Mobile Device Security

Mobile Device Security

Last week we covered the topic of email security. And as mentioned at that time the second most common way used to communicate these days, apart from email, are mobile devices, especially smartphones. They are great devices that make our busy lives easier to manage but as any convenience comes with a price so does the convenience of using the multitude of functions available through a smartphone or other mobile device starting with the device itself. When I say this, I mean the geolocation function which has a lot of pros, but the disadvantage is that the ‘Big Brother’ always knows where you are.

So just as with our post about enhancing your email security, here is some advice on increasing your mobile devices security and increasing your privacy.

1. Encrypt your devices

Ever wondered what might happen to all your personal information if you lose your mobile device or it is stolen? A good practice is to encrypt your data to keep it safe from unauthorised physical access. You can do this by going to Settings on your phone and go to Security / Encryption on your Android device and to TouchID & Passcode / Data Protection on your iOS.

2. Turn off connectivity features not in use

WiFi, Bluetooth, NFC and their like are all ways your device communicates with other devices. These two-way channels can be used to access the device by malicious actors stealthily without our consent with known vulnerabilities utilising these communication paths. Therefore, when not in use, always disable temporarily redundant features.

3. Only keep apps you are using

Don’t keep apps on your you don’t particularly use. Firstly, apps often collect various data about your activities, secondly, as they often run in the background, they slow down your device.

4. App permissions

Often, apps will ask for permissions that they absolutely don’t need for the job they are designed for.

5. Only install apps from a trusted source

To avoid the possibility of installing an unwanted code on your device download apps only from Apple App Store and Google Play Store which are scanned and cryptographically signed (making it less likely to contain malicious code). To further improve your security avoid downloading .apk or .ipa files from an unverified source. It is also a good idea to check the app’s reviews before downloading.

6. Beware of phone charging threats

It is possible to have your device hacked – your data being stolen, or a malicious code installed – when using a public charging station. It is called Juice jacking and can be mitigated by either using a power bank, an AC wall charger or using a data blocker device – a device that blocks data transfer when connected to a mobile device only allowing electricity to pass through it for charging the battery.

8. Use offline maps

The map apps we use on our mobile devices, such as Google Maps are a potential avenue for data and privacy leaks as they collect plenty of private data. Consider using an offline maps app if possible.

9. Opt out of personalised ads

You can reduce to some degree the amount of information Google collects about you by opting out of personalised ads.

10. Erase the device after too many login attempts

Although it comes at a cost of potentially losing all your data you can set your device to erasing after a set number of failed attempts to login in case of an attacker attempting to brute force your pin/password. Syncing your device with the cloud for backup is strongly advised with this solution

10. Tracker monitor

Apps can collect a lot of data about you. To find out what kind of permissions an app has and what kind of trackers are embedded in it you can use a service called Exodus which lets you search apps by name to check their impact on your privacy and security.

11. Use a mobile firewall

To prevent applications from leaking privacy-sensitive data, you can install a firewall app. This will allow you to block specific apps from making data requests, either in the background, or when on WiFi or mobile data.

12. Orbot for Tor traffic

From the maker of the Tor browser, you can install Orbot a free proxy server for anonymity on the web and for protection from public WiFi threats

13. Avoid custom virtual keyboards

You can download and use third-party keyboards on both Android and iOS. These apps will be able to access everything that you type on your phone/ tablet: passwords, messages, search terms etc. It is recommended to stick with your device’s stock keyboard. If you choose to use one of these apps, ensure it is reputable, block internet access (which can be done with a firewall app), don’t grant it permissions it does not need, and turn off analytics or other invasive features in its settings.

14. Regularly restart your device

Over the years there have been vulnerabilities relating to memory exploits. Restarting your device at least once a week will clear the app state cached in memory.

15. Avoid SMS

SMS is probably one of the most common ways of sending messages, but it is not particularly secure. The SMS protocol has been known to be susceptible to threats such as interception, sim swapping, manipulation, or malware. It is best to avoid using SMS for 2FA – use an authenticator app instead. For communication purposes use an encrypted messaging app such as Signal.

16. Keep your number private

There are apps available that will allow you to create and use virtual phone numbers. This is especially useful if you don’t want to give out your actual number and need different numbers for the sake of compartmentalisation.

17. Watch out for stalkerware

Stalkerware is malware that can be installed directly on your device by someone who has direct access to your device. It allows the stalker to see your location, messages, and other data remotely. Most likely the stalkerware will be disguised on the device as a non-conspicuous app such as a game, a flashlight, or a calculator. It might be difficult to spot and what might give it away could be unusual battery consumption, network requests or high device temperature. If you suspect stalkerware is installed on your device, the best way to get rid of it is to perform a factory reset.

18. Use in browser apps instead of dedicated apps

Where possible, consider using a secure browser to access sites, rather than installing dedicated applications. Both Android and iOS applications often have invasive permissions, allowing them intimate access to sensitive data and your device’s sensors and radios. But the extent to which these apps can access is often not clear, and even zero-permission apps can see more data than you think: accessing phone sensors, and vendor IDs and determining which other apps you have installed. All this is enough to identify you.

About this article
This article was based on the Ultimate Personal Security Checklist found on GitHub. To read the original text click here.

Dodaj komentarz


Submit a Comment

Your email address will not be published. Required fields are marked *