The fact that millions of people are carrying an always-on, always Internet-connected computer that knows exactly where they are in their pocket or purse has not escaped the hacking community. Cell phones are considered prized targets since many people now use them as digital wallets and to access mobile banking applications. After all, money is the main motivation for why hackers hack. So for my last blog in this series, we’ll briefly cover what you can do to reduce your risk of cell phone information theft.
“Hardening” your phone against hackers is a process of understanding how your phone’s security features work and what compromises you’re willing to make. That’s right, security comes at the cost of convenience. The more secure your phone is, it’s likely less convenient to use some of the services you now take for granted. Some of these recommendations are for your privacy protection as well.
Securing Android Devices
Android is Google’s flagship operating system. There are several steps you can take to improve Android security:
- Update operating system to the latest version.
- Do not root the device.
- Do not install applications from third-party app stores.
- Enable device encryption.
- Disable ‘Developer Actions.’
- Use an application/service to provide remote wipe functionality.
- Enable Android Device Manager.
- Erase all data before return, repair, or recycle.
- Set a PIN and automatically lock the device when it sleeps.
- Set an alphanumeric password.
- Set Auto-Lock Timeout.
- Disable ‘Make Passwords Visible.’
- Erase data upon excessive passcode failures.
There are many guides published about Android security such as this one from PCWorld. In addition, if you let Google store your passwords, don’t forget to do a Google password checkup. Go to passwords.google.com and click on “Password Checkup.” Strengthen any weak passwords identified.
Finally, Google’s Play Store is the only authorized location from where to download new applications. Ensure Play Protect is enabled on your devices. Open the Play Store app, tap the Menu, and select “Play Protect.” It’s on by default and is not recommended to turn off.
Securing iPhone Devices
Apple Inc’s operating system for iPhone, iOS, has long been considered the more secure of the two phone operating systems. iOS is more restrictive with what developers can do, and Apple doesn’t release its iOS source code. Even so, there are 13 steps to hardening your iPhone you can take:
- Update operating system to the latest version.
- Do not jailbreak iOS to sideload applications.
- Enable Automatic Downloads of App Updates.
- Enable remote wipe functionality.
- Enable Find My iPhone.
- Encrypt device backups through iTunes.
- Erase all data before return, repair, or recycle.
- Require a passcode or password.
- Enable TouchID with a complex password.
- Set Auto-Lock Timeout.
- Disable Grace Period for Screen Lock.
- Erase data upon excessive passcode failures.
- Enable Data Protection.
More Recommendations…
Jailbreaking
As mentioned above in the Android and iOS hardening guides, jailbreaking (or “rooting”) your device allows you to (among other things) install applications from third-party app stores. This is unapproved by Google and Apple, and can lead to installing dangerous apps. I strongly recommend you don’t perform this on your device!
Using Your Phone
Virtual Private Network (VPN):
For safe, unmonitored web browsing (especially for congregants located in countries with oppressive governments that suppress freedom of speech), a VPN is a must for information security. There are many reliable VPN apps in the App and Play store.
Texting:
- Use secure texting apps such as Signal or WhatsApp.
- Received a text with a link in it? Be careful — many scammers send SMSishing messages to entice you to click the link. The message typically tells you an account has been compromised or that you won something.
Browsing:
- Examine web links closely. “Lookalike” domain names are one way hackers trick you, for example, www.besbuy.com instead of www.bestbuy.com. See it?
- Use a privacy browser to prevent trackers and site agents from profiling you.
- These work on iOS and Android:
- Ghostery privacy browser
- Firefox Focus
- DuckDuckGo privacy browser
- Brave browser
- Frost + Incognito browser
- These work on iOS and Android:
I hope you’ve found these articles helpful. If you have any questions about information security at ACST, be sure to check out our Data Security FAQ.
Read More:
Information Security for Staff and Volunteers