Smartphone infections are on the rise as the global population continues to adopt wireless communications. Smartphones carry a considerable amount of personal data of their users, which hackers and cyber criminals can steal when given the chance. Regardless of which type of OS your phone runs, there are some general steps you can take to ensure it is protected from online threats.
These steps can be key to securing your personal data and keeping you and your family safe.
General Steps To Secure Your Smartphone
Run Operating System Updates
If your phone is showing popups or notifications telling you to update your operating system, do not wait. Get the OS update as soon as possible, as the OS makers are rushing them out to keep your system protected against new threats. Operating Systems that are even mildly out of date can have security holes that are vulnerable to hackers.
Install Smartphone Security Software
There are some quality security apps out there that users can find by following specific online recommendations from trusted sources. Select apps from trusted security companies that have positive reviews. Apple has made the iOS software more secure than Android, so these are less vulnerable to hackers. However, built in OS security measures may not be enough to stop all threats so adding an app secficially designed for system security is recommended.
Choose pass codes that are long and complex enough to be hard to guess, but also not too hard to remember. Make sure to write them down and do not store them in a file on your system. Have them printed or written out and stored in a special place, such as a file drawer. Also, fingerprint security may not be completely secure, as thieves can take them from anything you have previously touched, such as silverware. So, make sure your phone requires a pass code to use at all times and all locations. And always utilize all available screen locks on your phone, as each additional one increases your phone’s protection level.
Never let anyone see your passwords or your list of passwords. Keep them secret and private at all times. Never use any kind of auto-login for your devices. Always use passwords and never use the same ones from account to account, make them each unique.
Change Your Passwords Regularly
Do not let your pass codes stay the same for eternity. Change them at least every so often. Use passwords that are not easy to guess, such as birthdays. Also, avoid complete words, especially those that have important significance to you that a hacker could find on the internet. A password manager could be useful if you have trouble storing or remembering them. Do not keep a file of your password on your computer that a hacker could find and use.
Manage Your Apps
Hackers can probe for security weaknesses in apps and once they find one, they can break into smartphones to steal user’s data. Make sure to remove any apps you do not use often enough to justify them being on your phone. Older apps can be infected by malware and may be running in the background.
Also, keep any remaining apps you use updated by using the settings of your phone and setting up auto-update for apps.
If any app has a login, remember to always logout of that app when finished using it. Also, do not download any apps from a questionable app marketplace. Stick to using apps only from iTunes, the Apple App Store, or Google Play.
Review Apps Prior To Downloading
Only use online app marketplaces that are highly vetted and have strong reputations for security. Apple’s App store is very good at vetting its apps, possibly more so than any Android marketplace. So, Android users need to be extra cautious in this regard.
Lock Your Phone
Smartphones should have auto-lock functions that run when a phone is unused for a certain amount of time. You can change the duration and secure it using a strong password. Make sure to use all available security measures, such as passwords, fingerprint scans, and swipes. Use the longest password you can, as each extra digit will increase protection. Any important financial apps, such as for banking or investments should have
strong and hard to crack pass codes.
Be Wary of Unsecured Or Public Wi-Fi
Public wi-fi is a great way for coffee shops and hotels to make guests comfortable and enjoy their experience. However, these can be unsecured and easy for hackers to access user’s laptops, phones and tablets. Never enter passwords into sites while using public Wi-Fi. If you need web access, use your phone’s data plan which provides much better protection. Also, make sure Bluetooth is not turned on when in a public setting or close to other devices as there are specific Bluetooth threats that exist.
Using a Virtual Private Network (VPN) is an increasingly used method of accessing online information for both professionals and home users. This can encrypt your wireless data flow while it is in use. Some phones have a VPN already installed, especially those provided by employers. VPN apps exist and are fairly inexpensive. They are also great for use in areas where many people congregate, such as malls, hotels, and apartment buildings. Disabling your phone’s cellular data can also protect you when you do not need to use it. Always check any connection you are using for a lock icon shown next to it. If it does not have one then it is not secure.
Erase The Data if Your Phone is Lost Or Stolen
If your phone is not secured, then losing it can cause it to be open to theft. Make sure you know how to locate your lost phone using another device and to delete any data on it. Any used phone you want to sell should have it reset to factory settings and all storage cards and SIM card removed. Double check the phone to make sure any important information is not still stored on it. This brings us to the next step.
Learn How To Remotely Control A Lost Phone
Always keep your phone with you everwhere you go. But phones can easily be lost or worse stolen. It is possible to take control over your phone and erase its data if it is lost or stolen. Check with your phone’s settings, device manager, or through the cloud to use this option. If your phone is lost, immediately use this to keep any hacker or theif from stealing your data.
