your devices
  • Recent security events
  • Sign-in & recovery
  • Third-party access

Any items marked with a yellow warning exclamation circle should get a quick overview. For example, if you see devices you no longer use listed under Your Devices, remove them.

Third-party access will list apps and services that have access to your Google data. Depending on how you use Google products, some of the information in your account may be extra sensitive. When you give access to third-parties, they may be able to read, edit, delete, or share this private information. If the third-party app’s server is hacked, your data may be accessed by unauthorized people across the internet. If you don’t trust these apps with your private data, better remove them.

Also visit Google’s Permissions page where you can find websites where you use Google Account credentials to sign into. They can view your name, email address, and profile picture. If you see any website that you no longer use, remove it.

Privacy Check-up

Visit Google’s Privacy Check-up page, a multi-step process that lets you review how Google uses your data. This section is the beginning of the nitty-gritty of preventing your data and Google usage from being used — even though Google says this data is only used to help your future activities.

It is essentially how Google learns about you and makes things easier in the future as you use its products, like how Google Maps or Google Assistant seem to know what you want before you even ask.

I. This first step is Personalise your Google Experience, which includes a total six different activities;

  • Web & App Activity
  • Location History
  • Device Information
  • Voice & Audio Activity
  • YouTube Search History
  • YouTube Watch History

(Turned on) text appears next to all the activities where data is being collected. Click on the (Turned on), which will redirect you to the Activity Controls page, where you can toggle off the activities to Paused. This will stop Google from recording and storing your personal data/ preferences for that activity. Limit it all if you don’t think it is helping you, or if you think Google is selling it to others, despite their claims.

It is highly recommend to consider limiting your location services so Google (and Apple, Microsoft, Facebook etc.) stop tracking your physical presence via your phones.

II. Manage what you share on YouTube is the second step. This covers the videos you like and save, the channels to which you subscribe, and what shows up on your YouTube activity feed. You can also use this page to manage the privacy of videos you upload (public, private, or unlisted).

III. Manage your Google Photos settings is next. The options are limited to turning off the ability for better face matching, and the far more important option: removing geo-location on items shared by a link. That means if you share a photo of yourself, a stalker can’t look at the metadata on the image and pinpoint your location. Note that it only applies to content shared via a link.

IV. Google +. That’s still around? Yes, for now, but Google is planning to stop offering the consumer version of Google+ and will begin deleting the site in April.

Be sure to click on the link for “Edit Your Shared Endorsement Settings”. This will pop-up the settings page. Scroll down and uncheck the box. This setting allows you to limit the use of your name, photo, and activity in shared endorsements in ads. It applies only to activity that Google displays within ads. You can limit the visibility of activity outside of ads by deleting the activity or changing its visibility settings.

V. The last step is Make ads more relevant to you. Click on the Manage Your Ad Settings to stop Ad personalisation. Remember, you are not going to turn them off here — for that, you need an ad-blocker program like Adblock Plus — all you can do here is limit how much you are targeted.

7. Perform Privacy Clean-up of Your Google Account

First sign-into the Google account you want to perform Privacy clean-up.

Wondering exactly what Google has harvested in all ways? Download all the data and check it out via Google Takeout. To be clear — this doesn’t remove any of your data from Google servers. It just shows you the staggering amount of data Google has been collecting.

Follow these steps to delete a day’s or date range’s worth of your data by Google product:

Web & App Activity

  • Visit Manage Web & App Activity
  • Click on the Delete activity by in the left navigation.
  • Click on the Down arrow ˅ and select All time.
  • Click Delete.

Location History

  • Visit Manage Location History
  • At the bottom right corner click on the cog settings icon.
  • Choose Delete all Location History.

Device Information

Voice & Video Activity

  • Visit Manage Voice & Video Activity
  • Click on the Delete activity by in the left navigation.
  • Click on the Down arrow ˅ and select All time.
  • Click Delete.

