Securing Your Mobile Devices
Minimize Risk While Surfing the Web on Your Phone
Tools to maximize privacy and prevent unknown access on networks
In Part 1 of our discussion on mobile security, we covered some of the initial steps people can take to help secure their most-used computers: their mobile devices. With mobile malware on the rise, we all have a responsibility to educate ourselves and ensure that our digital devices are as safe and secure as possible. However, we also have a responsibility to help educate others, so do me a favor, friends: If you have parents or children who love to use their own mobile devices, have a plan for them as well. Maybe you personally manage those devices for them or help them learn how best to manage their devices. Regardless of the method you choose, be proactive.
Let’s begin by diving deeper into ways that you can learn to harden your mobile devices. No, I’m not talking about encasing them in lead shackles: “Hardening” is the process by which we increase security measures on our digital devices.
“The Internet works remarkably well, considering how old it is. It was designed very well. However, it wasn’t designed for privacy.” —Mikko Hyppönen, white-hat hacker and featured TED Talk presenter
Vulnerability: Wireless Networks
Browsing the web on a wired network that’s behind a firewall or a VPN is generally thought to be a safe method for going online. However, most of us don’t go to those lengths when we hop onto the internet, even for our most sensitive work. Instead, we simply enjoy surfing on wireless networks wherever we go, assuming that all is well, never stopping to think if the hotel where we’re staying or the coffee shop where we’re caffeinating has taken the time to implement a secure wireless network for its patrons.
My advice: Assume that none of these networks are safe. This is especially important for those of us who use our mobile devices for online banking, accessing medical records, storing our passwords with a password manager, or browsing files on Dropbox, Google Drive, or Windows OneDrive.
To protect yourself, I urge making several reasonable changes that will help make surfing on free, public Wi-Fi networks that much safer. Here are a few tools that can help protect your most precious data from those with powerful digital tools and prying eyes.
Use a VPN App
I recommended using a VPN (or virtual private network) way back in my first article for this series. I know: The memories are powerful and beautiful, right? Back then, I was discussing how to keep your home and business computers safe, but I urge you do the same with all of your mobile devices. A VPN provides a secure connection to the internet by hiding your IP address — your unique identification number — and encrypting all your data. The very best VPN providers offer servers in multiple countries, provide apps for mobile device access, aren’t under U.S. jurisdiction, and never keep user logs. While researching my book on technology, I found what I still consider to be the best VPN comparison site on the internet and dug into to the small print. What follows is small group of VPN companies that I believe provide the best core services on the internet while also putting a massive emphasis on protecting your privacy:
A special note to parents: VPNs can provide access to websites that are normally blocked. Consider that when giving a mobile device with a VPN to any child.
Use a Web Browser That Leaves Little or No Trace
I now use the Brave web browser on all my computers and mobile devices. It’s 100 percent free, simple to use (just flip one switch!), and offers powerful tools to help consumers block cookies, tracking software, and obtrusive ads. As a result, Brave is blazingly fast compared to most web browsers that need to load all those trackers and cookies. It’s available right now for macOS, Windows, and Linux, as well as for iOS and Android. Hell it’s even available for Amazon Kindle devices, so you know these folks mean business! Install it now on your mobile devices, and let me know in the comments section if it doesn’t speed your mobile web browsing considerably. It did for me, and it was obvious and notable.
Once Brave is installed, click on the lion icon to access the control panel, as shown in the image below. From there, you can turn on/off the blockers with a simple switch. Also worth noting, you can choose which controls you block, a useful tool since some websites won’t function well if you shut down all third-party scripts and fingerprinting.
If you’ve upgraded to iOS 11 — and you should — the latest version of Safari in iOS allows users to block “cross-site tracking.” This new feature is something that’s made advertisers and marketers very upset with Apple. In simple language, cross-site tracking allows a web browser to take note of your browsing history, and then carry some of that information to other websites. Have you ever browsed for a product on Amazon, and then, moments later, see ads for that very item appearing on Facebook and other sites? Yeah, that’s cross-site tracking, and it’s annoying as hell. Safari in iOS 11 allows you to turn that off. Open the Settings app, then scroll down and tap on Safari, as shown below. There, you’ll find the preference to prevent any cross-site tracking.
