How to Manage Your Smartphone’s Security

Broken Old rusted lock on blue door with text overlay

Wouldn’t it be great if your smartphone came complete with all the security you need, right out of the box? Unfortunately, while some manufacturers try, there are simply too many threats out there. Also, a lot of what we consider “security” is nothing more than user habits. But don’t fret, because there are ways you can manage your smartphone’s security.
By now, you’re probably asking, “What does it matter? I’m not a celebrity or a politician. Nobody’s interested in my data.” It’s a fair point.
But get this.
Your photos and the hours you spent playing Angry Birds aren’t the only things that criminals, corporations, and governments are after. Check it out.

Common Privacy Issues

We’ve already talked about some of the everyday hacks criminals (and others) use to access your data. But did you know that governments around the world want into your phone, as well? For example, we know that the Chinese government spends billions of dollars trying to access American’s health data. We also know that the NSA keeps records of millions of messages every day.

And if that isn’t bad enough, it seems every app wants to know everything about you. From Facebook secretly filming you using your phone camera to Google tracking you around the web, it’s downright creepy.

Here are some of the most common ways that companies, governments, and criminals get access to your information.

Weak passwords

Most people use simple-to-remember passwords for all their accounts. And then they make it worse, by using the same password for every account.

Ouch.

You see, a weak password is the number one way to get hacked. Just think about it. The kind of people who can wirelessly hack your data are talented. Your kid’s birthday isn’t going to fool them.

Permissions

We’ve all done it. When you download a new app, there is a long list of terms and conditions to read through. Most of us don’t read them, and that’s where privacy issues begin. Many apps ask for invasive permissions, which we quickly grant.

From games that want to access your microphone and camera to photo editors that wish to track your location.
If you read the fine print, often they want access to your contacts and your messages. That’s creepy.

 Wifi

Did you know that open wifi networks are a major privacy concern in today’s world? It’s true! We all love to pop into McDonald’s or Tim Hortons and join the free Wifi. But once we do, everything on our phone becomes viewable by those companies, or worse. Sometimes criminals hack into public wifi and access everyone’s devices. Only a VPN can solve this problem.

How to Manage Android Phone Security

 

Green Android Logo Robot with Antenna

Perhaps unsurprisingly, Android phones take the lion’s share of privacy breaches. That’s because they use the Android open-source code as their backbone, and anyone can go online and pick that code apart, looking for vulnerabilities.

But even if Google patches security weaknesses with updates, which they do, many Android phone manufacturers don’t roll those updates out to users. Samsung is guilty of this. Xiaomi and Huawei are awful at providing updates. Only Google’s own Pixel line can be said to be more secure, although Google itself is spying on every Pixel user.

But there’s good news.

If you’re an Android user, you can take steps to minimize privacy leaks.

Google Play Protect App Scan

First off, Google provides an app security system built right into all newer versions of Android. It’s called Google Play Protect. Its primary mission is to detect, warn you and remove apps that are a security risk. H

Here’s how you can scan the apps on your device.

  1. Open the Play Store app
  2. Open hamburger menu on left side
  3. Select My apps & games
  4. The very first option is a summary of your Google Play Protect status. Tap it.

This will take you to a detailed summary of Google Play Protect on your device, where you can check the status of the last automatic scan, or start a new one manually.

Smart lock

Another security feature introduced by Google is Smart Lock. There are actually three different smart lock programs for Google products, including Smart Lock for Chromebooks and Smart Lock for password management. However, we’re only interested in Smart Lock for Android right now.

Smart lock uses the sensors in your phone to keep your phone unlocked while it’s in your pocket or at home (or another trusted location, such as your office). Also, when your phone nears a trusted device such as your Chromebook, it will unlock.

On the surface, this seems like a handy tool. You won’t need to unlock your Android every time you want to use it. Aside from the fact that it only works half the time, it’s also a security threat. A pickpocket has access to your unlocked phone. Or if you leave it on your desk at work, anyone can get in.

