The amount of sensitive information stored on your phone can be staggering. We have it with us everywhere we go. Our work, study, play, flirt and even we pay with it. And from pickpockets to malware, threats are plenty. By applying a few simple practices you can reduce chances of successful attacks.
1. Always install iOS & Android system updates as soon as they appear
Smartphone users often postpone system updates or ignore them altogether. As a matter of fact, I’ve seen people actually annoyed by a system update notification. Most either don’t know what this update is or don’t want to “waste” a few minutes for the update to be install. But these updates are rarely released for cosmetic reasons only. It costs a lot to deliver an update and when it comes it’s usually fixing some important system issues. Never assume that your mobile system is 100% secure. There are major vulnerabilities found inside both Android and iOS every few months. When you push “skip”, you’re giving hackers more time to prepare exploits and attack your device.
2. Don’t install applications from untrusted sources
This one should be obvious, but I know it’s not. There are alternative markets for both iOS and Android apps and they are doing well. Yet, apps from these aren’t verified by the official anti-malware software, so their safeness is dubious at best.
Even downloading apps from the official store, you have to be cautious. It’s not unheard of that some malware slips through the scanning mechanisms. It’s good to analyze at least a few reviews before installing an app. Also, take special care of which permissions are you granting. Avoid applications that need unexpected permissions.
3. Do not root/jailbreak your device (unless you know what you’re doing)
There are many advantages of rooting/jailbreaking your phone, and I won’t argue with that. It gives you a complete control over the system. Yet, that power can be misuse if you’re not cautious enough. It’s harder to break things with a limited user profile. But root user can mess things up by making changes to system files or by installing a wrong application.
Root/jailbreak apps might contain malware built for one purpose. Steal your money, private photos or personal information. In 2015 one of the jailbreak tweaks intercepted 225 000 valid iCloud accounts. As it turned out, all were used for fraudulent in-app purchases.
And last, but not least, you are very likely to have problems with the system updates both on Android and iOS. System update can revert your jailbreak/root or even it wouldn’t be possible to install an update at all. And, as explained in the first point, this can be very dangerous.
4. Use protection mechanisms provided by your device
Both Android and iOS offer many out-of-the-box security mechanisms. First of all, make sure that you have your phone secured by a lock screen. From the standard PIN, through patterns to biometrics: fingerprints scanner and face recognition. All have pros and cons. The bottomline is that without any lock screen protection data can get hacked in a matter of minutes.
If you’re an Android user make sure that you have encryption on. Starting from Android 5.0 encryption should be turned on by default. Unfortunately, most of the device manufacturers turn it off in their OEMs explaining it with enhancing the performance. Mind that encryption off means unauthorized access to your device data.
Moreover, it’s usually a human who is the weakest spot of smartphone’s security. All built-in security measures are not worth a penny if you use a weak password. Did you know that almost 20% of 4 digit pins are either “1234”, “0000” or “1111”? Moreover, the top 20 most popular pins cover more than a quarter of PINs out there. When it comes to lock screen patterns, statistics are also quite interesting. More than 10% of them are letters, often first letter of user’s name or someone close to the subject. What is the point of encrypting your device when you use “1234” password?
5. Backup your data
This point is not about the protection of your phone but about the safeness of your data. If you do not backup your important files and photos, you are risking losing them. Your phone can get stolen or broken any day, and with it, you lose your data. As they say, there are two kinds of people — those who do backups and those who will do.
6. Turn on remote tracking and wipe
When someone steals your phone or you lose it, having location settings on can get your device back. To this end, iOS suggests using “Find my iPhone” app, while Android offers an Android Device Manager. Both let user locate their device while it’s still on. And if you have sensitive data on your device consider wiping it remotely. If you’ve backed it up, you wouldn’t lose anything.
7. Disable all premium services (WAP billing, SMS premium, call premium etc)
This is not directly connected with the phone you are using but more with your telco provider. Most of them enable all premium services by default. To subscribe to a premium service you usually have to either:
- Send an SMS to a PREMIUM number,
- Provide your number on a website and confirm with an activation code,
- Open a WAP billing link while browsing on GSM network.
Scammers use all above to trick people into subscribing premium services which are useless and cost a lot. The first two methods need a victim tricked into performing some actions, yet the third one is much easier to fall for. User agrees to a buy by clicking the link.
There is a simple way to protect yourself from such scums. All you need to is disable all premium services. Do it through the self-care application or a customer service helpline.
And if you need to use premium SMS, use a prepaid card.
8. Beware of public hotspots
Hotspots in restaurants, fast-foods, cafes, trains etc., allow to sniff your internet traffic. Think twice before connecting to such networks. If you don’t have other choices at least avoid using unencrypted protocols (like HTTP) to prevent a leakage of your passwords or pictures you’re uploading. You can also use VPN — it will make the whole communication encrypted.
9. Disable unused communication channels
It’s a good practice to turn off unused communication channels. Besides saving a few minutes of your battery life this can make your phone immune to many attacks.
Sometimes it’s not even necessary to take advantage of any vulnerability. An attacker can set up a network having the same SSID as the one your device was using before. If you haven’t specifically disabled it in the settings, your device will connect to it automatically. Imagine a daily number of devices that would connect to a network having the same SSID as McDonald’s or Starbucks Wi-Fi.
10. Clear your device and remove unused applications
We stopped worrying about removing unused apps. We can only blame growing storage space in our smartphones. If you’re using your phone for some time, it most likely contains at least a few applications that you will never use again. Even if they are safe at the moment, they might contain a vulnerability that is not yet known and might cause you problems in the future. You might even forget that you have these apps on your device. This point is especially important for users who did root/jailbreak their device. From time to time it’s also worth checking if the app permissions did not change over time.
You have to keep in mind that none of these practices will make your phone 100% secure. That’s impossible and was never the point of this post. These practices and a healthy dose of common sense can make it harder for any attack to succeed. And as they say, it’s better to be safe than sorry. Don’t push your luck too far and start being proactive about the security of your smartphone. Today.
Are you thinking of creating a game-changing digital product?
We would love to hear from you and talk about your project!
Write us on firstname.lastname@example.org and discover your possibilities!
Originally published at blog.miquido.com on October 25, 2017.