Smart Phone Security
Your smartphone is really a miniature computer in your hand. It has pretty much all the same features and capabilities of your desktop including the ability to leak your private information. Perhaps more so depending on your choice of apps.
It is far easier for you to lose your phone (and all it's data) than it is to lose your desktop so risk is even greater.
Many of the same options used to protect your desktop are also available in some form for your smart phone.Given how much and how often we rely on our portable devices, it is little wonder that your phone may hold more sensitive information than your desktop.
- Banking apps.
- Your cell account.
- Your email contacts
- Your name and address
- Via GPS where you are and where you have been.
- Who you called and when
- Who you text and what you said
In our article on VPN services, you may learn that many of these same providers offer VPN for your smart phone as well. VPN on your phone does two things for you, It prevents your carrier from knowing and sharing what sites you visit and it encrypts the actual data between your phone and the VPN server. Consider this a MUST HAVE.
Some other functions you should enable.
Password protection. Requires you to enter a password to access your phone. Should be your first line of defense. Many modern phones provide for fingerprint recognition. Use it if you have it.
TOR Browser: Yes the same TOR network is available on your smartphone. Used along with VPN you have the safest means to communicate online.
Data Encryption. iPhones tend to do this automatically, All Android devices can do this if you choose the option. If your device is lost or stolen or hacked, your personal data cannot be seen even if they remove your MicroSD card and insert it into another device. Modern encryption is powerful. Remember the problem between the Justice Department and Apple over getting the terrorists iPhone unlocked?
Remote Data Wipe. You can do this in iPhone or Android. If you report your phone lost or stolen you can have the data on that phone wiped as soon as the person who has your phone connects to the internet. Other associated options can help you find the location of your phone via it's GPS location.
Secure messaging apps. Your basic messaging should not be considered secure however there are third party apps that are very secure. While your recipient must typically install the same app, this should not be so hard for people you communicate with often. These have the added benefit of using data networks or wifi instead of your phone carrier so you do not need any bars to communicate provided you have a wifi connection available. ( almost every fast food chain now has free wifi )
Secure Email. One I highly recommend that is both online and via an app is http://tutanota.com. You can make a private email account without providing any personal information. All content is encrypted. If you send to another user the channel between you remains inside their encrypted system. If you send email outside you are offered the option to apply a password which will be needed for your recipient to view your message on their encrypted server. If you choose to do this we suggest you create your original account while using both VPN and TOR to achieve maximum anonymity. When connecting on your device use your VPN.
Antivirus and Anti Malware. Your phone can be compromised by malicious software just as can your desktop. Desktops become vulnerable to downloads or email attachments. Your smartphone can become a target when using public networks and Bluetooth. Adding free protection is well worth the effort. Most of the same companies who protect your desktop offer a smart phone solution as well. Check them out.
Some thinks just require common sense. Don't share passwords. Make sure such functions such as Bluetooth and NFC are kept off except when actually needed.
Understand how businesses and banks will officially communicate with you. Some frauds start by asking for personal information. Don't give any information to anyone who calls you. If you think it may be legitimate just tell the caller you will call them back at their official phone number to conclude that business. The back of your credit cards will have the official phone numbers in this event. No bank or other legitimate business will ask you for a password. They don't even know that that is.
We all love the Play Store and the huge selection of apps to choose from. But consider this:
( as an extra precaution you may wish to download the app and install in it's "original" form such that Google may not even have a record that you installed the app. A good site to obtain these .APK versions is APKPure.com Also consider F-Droid for an alternative to PlayStore.
First among your individual obligations should be to read the fine print and abserve what permissions you allow each app to have with respect to accessing your personal data. Do they want access to your contacts? If it is a contact manager that makes sense but an image or gallery app should not need that informaton. A camera app may ask for but should not be entitled to your location unless you wish to have all of your photos tagged with where and when each pic is taken.
Does an app claim to be anonymous then ask for your phone or email? Doh? How is that anonymous? Never mind that you may never know what kind of information is being collected by any app.
You must realize that a smart phone may be the worst choice you can make for private communications unless you are knowledgable in taking precautions. If you must communicate by text use a secure encrypted text app such as Signal. Voice may be safe using an similar option and then try to use a WiFi connection over VPN where possible. Put your cell in airplane mode then turn WiFi only back on. Make sure your GPS is off.
TOR is also available via an app.
But always keep in mind no matter what you do on your phone each phone has a unique ID, a one of a kind stamp of it's identity unique in the world. Many who must avoid disclosing their communications such as journalists, dissidents, whistle blowers etc. often consider purchasing a "burner" phone at some location, (paying with cash!) far remove from their home base and register a phone number in that remote location. It just ads one layer of anonymity to your work.
If you are being watched by a nation-state everything you do is being recorded, tracked and tagged. Everyone else? You are likely being recorded as well but just stashed away in a vast database to be forgotton until such time you become a "person of interest".
This does not just apply to governments who wish to look over your shoulder. Corporate America ( and China, Korea or anyone else with a profite motive ) may love to know what major corporate types are talking and texting about..