Use a Web Browser That Maximizes Privacy
The Onion Router (also called “Tor”) is a complex system of relays and encryption schemes that encrypts our data and makes what we do online very difficult to track. An excellent primer (with pictures!) can be found here. The NSA — an agency known for attempting to hack most every system and platform on the planet — considers Tor “the king of high-secure, low-latency internet anonymity.” Translation: It’s an effective tool that individuals or organizations can use to help protect their privacy while online. Just remember: Wanting privacy online doesn’t make you a criminal. Privacy is everyone’s right, both on and offline.
The highly rated Red Onion browser for iOS ($1.99) and OrBot for Android (developed by the TOR Project and free) both utilize the Tor network and are highly rated by users. There are other solutions for both platforms, of course. However, these two apps have maintained a best-reviewed status for years now, something other apps cannot claim. Every Tor Project app download (including those for all desktop and mobile OSes) can be found at this convenient link.
One important note: Increasing your privacy with Tor might slow you down, literally. Because of how Tor works — by bouncing your data from random relay to random relay — you’ll notice that your surfing speeds will be slower. Don’t let that stop you from using it. If you use your mobile devices for online banking and other sensitive tasks, install and use a VPN app and do your work via a TOR browser. Then, later — when you want to look at funny cat videos on YouTube — you can turn off all your security measures and surf at much faster speeds, if you prefer.
Track Who’s Tracking You
While the measures above will help to minimize or even eliminate the various ad and marketing groups that track your movements online, perhaps you’d like to know who, specifically, is doing that tracking. For that function, I can think of no better app than the well-reviewed Ghostery. It’s free for every desktop OS you can think of, as well as for iOS, Android, and Amazon mobile devices. Once installed, Ghostery provides a simple method to learn about and block any detected trackers: Click on the ghost icon in the lower right of your browsing window to pop up a list of every tracker following you on that website. Deactivate any tracker by tapping the green switch; learn more about any tracker by tapping the info button. While Ghostery is not my go-to browser for surfing, it certainly is my go-to browser for learning about who wants to track me while I am surfing so I can smack those people down, y’all.
Vulnerability: Networks and Access
One of the greatest things about our mobile devices is how easily they connect to the world around us. One of the worst things about our mobile devices is how easily they connect to the world around us. With the power and ease-of-use of Bluetooth, AirDrop and AirPlay, cellular networks, NFC connectivity, and, increasingly, our own biometrics, it’s never been easier to connect to the world from our pocket computers.
We’re encouraged to do this even more, of course. Advertisements remind us to “Do your banking right on your phone,” or “Unlock the Bluetooth deadbolt on your front door,” or “Pair your phone with the car so you can stream music or run diagnostics.” It’s all very, very attractive. I get it, and I do some of these things myself. However…
It’s worth remembering: Each time we connect our mobile devices to a new network, we’re making a leap of faith. Therefore, here are a few suggestions to help reduce your risk from unknown access and unknown networks.
Turn Off AirDrop Unless It’s Needed
AirDrop opens another method of connecting to your mobile device from the outside world. It’s mostly a convenience, so treat it that way. Turn it on when you need it, and shut it down when your task is completed. Additionally, use the “Contacts Only” setting — not the “Everyone” setting—when you need it. Shut off AirDrop promptly when you’re done using it.
In any OS before iOS 11, swipe up from the bottom of your iOS device to find where AirDrop lives. In iOS 11, the controls have moved into the Settings App at Settings -> General -> AirDrop.