Which is why you may want to consider turning it off.

  1. Open your device’s settings menu
  2. Tap security
  3. Tap location
  4. Select “Smart Lock”
  5. Enter PIN or password
  6. Turn off Smart Lock

Malware Removal

Google Play protect may scan you apps for malware but not necessarily the files on your device. It’s one of those things we hear about often. This may cause complacency in one of the most common threats out there.

What makes Malware particularly important to watch for is that in some cases it provides full access to your device and sometimes allows the transfer of heaps of data back to evil genius headquarters.

In fact, it is simple and free to have a solid grip on malware for your phone. We suggest using a free App like Malwarebytes free version. There are a ton of malware apps to pick from and you don’t need the paid versions.

Here’s a link to download Malwarebytes.

Rectangular Black Button with Google Play Logo

Whatever you pick just make sure you update the database before you run a scan. Try to run the scan at least once a month.

Ransomeware Prevention

Ransomeware is a thing of nightmares. Unfortunetly asides from paid software, there is no easy prevention.

It works by infecting your device or computer via an email attachment download, file download or simply having an outdated version of Windows. Once on your device, a script is executed to encrypt all data or to lock you out of the device preventing access. Next, a message is displayed requesting payment by Bitcoin in order to regain access.

Most of the time a DFU for iOS or a hard reset for Android will remove the takeover but all data is lost.

These are the best practices we recommend in general:

  1. If unsure, trash the email. Don’t download attachments or click on links before glancing at the “From” address of the sender.
  2. Be cautious where you download files. Free cracked software, e-books, apps, sites with pirated content all have been known to be an easy way to get the malicious files on your device.
  3. Update Update Update. We’ve mentioned this so many times on this blog but we’ll say it again. Updating your apps and operating system is the easiest way to be protected. It’s allowing the big-budget security departments at Google and Apple to work for you. We commonly receive devices that haven’t had an update in years. From a security perspective that’s just not smart.

These are habits that need to be trained. Like all habits, sometimes the best of us fail at changing. So if you do get caught, having a backup of your device would come in handy.

For iOS, an iCloud backup along with a desktop backup of your device will do the trick. For Android, use the PC or Mac software specific to your manufacturer. You can find the official downloads on their websites.

We hate recommending paid software because in most cases we get it done for free. However, for those with the budget Bitdefender leads the charge and can prevent and fix encryption by ransomware apps. For iPhone users, just backing up you’re device is a better form of protection.

Here’s the link.

Rectangular Black Button with Google Play Logo

Two-factor authentication

Next, you can secure the apps on your device by using two-factor authentication (2FA). This is a feature that requires the input of a randomly-generated number in order to login to accounts and Apps. You can have the number texted to you, or use a 2FA app such as Google Authenticator.

 

Download Google Authenticator here:

Rectangular Black Button with Google Play LogoBlack Rectangular Button with Apple App Store Logo

This extra layer of security means that if you’re using public wifi it will be impossible for anyone to snoop through your apps without your permission.

Lock screen messages

Sadly, messages which you can read on your lock screen constitute a serious privacy threat. With the number of cameras around, anyone can read your conversations. Don’t forget others walking by behind you with their phone out.

Of course, most people aren’t interested in your argument with your BFF. Nevertheless, the more information someone can glean from your phone, the greater the risk of a more serious data breach in the future.

Luckily you can turn these off, and only be notified that you have a message.

  1. Open Settings
  2. Tap Apps & notifications
  3. Tap Notifications
  4. Scroll to find “Notifications on lock screen”
  5. Select “Don’t show notifications”

How to Manage iPhone Privacy

Apple logo black and white with bite and IOS

By now you’d have realized that Android phones are a lot less secure than iPhones. But that doesn’t mean iPhones are invulnerable to privacy breaches. After all, there have been numerous iCloud breaches, and Facebook even got busted recording users with the iPhone camera.