YouTube Search History

  • Visit Manage YouTube Search History
  • Click on the Delete activity by in the left navigation.Click on the Down arrow ˅ and select All time.
  • Click Delete.

YouTube Watch History

  • Visit Manage YouTube Watch History
  • Click on the Delete activity by in the left navigation.
  • Click on the Down arrow ˅ and select All time.
  • Click Delete

Google Play Library Activity

Place answers Activity

News Preferences

Google product surveys

More Activities

Visit Google’s More Activity page, which shows you everything you have done that’s remotely Google-related. We recommend you consider deleting the following data right away.

  • YouTube ‘Not interested’ feedback
  • YouTube survey answers
  • Google Word Coach
  • Interests & notification subscriptions
  • Data shared for research
  • Product price tracking

8. Optimize Google Chrome for Improved Privacy

Chrome includes quite a few features that send data to Google’s servers. We don’t recommend you disable all these features, as they do useful things. But, if you’re concerned about the data Chrome sends to Google, below is a list of essential settings to improve your browsing privacy.

Go Incognito: If you just want to browse privately without leaving any tracks on your own smartphone, launch a private browsing window by clicking on Chrome’s Menu and clicking New incognito Window.

Choose Which Data Chrome Synchronizes: Chrome automatically synchronizes your browser data to your Google account by default, assuming you have signed into Chrome with your Google account. This allows you to access information like your bookmarks and open tabs on other devices you own.

To view and change these sync options, click Menu > Settings > Sync. Here you can choose which individual types of data you want to sync with your Google account. If you’d like to sync your data with a little more privacy, select the “Encrypt all synced data with your own sync passphrase” option at the bottom.

Pick Which Online Services Chrome Uses: To find more privacy-related options, click the Advanced at the bottom of Chrome’s Settings page. Under the Privacy & Security section, choose which options you want to enable or disable. Ideally the settings should be as below.

Control What Websites Can Do: Click the Content Settings button under Privacy & Security and you will find options that control what web pages can do in Chrome.

By default, Chrome allows websites to set cookies. These cookies are used to save your login state and other preferences on other websites. To have Chrome automatically clear cookies, select “Keep local data only until you quit your browser”. You will be able to sign into websites and use them normally, but Chrome will forget all the websites you have signed into and preferences you have changed each time you close it.

The other options here control whether websites can use various features, like your location, webcam, microphone, and browser notifications. With the default options here, websites have to ask you and get your permission before they access most features. You can scroll through here and disable various features if you don’t want websites asking to see your location or sending you desktop notifications.

With Chrome browser for desktop, to enhance your security, you can install HTTPS Everywhere, Ghostery, Privacy Badger, AdBlock Plus and Click&Clean plugins, which forces websites that support encryption to turn it on by default, block web trackers and clear third party cookies.

9. Remove Bloatware

Manufacturers and carriers often load Android phones with their own apps. They can range from Samsung’s own messaging application to Google’s own music player application to even actual spyware like DT Ignite.

Generally manufacturers or carriers do this for additional revenue and also to maintain control of the devices they sell.

Sometimes they get paid for each application they pre-install on the smartphones they sell. They can even make more money from the diagnostic and usage data these applications can collect on your phone.

Because most of the smartphones and tablets are unrooted/ locked, it can be difficult to uninstall or even disable some of these pre-installed system applications. That is why, instead of uninstalling bloatware, we recommend disabling those apps instead. Android has a built-in way to do this, and it should work for most apps.

Also, NoBloat Free — an Android app — allows you to successfully remove preinstalled bloatware from your device.

Here is a guide to manually uninstall these bloatware without root access. All you need is a few simple ADB commands in a command prompt.

(Caution: Uninstalling some system apps may result in problems or instability. Please make an informed decision before uninstalling any system app.)

10. Secure Your Network

You should also direct your focus on your router — that is the centre of your network and, if poorly secured, the epicentre of much potential trouble. This gadget may not store any of your personal data, but with all that traffic flying through it, taking good care of this network hardware should be a key component of your security culture. And yet, we usually ignore security concerns that have to do with routers.