Watch Out For Smishing
Smishing is a form of phishing that uses text or SMS messages to trick users into giving up personal information. If you get a text message from an unknown source that directs you to a site to enter information, delete it or just don’t respond. As text messages have become popular amongst smartphone and device users around the globe, smishing has increased as a online security threat. Social engineering scare tactics can be used to entice users to click on a text link, so be wary and don’t fall for them.
Be Careful Giving Out Your Phone Number
Do not freely give your phone number online when asked for it on websites. Use alternatives like a second phone line or online voice services when contacting companies. Also, avoid those form sections that ask for phone numbers if possible.
Don’t Charge Your Phone on Public USB Ports
USB charging ports are open to hackers to use to steal phone user’s information. These include those at airports and cafe’s. Buying a portable battery pack for travel is recommended and can store multiple complete charges.
Don’t Share Data On Social media
Do not put in too much personal data on your social media accounts that could be used to find you or uncover your passcodes. This includes family, address, and even favorite hobby information. Hackers are sophisticated and know tricks to turn your information into ways to break into your phone. Also, avoid opening any emails from unknown sources on your phone.
Steps For Android Mobile Security
There are several ways to get viruses and malware on your Android phone, as well as ways to protect your phone from them. Considering smartphones have become an integral part of our daily lives, we store a lot of confidential information, such as passwords and credit card details, on them.
Built-in security protections on Android phones will help prevent malware or virus infections, but they are not capable of stopping all attacks.
Hackers and cyber criminals use viruses and malware to break into Android phones primarily to make money from data theft. iOS devices are less likely to be hacked because of the strong security protections Apple has designed for them. Hackers know this, so direct most of their attacks to Android based phones and tablets.
Here are easy to enact security steps you can take to prevent hackers from breaking into your Android phone.
Review Everything On Your Smartphone
Review all apps, emails, text messages, photos, videos and contacts and remove those that look suspicious or are no longer needed. This will give you a sense that your phone is clean and you are under control of it, along with keeping it organized and freeing up storage space.
Keep Android Updated
Keeping your Android OS updated will go along way in protecting it from online threats. Android users will get updates when they are available to run via notifications from Google. You can also check for updates if you have accidentally deleted the notification.
Running Android updates is easy. A notification will appear in your screen when one is released. Open it and tap the update.
To run updates after deleting the notification:
- Open the Settings app on your phone.
- Tap System Advanced -> System -> update located at the bottom.
- Your update status will be shown. To continue with the update, follow the steps.
Use An Android Spy Application
Android Spy apps are very useful for tracking activities on your phone, including potentially dangerous ones. This includes tracking emails, texts, and social media activity. If someone is sending messages from your phone, a spy app can trace their activity. You can find several good Android Spy apps online, such as Hoverwatch and Highster Mobile. Make sure to review them before downloading to make sure they are what you need, and only download from trustworthy sources.
Get The Most from Your Android Phone’s Security Settings
Android phones and apps have many ways to stay protected from threats, which you can use. These include a PIN, finger and facial recognition, and two-step authentication. Make sure to cover as many bases as possible by using as many as you can.
How to setup a screen lock PIN (Personal Identification Number) in Android:
- Go to the Settings icon in your screen, or slide down the top menu to see the notification shade. The Settings cog is on the top right.
- Scroll down to the Personal section of the Settings list.
- Tap on Security.
- Tap on Screen lock.
- Tap PIN. This will provide prompts to set it up, which should only take a few minutes.
Your PIN is not totally secure from a thief. It can be found by checking the finger smudges or streaks on the display. On the other hand, a PIN is theoretically more robust than a password, unless you’re using a jumble of letters and numbers for said password. There is no way to totally prevent PIN theft, but having some form of security is much better than not having any security at all.
How to setup Finger Recognition in Android:
This depends on which Android smartphone you have. As older ones may not have this capability.
The fingerprint scanner will allow users to unlock their phones or devices without needing a passcode or PIN. All they need is to slide or tap on the screen using the finger they used to setup the scanner.
For Samsung Galaxy smartphones and Note tablets:
- Find and open the Settings menu by tapping the Settings Cog.
- Locate and open the Finger Scanner.
- Setup a fingerprint using the Fingerprint Manager in the Finger Scanner menu list.
Now you can use your recently set fingerprint to unlock your phone when you power it on. Just swipe down on the home button and the phone will go to the home screen if successful.
