Smartphones have undoubtedly become a central hub of many people’s daily lives. Beyond simply texting, calling or gaming, we’re now using them to make payments and navigate from place to place. Consequently, enormous amounts of personal data is collected, stored and transmitted, even when we’re not using the phone.
Considering the diversity of information obtained via smartphones - GPS location, social media chat history, photos, calendar entries, text messages and call logs – it’s no wonder that many third-parties are eager to get their slice of your data.
What if just a portion of this data fell into the wrong hands?
Besides advertising or marketing agencies, hackers and snoopers could potentially steal login credentials to corporate accounts, or inflict damage across the entire IT infrastructure through malware, phishing exploits or ransomware.
A social engineer could easily go undetected as they forge their way into your personal or business accounts, taking control to steal or inflict lasting damage to people or companies (read how easily social engineers hacked Mat Honan’s life). Social engineers hunt for the finer details of a person's life, not simply their data-of-birth or home address. Your likes or dislikes and other preferences can be used to build a character profile of you, enabling the attacker to mimic you, and skirt around any security measures to get what they want.
A careless approach to smartphone security leaves the gates wide open for attackers to exploit, steal, and cause damage to individuals, businesses, and nonprofits. We all should endeavor to learn and maintain our cybersecurity knowledge to prevent such attacks.
What can every smartphone user do to protect their device?
Fortunately, mobile users still have plenty of control at their fingertips. Here are some recommendations and solutions to boost your digital defenses:
1. Change your mobile habits
Individuals, employees, and CEO’s should assess how they use their phone, identify where their vulnerabilities exist, and consider how to prevent or mitigate the impact that data leaks could have on their lives or business.
For example, it may be wise to refrain from overwhelming your calendar app with future meetings, names, dates and times, to avoid revealing too much about your personal life. You could also begin by limiting the amount of apps you use, or dedicate a phone for business use only.
When browsing, choose a browser such as Ghostery which supports your right to privacy. Another option is Tor Browser, which is especially useful for browsing text-based websites where no log-ins are required.
Finally, make sure to only download apps from trusted app stores, like Google Play, iTunes and Amazon, and avoid downloading apps via third-party websites no matter how legitimate a site looks (tip: learn how to spot inauthentic URLs).
2. Use a professional VPN service
Many VPN providers offer fast, reliable apps for both android and iOS. It’s best to avoid free services as they’re often slower and rely on advertising revenue which actually puts your data at risk – the very outcome you’re trying to avoid.
A VPN works by encrypting internet traffic and tunneling it to a remote server of your choice. You can mask your true IP address giving you more privacy when you browse. Most websites and services will be unable to ascertain your true location (if they don’t already have access to your GPS location).
Furthermore, if you choose to connect to WiFi networks, other than your home or office, then a VPN becomes crucial to secure your activities from hackers who exploit public WiFi networks. Many public networks are insecure as they’re not only unencrypted but some may be illegitimate. WiFi spoofing is a method used by hackers to trick users into thinking they’re connecting to a genuine network. Once connected, an attacker can phish for personal details, such as bank account credentials, often without the user being aware until it’s too late.
3. Revoke app permissions
When installing new apps, you’re often greeted with the option to approve or deny apps to access certain functions and areas of your phone. If you have many apps already installed, some may already be gathering data unnecessarily.
Does that free flashlight app really need to access your contacts, messages or photos?
It may be cumbersome, but spending the time to sift through each permission will greatly enhance your privacy.
We all know how convenient and a time-saver Google Maps can be; however, not every app actually needs to know the GPS coordinates of where you are in order to function. It’s a good idea to take the time to revoke any other apps that are requesting your GPS coordinates.
Even personal photos taken via the smartphone camera can contain the GPS location of where the photo was taken. It’s very easy for snoopers to extract this piece of metadata, but it’s also very simple for users to opt-out by making sure it’s switched off via the camera settings.
4. Use a passcode for your lock screen
It may be surprising to hear that many people still don’t use a password to secure their lock screen. If their phone is lost, a thief can access everything from files, photos, social media accounts and gain access to any website or service in which you’ve chosen to remain logged in.
It’s best to choose a strong passcode, or password with letters, numbers and special characters. Avoid using a pattern password as anyone can observe the pattern and memorize it better than a password - even smudge marks on the phone can give it all away.
5. Use apps that offer encryption
Many popular messenger services aren’t particularly respectful towards user privacy, such as Facebook Messenger. Other services such as Telegram, Signal, or even What’s App offer end-to-end encryption so that only the sender and recipient can decipher each message.
When it comes to storing files, there are apps that allow users to create encrypted folders such as Veracrypt, or Coverme. This further helps protect information from prying eyes and prevent thieves from accessing data if your phone is lost or stolen.
6. Turn off Bluetooth
Bluetooth can offer hackers direct access into your device. These man-in-the-middle attacks can involve a hacker taking over a device, inserting malicious code, or extracting personal data. It can also be used to track your location as it comes into contact with other Bluetooth devices.
Ensure that this function remains off when not required and keep your phone’s firmware and apps up-to-date.
7. Use anti-malware and anti-virus protection
The threat of malware for smartphones exists just as much as it does for PCs. Therefore, ensuring your phone stays clean is paramount to keeping your data secure.
Of course, your knowledge and awareness of these threats is the first line of defense in preventing attacks. Be cautious of links sent from unknown senders and always check the URL of a link before clicking.
8. Use find my phone feature and remote wipe
If the worst thing happens and you lose your phone, there’s one last trick in the book that can save your data literally falling into the wrong hands. The Find My Phone feature (available for iOS and Android) can help to locate the whereabouts of your phone. And in the event that you’re concerned that it’s been stolen, you have the option to remotely wipe all your data before a thief manages to break in.
Many people are still unaware of just how vast and expansive data collection and processing has become. From marketers and advertising agencies, to governments and intelligence agencies, there’s always a third-party with a vested interest in your personal information.
It may not be possible to completely prevent the collection and analysis of our data; however, learning and taking action is crucial to strengthening our online security and maintaining our right to privacy.
About the Author
Naomi Hodges is a cybersecurity advisor and a contributing writer at Surfshark. She specialises in network security, virtual private networks, and privacy-related issues. At work, she’s busy fighting for a safer internet and pushing privacy agenda forward, as well as helping a broad range of client shape and refine their security efforts. Naomi is an engineering professional holding a Bachelor’s degree with a focus on information security from the University of Reading.