And let’s not forget that any use of public Wifi without a VPN is dangerous, regardless of what kind of phone you’re using.

So let’s look at how you can manage privacy on your iPhone.

Security code autofill

As most iPhone users know, Apple fully embraces two-factor authentication. But to make it easier for people to use 2FA with other apps, Apple rolled out security code autofill with iOS 12.

Basically, when you receive a 2FA text message, you don’t need to switch between your app and your messages to view it. Instead, the 2FA code appears as an autofill suggestion. Simply tap it, and it auto-fills. Voila!

Password re-use auditing tool

One thing Apple is known for is privacy. And for a long time, Apple has offered iCloud Keychain to iPhone, iPad, and Mac users. This is basically a built-in secure password manager that syncs between all your devices. It creates long-string passwords and stores them for you.

Then, when you want to log in to a site, you only need to enter your iCloud password or use biometrics and Apple will do the rest. But to help you hunt down and change similar passwords, Apple offers a password auditing tool.

Basically, this analyzes all your passwords saved in Keychain. If any of them are similar (or the same), Keychain offers to change them to something more complicated.

On your iPhone:

  1. Go to Settings
  2. Scroll down to “Passwords & Accounts”
  3. Tap “Website & App Passwords”
  4. Authenticate with Face ID or Touch ID
  5. Look for sites and apps with an exclamation mark next to them
  6. If you see any, tap on them
  7. Follow the directions to change password

Auto-delete iMessages

By now you know that Apple’s iMessage includes end-to-end encryption. That means nobody can read your messages, not even Apple. But if someone gets access to your phone, they suddenly have access to all your messages!

Shutting off lock screen messages is a good start towards phone security. Likewise, deleting your iMessage history is a great option. Apple makes this easy by allowing you to choose to keep your iMessages forever, for one year, or for 30 days.

  1. Go to Settings
  2. Go to “Messages”
  3. Tap on “Keep Messages”
  4. Select “30 days”

Now your messages will only hang around on your device for a month, and then they’ll auto-delete.

Use Safari

Apple’s iconic web browser, Safari, comes with plenty of features. From built-in Apple Pay to reader mode to a function that stops videos from auto-playing, Safari is a web user’s dream browser. But it also comes with the most important feature of a web browser in the 21st Century: privacy.

You see, Safari blocks advertisers from following you around on the web, and it stops websites from installing spyware on your device. It does this by “Sandboxing” every site you visit. This allows you to use all the normal functions of the website but doesn’t allow anything from that website to leave your session. Safari also stops companies such as Google, Facebook, and Amazon from “fingerprinting” you, which means they can’t see your device’s unique electronic signature and follow you around the web.

Best of all, Safari automatically blocks sites from accessing your microphone and camera, things that Chrome users can only dream of!

Unfortunately, you can only use Safari if you have an iPhone. But if you do want to make the switch, consider selling your Android to a site like Gizmogrind. They make everything easy and offer top dollar that you can put towards your new iPhone.

Take Control of Your Data

It sounds simple. And it is. Tweaking a few settings on your phone and changing a few of your usage habits can go a long way towards better smartphone privacy. Of course, nobody can prevent all the apps from mining your personal life. Facebook, including Messenger, Instagram, and WhatsApp will always be lurking in the background. Google gobbles up private information like a vacuum cleaner.

So what can you do about it?

Aside from deleting Facebook, Google, and Amazon (the biggest offenders) from your life, you can limit what information they, and others, can access. Use a secure web browser such as Safari or Firefox. Set up two-factor authentication on as many apps as possible. And don’t forget to use a VPN when browsing on public Wifi!

Finally, never download apps from strange sites on the internet. Use only trusted app stores, such as the Google Play Store, Samsung Galaxy Store, or Apple App Store.

Leave a Reply

Your email address will not be published. Required fields are marked *