How to setup two-step authentication in Android:
This is also known as two-step verification or just 2FA. The way to set this up is by using a 2FA app such as:
- Google Authenticator
- Microsoft Authenticator
- LastPass Authenticator
- Duo Mobile
Google Authenticator is a favorite amongst Android users and can increase the level of security to your phone and accounts. If you enable this for your accounts, this app will provide authentication codes. There are other benefits as well for services not tied to Google.
Once two-set authentication is setup, having your password will not be enough for a thief to get into your phone.
Use Locks On Your Apps
Android phone passwords, even the most complicated, do not provide complete protection from hackers. Individual apps often have the option of using passwords also. Some apps are specifically designed to protect your phone by locking other apps, and you can find these on the Google Play Store.
Be Careful of App Downloads
Apps available on the Google Play Store will have information about which information and data it will have permission to access. Make sure to read these permissions to see if it will use more of your phone’s hardware and data than you are willing to allow, such as the keyboard or video camera.
Utilize Android Device Manager
You can download Android Device Manager from Google Play which can help you find a lost or stolen phone, reset factory settings, and manage apps.
Install An Android Phone Antivirus App
Many people are surprised that their cell phones can get viruses or malware, but its true. Fortunately, quality Android antivirus apps are available for download from trusted sources. These can play a large role in protecting your device, which today can store most of a user’s personal data. Run daily scans and manual scans whenever needed. These apps can do a good job of detection suspicious activity and quarantine any viruses or other threats. Some apps are also designed to block web-based threats, similar to firewalls.
Here are some Android antivirus Apps available for download:
- McAfee AntiVirus Plus
- Bitdefender Total Security
- Webroot SecureAnywhere Internet Security Plus
- AVG Internet Security – Unlimited (2017)
- ESET Multi-Device Security Pack
- And More
Most antivirus apps also include cross-platform support, so they will work on other devices and those that run Windows and Mac OS. Added features include:
- Contacts backup
- Battery monitor
- Unsecure connection warnings
- Device distance warnings
Never Root Your Device
Rooting can help you break out your Android phone, similar to iPhone jail breaking. But this is not recommended because it can make your smartphone exposed to hackers and other threats. New Android phones are much better and have more capabilities than previous versions, so rooting will not necessarily provide anything extra for most users.
Steps For iOS Mobile Security
iOS devices are more secure than those that run Android when it comes to preventing malware and virus infections. This is due to Apple’s strict “walled garden” approach to its app ecosystem. Apple’s iOS source code is not available to app makers and iOS users cannot alter the code on their own devices. This makes it harder for hackers to identify weaknesses in iOS-run devices. However, it is still possible for cyber criminals to break into iPhones or iPads, and Apple shows no plan of releasing its own security apps in the near-future. So, taking specific measures to increase your iOS device security on your own is recommended.
Keep iOS Up-to-date
Just like Android phones, iPhones, and iPads that run iOS need continuous updates to keep the OS secure against the newest online threats. When a new update for iOS is released, it is recommended to immediately run the update. Turning on auto-update is also a good idea for iOS users. This is perhaps the most important thing an iOS user can do to stay protected from malware, stalkerware, and viruses.
For more information, read our post Ways To Prevent Smartphone Data Leaks.
Have a Strong Passcode
The stronger the pass code, the more likely your iOS device will be protected from a hacker or thief from breaking into your phone and stealing your data. Try to use pass codes of at least 6 characters in length that no one else knows but you.
Use Two-Factor Authentication
Two-Factor authentication for iOS will add an additional layer of security for your Apple device. This will require a six-digit temporary text code given by Apple whenever you sign in from another device, along with entering your Apple ID. Activating Apple’s two-factor identification is quite easy and is done via your iPhone’s settings. De-activating two-factor authentication requires a little more effort for the purpose of maintaining security.
For more information, read our post What Is Two-Factor Authentication?
How to setup two-factor authentication for iOS
Devices using the latest iOS, iPadOS, and macOS have the option of two factor authentication. This works the Apple ID accounts used to access these devices. You can follow these steps on your iPhone, iPad, or iPod touch to turn on two-factor authentication.
If you’re using iOS 10.3 or later: (2017 to present):
- Go to Settings
- Tap your name
- Find and tap Password and Security
- Tap Turn on Two-Factor Authentication
- Tap continue
If you’re using iOS 10.2 or earlier (before 2017):
- Go to Settings -> iCloud
- Tap your Apple ID -> Password and Security
- Tap Turn on Two-Facotr Authentication
- Tap continue
- Answer any Apple ID security questions that appear
Enter and verify the chosen phone number
Verification codes will be sent to the phone number of your choosing. You have the option of receiving them by text message or automated phone call.
When you receive a code, tap next and Apple will send it to the phone number you have registered.