There are a few essentials for a hardened router.

Get rid of the defaults: The pre-configured password to access the router’s admin interface (192.168.1.1) is the first thing you should replace with a strong and unique password or passphrase. Also, pick a non-generic username instead of the default one, which commonly is one of these five options: ‘admin’, ‘administrator’, ‘root’, ‘user’, and no username at all.

Use WPA2-PSK Security: Wi-Fi Protected Access 2 — Personal is the best for home routing needs. Underpinned by AES encryption, which is uncrackable with today’s computing resources, ensuring that a snoop cannot simply read it even if they somehow get their hands on the data.

Update The Firmware: Routers are computers, so their operating systems — embedded as firmware, need to be updated for security vulnerabilities. Routers are notorious for being riddled with security loopholes mainly due to their running outdated firmware. This makes things so much easier for attackers, as many incursions are facilitated by simple scans for routers with known security holes.

To check if your router’s firmware is up-to-date, navigate to the device’s admin panel. You will then need to visit the vendor’s website and check whether an update is available. This is not a one-time task, however, so be sure to check for new updates regularly, at least several times a year.

Restrict the Unused: Unless you are sure you need Universal Plug and Play (UPnP), which is intended to enable frictionless communication between networked devices but lacks any authentication mechanism, you should turn it off. Shut down any protocols and block any ports that aren’t needed, as that will reduce the attack surface on your network.


ADVANCE SECURITY MEASURES FOR THE EXTRA PARANOID

There are some professions — such as government workers, journalists, and activists — who face far more and complex threats than the average citizen, who should usually only worry about tech companies tracking them to serve up the best kinds of ads, or government bulk data collection of their personal records. The purpose of the below mentioned guideline is to provide direction for protecting confidential data from unauthorized access or disclosure. But everyone can take the basic advice and modify it on varying degrees.

While most apps and services nowadays secure your data with encryption on their servers to prevent data from being readable if hacked or served with a government subpoena, many more now are providing it “end-to-end.” In other words, nobody else can see what’s sent, stored, or received, other than you and the person you are talking to — not even the companies themselves.

Usually, the only way to break that “end-to-end” model is to attack an endpoint, such as the device you are using, the internet pipe that the data’s traveling along, or the company’s servers. If you secure each of those points, you are well on the way in keeping your data private.

Still, effective encryption doesn’t always just happen, especially once you move beyond basic messaging. Here’s how to keep snoopers out of every facet of your digital life, whether it is video chat or your phone’s memory card.

1. Minimize Your Social Media Exposure

Minimize your social media presence if you really want to remain anonymous online.

After the recently surfaced massive privacy scandals, record number of users across the world are considering to delete their Facebook accounts.

It is just one more data about your sentiments and preferences and would-be used to uncover information about you without your permission. The only sure-fire way to avoid giving up this information is to delete your accounts entirely.

A word of warning, ‘deactivating’ your account is not the same as deleting it. Deactivating your account is sort of like putting it into hibernation — all your information is stored and can be re-activated if you have second thoughts. Always delete rather than deactivate an account if you wish to completely wipe it.

Although, your “digital footprint” includes all traces of your online activity, including your comments on news articles, posts on social media, and records of your online purchases. Review your “digital footprint” and pay close attention to the way each platform lets you protect sensitive personal details.

Use multiple search engines to perform a search for your first and last name. Look up both your actual name and your username. Try the common misspellings as well.

Review the first two pages of results. Are they positive? Do they show too much of your information? If anything comes up that you don’t like, ask the site administrator to take it down.

Setting up Google Alerts is one way to keep an eye on your name. Every time it is mentioned somewhere you will get a notification. If you have a common name, it may help to attach keywords to your search, such as your location or activities that may associate your name with a Google alert.