Turn Off Bluetooth and Wi-Fi Unless Required
OK, I understand the absurdity of this recommendation, because I understand that these two services make digital life much, much easier for many of us. However, we should all be more prudent with when and where we enable these services. I used to leave Wi-Fi and Bluetooth powered on all the time, even when I wasn’t using them. I no longer do so, because malicious hackers can hack via Bluetooth, and they can also hack via Wi-Fi. Therefore, as a general rule: Activate Bluetooth and Wi-Fi only when you need them, and then deactivate them when you don’t. One simple way to achieve this is to activate airplane mode on your device when you’re not using it.
Protect Your Device with a Strong, Complex Password
We all like having simple and convenient passwords for our devices—so do hackers, and it’s something they count on. Wanna see how long it takes to crack your current mobile device password? Go here and be prepared to be shocked. Instead, replace your four-digit passcode or swipe pattern with a long password that contains letters, numbers, and special characters. On an Android device, tap through Menu -> Settings -> Lock Screen & Security -> Password. Here’s a link with more info and photos. Please note: As Android builds vary from manufacturer to manufacturer (#sigh), your controls might look slightly different.
On newer iOS devices, tap through to Settings -> Touch ID & Passcode. You’ll be asked to enter your current password. Tap on Change Passcode, and you’ll be asked to enter your current password a second time. Now tap Passcode Options -> Custom Alphanumeric Code. Here, you’ll be able to enter a new strong, complex password. Pick something with lowercase and uppercase letters and special characters. You’ll be asked to provide that new password twice. After clicking “Done,” your iOS device will take about 10 to 20 seconds to set the new password and encrypt your data. Here is a video I made to help walk you through the process:
Activate the Strongest Password and TouchID Settings
When it comes to TouchID and password enforcement on iOS, there’s good news and bad news. The good news is that any iOS device with TouchID built in (which includes any model since 2013) immediately forces required password usage when TouchID is set correctly. The bad news? Not everyone sets their TouchID preferences correctly; this allows for periods of time — from one minute to one hour — for a password not to be required, a massive security hole. Ensure that your TouchID requirements are set correctly. Tap through to Settings -> Touch ID & Passcode and manually enter your passcode. There, you should see that all three TouchID settings are activated, as you see below. If not, please turn on each setting immediately. For those with older versions of iOS, tap through to Settings -> General -> Passcode Lock -> Require Passcode and set to “Immediately.”
Activate “Self-Destruct Spy Mode”
If you’re someone who either values privacy or works for an organization that values data protection, this is the kill switch for you! In the same iOS settings panel we’ve been discussing (Settings -> Touch ID & Passcode), scroll down to find the “Erase Data” setting. Activate this option, and your iOS device will be automatically erased if someone fails 10 times to enter your correct password. Warning: Keep your phone away from toddlers and teens if this setting is activated! For what it’s worth, Android OS doesn’t yet have this feature, something I consider to be a security hole. If you’re an Android user with a workaround, please share in the comments section.
Restrict Access When Your Device Is Locked
Turn off anything containing sensitive information from being accessible while your device is locked. Early on, I discovered that Apple’s Wallet could be used even when my device was locked. That meant my digital credit cards linked via Pay could be used if my iPhone were stolen. I altered my settings to prevent that. You should as well by going to Settings -> Touch ID & Passcode. Scroll down to the “Allow Access When Locked” area, and use my settings as a possible starting point. (See below.) You’ll notice I’ve also turned off Siri when my device is locked, because I certainly don’t wish for any voice-activated data to be revealed to a malicious hacker.
We just covered a total of 10 simple and mostly free solutions to help you take better control of your mobile security. Take it slow, but by all means: Do take it. It’s worth the effort now to prevent a stolen identity or a loss of critical data later. Maintaining the right balance between using digital security and enjoying your online life will always be a moving target, so it’s best to have a strategy that works for you. Like your parents always taught you: Nothing’s better than good old-fashioned common sense.
What tips and tricks have you used? Write them in the comments section below so everyone can compare notes.
Thanks for reading and, as always…surf safe!