Enter the verification code to verify your phone number and this will complete the two-factor authentication process.
Use Non-App Store Tools to Check for Malware
If your iPhone is showing signs of malware infection and this is causing you worry, there are alternative apps appearing that can help you detect them. Apps such as MobilEdit are not from the App store and can provide phone content management and investigation.
Turn on “Find My iPhone”
This is very useful if you tend to lose things or are at risk of having your smartphone stolen. This also has an option of sending the location of an iPhone after the battery runs out. You can use another Apple device, Mac, PC, or using the web to find the location of your phone. This also allows for wiping away your personal data remotely so a hacker cannot get to it.
To activate just follow these steps:
- Open Settings
- Tap your name or picture at the top
- Then tap iCloud
- Locate Find My iPhone by scrolling down and tap on it.
- Check that the Find My iPhone toggle is the color green
- If you have iOS 13, then activate Offline Finding to locate it and erase its data when it is turned off.
To erase iPhone data remotely after it is located with Find My iPhone, use these steps:
- Log in to the Find My App or on iCloud.
- Find Devices, then tap.
- Select your iPhone.
- Choose Erase iPhone and give confirmation.
Turn on Auto-wipe
If anyone steals your iPhone and tries to enter guess your passcode, this option will automatically wipe all your phone’s content before the hacker can get it. However, it can also be dangerous for anyone who forgets their own passcode and tries to enter it too many times. Thus, it is recommended to have an automatic backup on iCloud turned on just in case if you want to use this option.
Deny App Permissions
You can always delete an app if you are worried it may be dangerous to your privacy. Just go to the Settings > Privacy of your iPhone and toggle any permissions you want removed. You can even turn applications off completely as well.
So, if an app asks for you permission to use parts of your iPhone’s hardware that can compromise your security, choose to deny it.
Share Images Without Location Data
Image metadata can reveal the location it was taken in. iOS 13 allows for choosing to not have images share this data. You can do this when you share the image by using Options for the image and deselecting the button next to Location.
Evade Photo Leaks on iCloud
You photos are also at risk of being exposed on the internet, as has happened to some famous people online. Using two-step authentification is one way to help prevent this.
Siri can be very helpful, but hackers can bypass it to steal personal information. It is possible for a thief to work around Siri’s verification to bypass the iPhone password and access a user’s data. It might be a good idea to disable Siri when in places your iPhone could be stolen and turn it on in a more secure environment. You can use the iPhone Settings to turn Siri off.
Steps to Turn Off Siri Using iOS 11+ and iPadOS:
- Open Settings -> Siri & Search.
- Toggle Off ‘Listen for “Hey Siri”.’
- Toggle Off ‘Press Home for Siri’ or ‘Press Side Button for Siri.’
- Toggle Off ‘Allow Siri When Locked.’
A popup declaring all information used by Siri for your requests are removed from Apple’s servers. Also, turning Siri off on your iPhone will turn Siri off on a paired Apple Watch.
If you decide to turn Siri back on at some point, it will take some extra time to resend your Siri request information.
Disable Password Auto-fill
Auto-fill with Apple’s Keychain is a convenient way of remembering login information for the websites users visit, such as banking and shopping. However, auto-fill can leave you vulnerable to a hacker stealing your logins. So it is recommended to disable this for added security.
Be Selective With Touch ID And Face ID authentication
Decide how you want to use passcodes versus using Touch ID or Face ID. This can take sometime to decide whats best in practice, but keep security in mind when choosing which one to use.
Try Third-Party Password Managers
These can be very useful for keeping passwords safe, while not having to remember them. Some third party password apps include Dashlane and LastPass. These can even keep your passwords for access on different operating systems across devices.
Control Locked Device Access
You can decide how much of your iPhone’s contents are available once it is locked. Some of these include:
- Today View
- Notification Center
- Control Center
- USB access
- Reply with Message
- Home Control
- Locking down some or all of these can increase your device security and data.
Setup 10-Attempt Passcode Protection
iOS allows for deleting your iPhone’s data once a password has been attempted 10 times consecutively. If a thief tries to guess your passcode and fails after 10 tries, your data will be wiped away.
Steps to setup 10-attempt passcode failure and erase data in iOS:
For iPhone X and later:
- Go to Settings
- Tap Face ID & Passcode
- Turn on Erase Data
For other iPhone and iPad models:
- Go to Settings
- Tap Touch ID & Passcode
- Enter passcode
- Turn on Erase Data (near bottom)
This option can be reversed at anytime.
Reduce the Lock Screen Timeout
Your iPhone or iPad will require a passcode or other authentication faster if you decrease the amount of time it takes for the screen to lock. This can make it harder for a thief to get into your phone.