2. Text Messaging

Signal, the smartphone and now-desktop encryption app, has become the darling of the privacy community, for good reason. It is as easy to use as the default messaging app on your phone; it is been open source from the start, and carefully audited and probed by security researchers; and it has received glowing recommendations from Edward Snowden, academic cryptographers, and beyond. Its cryptographic protocol also underpins the encryption offered by WhatsApp and Facebook’s Secret Conversations. (Those two services don’t, however, offer Signal’s assurance that it doesn’t log the metadata of who is talking to whom.)

WhatsApp does collect and store more metadata than Signal. That means the government, if it demands data from Facebook, could see who you are talking to and when. A recent report by Forbes confirms that the company could be forced to turn over data it collects, such as IP addresses, phone identifiers, and even location data in some cases.

The most important note, for encrypted chat newbies: Remember that the person with whom you are messaging has to be on the same service. Signal to Signal provides rock-solid end-to-end encryption; Signal to iMessage, or even to WhatsApp, won’t. Signal is designed to warn you when the unique key of your contact changes, so that he or she can’t easily be impersonated on the network.

WhatsApp is also fine, for the less sensitive communication needs, as long as it’s being used properly by verifying your keys with the other party. Make sure that you enable security notifications so you can monitor for any key changes.

You should also turn off online backups — both on the app and iCloud and Android’s settings — as backups can be cherry-picked out of the cloud by law enforcement with a search warrant.

Do this by going to WhatsApp then Chats > Chat Backup > then set Auto Backup to Off.

3. Video and Voice

Signal enables encrypted video and voice calls too. WhatsApp again uses Signal’s encryption protocols for voice and video, but as with text messages, doesn’t promise not to keep logs of conversation metadata.

4. Email

Encrypted email is a fallacy. Consider email services that don’t require you to handle private keys, such as ProtonMail, which now comes with support for the Tor browser.

Temporary Email: Disposable Email Addresses (DEAs) are anonymous and temporary. They allow users to quickly create new email addresses as-and-when they are needed, which can then be disposed of after use. This is particularly useful for avoiding spam when filling in forms on websites that require an email address to proceed. Keeping your real email address away from spammers is crucial to protecting your identity online and DEAs are a great solution. Popular providers of this service include Guerrilla Mail and EmailOnDeck, although there are hundreds out there to choose from.

In an era where seamless encrypted messaging is proliferating — and is both easier and likely more secure than email — it is better to get rid of that out of date protocol. Instead, choose from the huge number of encrypted messaging apps with much better conversation speed and security.

5. Storage

There are many smartphone vault apps that encrypt data to make it unreadable without decrypting it first with the correct password. In a recently published paper, security researchers shared their first account on the forensic analysis, security and privacy testing of 18 different Android vault applications by reverse engineering them and examining the forensics artefacts they produce. Out of all 18 applications they deemed Keeper (available for both Android and iOS) as the most secure. Keeper is a password manager application and digital vault that stores website passwords, financial information and other sensitive documents using 256-bit AES encryption, zero-knowledge architecture and two-factor authentication.

Researchers were not able to reconstruct the original content except by employing a brute force attack on the password hash. Even though a brute force attack was a possible solution, to crack a large password may be extremely time consuming. Given that there is no limitation on the password length and complexity, the success rate depends on the chosen password.

In addition, there are also data shredder software available, i.e. iShredder, which allows the phone owner to permanently erase/ sanitize certain sensitive data.

6. Browsing

When it comes to the gold standard of privacy, consider using Tor. It is similar to a regular browser but with privacy benefits, and it is often used by the privacy conscious, such as reporters and activists. On a smartphone, you can use mobile versions of the Tor browser called Orbot for Android and Onion Browser for iOS, both of which are open source.

You can use Tor for anything — but streaming video can be slow, and some web plugins (like Flash) are generally disabled as these can be used to de-anonymize you, defeating the point altogether.

7. ‘No’ Public Wi-Fi Networks

While using a public network, like a Wi-Fi hotspot in a coffee shop or anywhere else, be extremely careful. Treat this network as though every page you visit will be monitored — which may expose your personal information, including your usernames and passwords.