Also, setting a shorter lock screen timeout will not just benefit your iPhone’s security. It can also increase battery life. However, setting the lock screen time too short may cause frustration. Then you will have to enter your passcode more often.
Steps to change auto lock screen timemout in iPhone and iPad:
For iOS 10, iOS 11, iOS 12:
- Go to Settings
- Display & Brightness -> Auto-Lock -> Set time interval
- Set the time in seconds or minutes
Enable Touch ID / Face ID and passcode on screen lock:
- Go to Setting
- Touch ID & Passcode -> Enter passcode -> Require Passcode -> Choose interval
For iOS 9, iOS 8:
- Go to Settings
- Tap General -> Auto-lock
- Set desired time interval
You can also choose to never use anto-lock by choosing the Never option.
These settings should last until you change them again. Just follow the same steps to adjust the lock timeout settings in the future.
Disable Face ID / Touch ID
Disabling Face ID / Touch ID forces iOS to require the use of a passcode. Although Face ID and Touch ID are handy, they are less secure than if combined with a passcode. This is due to the limited legal protections covering biometric data. Also, smart thieves can still get around your fingerprint or face scan.
Steps to turn off Face ID / Touch ID for iOS:
For temporary disabling of these unlock features:
Quickly press the power button five times. This will temporarily disable bio-metric unlocking. At this point, the only way to unlock your phone will be to enter your passcode.
To temporarily disable these on iPhone 8, 8 Plus, or X:
Press and hold the power button and press one of the volume buttons at the same time.
Steps to disable Face ID or Touch ID and still use a passcode:
- Go to Settings -> Touch ID & Passcode
- Enter your passcode
Turn off “Use Touch ID For” settings including:
- iPhone Unlock
- Apple Pay
- iTunes & App Store
On iPhone X, do these in the Face ID & Passcode page.
This will then require a passcode to unlock your iPhone, purchase on iTunes, the App Store, or use Apple Pay. Requiring a passcode provides the best security, as thieves can get around Face ID or Touch ID.
Create a Recovery Key
In 2015, Apple began moving to two-factor authentication. with newer versions of iOS. This will no longer use a recovery key.
However, you can create a recovery key while moving from two-step verification to two-factor authentication. This key will be necessary to reset your password when signed in with Apple ID.
How to generate a recovery key with Two-Factor Authentication:
For iPhone, iPad, or iPod touch:
- Go to Settings -> Enter your name -> Password & Security. An Apple ID password may also be required.
- Tap Recovery Key.
- Slide to enable Recovery Key.
- Tap Use Recovery Key.
- Enter your device passcode.
- Make a copy of your recovery key and store it in a safe place.
- Enter your recovery key to confirm it on the next screen.
Its possible to generate a new recovery key from Settings or System Preferences.
Reset your Recovery key:
- Go to the Apple ID account page.
- Log in and validate the session as prompted.
- Click Security
- Click Edit
- Click Replace Lost Key
- Follow the proceeding steps.
Again, store your recovery key in a safe place so you do not lose it.
Turn Off Unneeded Widgets
Locked iPhone’s can still leak data through widgets that are enabled. Disable the widgets you do not find necessary to keep this minimized.
What are widgets?
Widgets show information from apps you have on your iPhone or Tablet.
How to see your widgets:
First you need to access Today View:
- Start at the Home or Lock screen
- Swipe right to the edge of the screen
- This will open the Today View
- To go back to the Home screen, swipe left to the edge of the screen
Today View will list widgets corresponding to the apps you have installed. These provide information from each app, so you do not have to tap the app and open it. For example, the Siri shortcuts app has a widget that provides your favorite shortcuts in one list, so you do not have to open the app over and over again.
How to turn off widgets:
- First go to Today View
- Scroll to the bottom of the screen
- Tap Edit
- Tap the minus circle to remove a widget
- Tap Done
Manage App Location Sharing
Some apps will share your location making you susceptible to tracking. Manage this buy selecting what apps do with your location data.
Optimize Safari Browser Security
Apple Safari Browser has several security customization options. If this is the browser you use most on your iPhone, it is recommended to optimize Safari security by choosing such options in its settings.
Get iOS Antivirus Software
Although iOS run devices are less at risk of hackers or malware infections, there is still a small possibility this can happen. To minimize this chance, download an effective antivirus program and install it on your iPhone or iPad.
Some good iOS antivirus apps include:
- Trend Micro Mobile Security
- Avira Mobile Security
- McAfee Mobile Security
- Webroot SecureWeb Browser
- Lookout: Security and Identity Theft Protection
Most of these you can download at the Apple App Store.