8. Install Haven App

Haven is an open source Android application. It operates like a surveillance system, using the device’s camera, audio recording capability and accelerometer to detect movement and notify a user. The idea is that, even with the best encryption in the world, a device is vulnerable to physical, in-person tampering — also known as “evil maid” because literally a hotel maid could access it.

So, for instance, you had set up an Android device in a hotel safe nearby your laptop. Haven could then be set to broadcast any audio or movement, if anyone opened the safe it will take a photo, record audio and detect motion. Alerts can be sent via SMS, Signal or to a Tor-based website.

9. Use a Physical Authentication Key

Two-factor authentication has become the standard for any decently protected online service. You proved possession of it by entering a one-time code, sent by text message from the service you tried to log into, or better yet, by a code generated on the phone using a service like Google Authenticator. But phone accounts can be hijacked to redirect texts. Even authentication codes can be stolen and used by someone who tricks you into entering them on a convincing phishing website.

A more robust form of two-factor authentication comes in the form of an actual USB or Bluetooth key that you carry on your keychain. Set up a Yubikey or other token that uses the so-called Universal Second Factor, or U2F, standard, and you will be asked to connect that dongle to any new computer before logging in. No one — not even you — will be able to access your account without that physical key in hand. And that’s the whole idea.

10. Stick on a Privacy Shield

When we think about online security, we think digital solutions. But protection can be physical as well. To up your security game, think outside the box with this IRL reinforcement.

Privacy guards are thin, physical covers that you can put smartphone screens to constrain their viewing angles. Think of them like mobile tempered glasses with an anti-snooping bonus. When one is installed, someone looking straight-on sees everything normally, or at worst notices some minor shading. But anyone who tries to sneak a glance from the next seat over on a train, or from another table at a coffee shop, can’t see what is on the screen. (That also speaks to a slight downside: These screens also make it difficult to, say, watch a movie with your kids on a tablet.)

Privacy filters are common on work devices, particularly those that process sensitive, valuable, or confidential information like at medical offices. But less sensitive devices are equally vulnerable to “shoulder surfing,” the simple act of catching a look at someone else’s screen.

There are also a litany of screen privacy apps, i.e. Privacy Screen Filter, for Android, all of them designed to obscure your phone’s display so others have a hard time snooping over your shoulder. On iOS, you can buy physical filters for the screen (to darken, colorize, etc.), but digital ones won’t be possible without jailbreaking.


WRAP UP

People have lost control over the data they generate, and they often don’t know what others collect about them, how it is used, and with whom it is being shared. As an analogy, think about the data that you generate as forming your informational body. As much as you control your own physical body, you want to have control and authority over your informational body.

In an Indian context, various factors such as nuclear families and cultural views, have for ages, stifled the need for personal space and privacy. However, urbanization, digitization and changing lifestyles have resulted in a growing demand amongst Indians for privacy and protection of the Information they share, specifically on digital platforms.

We already have robust constitutional and human rights into our political systems to prevent abuse by the executive. Free speech is one such safeguard. We should not forget that privacy is another.

— — — — — — — — — — — — — — — — — — — — — — — — — — — — — — —

That’s quite a list, but there are plenty of little things that you can quite easily do to protect your privacy. On top of all the apps and settings listed here, perhaps the most effective change that you can make is to tweak your phone habits.

If you have any of your own privacy tips and tricks, please feel free to share them in the comments below.


References:

1.Featured Image: GIF from donottrack blog: https://blog.donottrack-doc.com/how-to-protect-your-smartphone/
2.Image 1: Photo from CASEY CHIN via Wired.com: https://www.wired.com/story/how-to-check-app-permissions-ios-android-macos-windows/
3.How to Keep Your Smartphone From Getting Hacked | WIRED: https://www.wired.com/story/smartphone-security-101/
4.Image 2: Photo from iStock / serazetdinov via Wired.com: https://www.wired.co.uk/article/uk-surveillance-unlawful-watson-davis
5.Smartphone Security 101 | Wired: https://www.wired.com/story/smartphone-security-101/
6.Are Fake Apps Taking Over Your Phone? | McAfee Blogs: https://securingtomorrow.mcafee.com/consumer/mobile-and-iot-security/fake-apps-taking-over-phone/
7.Image 3: Photo from THEN ONE via Wired.com: https://www.wired.com/2016/03/want-safer-passwords-dont-change-often/
8.Image 4: Photo from Getty Images via Wired.com: https://www.wired.com/2017/03/good-news-androids-huge-security-problem-getting-less-huge/
9.How to Manage Your Google Privacy Settings | PCMag.com: https://in.pcmag.com/dropbox/120272/how-to-manage-your-google-privacy-settings
10.Image 5: Photo from ALYSSA WALKER; GETTY IMAGES via Wired.com: https://www.wired.com/story/apple-blocks-google-employee-apps/
11.Third-party sites & apps with access to your account | Google Account Help: https://support.google.com/accounts/answer/3466521?hl=en
12.Image 6: Photo from ALBERTO PEZZALI/NURPHOTO/GETTY IMAGES via Wired.com: https://www.wired.com/story/google-plus-bug-52-million-users-data-exposed/
13.Image 7: Photo from Getty Images via Wired.com: https://www.wired.com/story/google-chrome-login-privacy/
14.Image 8: Photo by Author
15.Image 9: Photo via threatpost.com: https://threatpost.com/down-the-rabbit-hole-with-a-blu-phone-infection/128390/
16.How to Uninstall Carrier/OEM Bloatware Without Root Access | xdadevelopers: https://www.xda-developers.com/uninstall-carrier-oem-bloatware-without-root-access/
17.How to Get Rid of Bloatware on Your Android Phone | How-To Geek: https://www.howtogeek.com/115533/how-to-disable-or-uninstall-android-bloatware/
18.Image 10: Photo from Getty Images via Wired.com: https://www.wired.com/story/upnp-router-game-console-vulnerabilities-exploited/
19.New Year's resolutions: Routing done right | WeLiveSecurity: https://www.welivesecurity.com/2019/01/17/new-years-resolutions-routing-done-right/
20.Image 11: Photo from Kaspersky Blog: https://www.kaspersky.co.in/blog/cyber-detective-tiportal/14518/
21.Online security 101: Tips for protecting your privacy from hackers and spies | ZDNet: https://www.zdnet.com/article/simple-security-step-by-step-guide/
22.Internet privacy tips for the truly paranoid | Grunge: https://www.grunge.com/10383/internet-privacy-tips-truly-paranoid/
23.21 tips - tricks and shortcuts to help you stay anonymous online | The Guardian: https://www.theguardian.com/technology/2015/mar/06/tips-tricks-anonymous-privacy
24.Help protect your digital footprint from prying eyes | Norton: https://us.norton.com/internetsecurity-privacy-clean-up-online-digital-footprint.html
25.Zhang - Xiaolu & Baggili - Ibrahim & Breitinger - Frank. (2017). Breaking into the vault: Privacy - security and forensic analysis of Android vault applications. Computers & Security. 70. 10.1016/j.cose.2017.07.011.
26.Edward Snowden's new app turns any Android phone into a surveillance system | TechCrunch: https://techcrunch.com/2017/12/24/edward-snowden-haven-app/
27.Physical Measures To Amp Up Your Digital Security | Wired.com: https://www.wired.com/story/physical-security-measures/
28.Image 12: Photo from Owni /-) - CC by NC - via Flicker.com: https://www.flickr.com/photos/ownipics/4839933569/
29.We don't want to sell our data - we want data rights! | Privacy International: https://privacyinternational.org/blog/2683/we-dont-want-sell-our-data-we-want-data-rights
30.An overview of the changing data privacy landscape in India | PWC India: https://www.pwc.in/research-insights/2018/an-overview-of-the-changing-data-privacy-landscape-in-india.html
31.Privacy as a Political Right | Privacy International: https://privacyinternational.org/report/705/privacy-political-right