Online security is an ever-evolving subject as it relates to our mobile devices. Threats to mobile devices are more prevalent and increasing in scope and complexity. This best practice user guide outlines the steps to better protect your personal devices and information.
1) Disable Bluetooth
Bluetooth is enabled by default in many devices and therefore it’s advisable to keep them switched off when not in use. Disabling Bluetooth will reduce your attack surface area, and save up on your device’s battery usage.
For iPhone users using iOS 13 and iPadOS 13, an app must ask permission to use Bluetooth functions except to play audio to a Bluetooth device, which doesn’t require permission. You can change your device’s Bluetooth permissions from Settings > Privacy > Bluetooth.
2) Maintain Physical Control
You should never share your passwords with friends or strangers, even if they seem trustworthy. No matter how many times someone requests your password from you, it is always in your best interest to refuse. Additionally, keep an eye on any links or OTP (one-time passwords) that require you to enter as login information in order to access certain content.
3) Consider Using a Protective Case
There have been rumors and theories that social networking apps eavesdrop through your phone’s microphone, listening in on conversations to better target ads to you.
Latest in the list is Pegasus spyware developed by the Israeli cyber arms firm that can be covertly installed on mobile phones (and other devices) running most versions of iOS and Android. The 2021 Project Pegasus revelations suggest that the current Pegasus software can exploit all recent iOS versions up to iOS 14.6.
Some people tried to install tapes to cover the camera lens of their phone but that’s insufficient to stop audio recording.
Consider using protective cases that drowns out mic inputs and block room audio. A hot-milking attack takes advantage of these characteristics, which often allow attackers to listen to conversations near their targets without them knowing it.
4) Consider Using Phone Vaults
Over millions of people trust Vault apps to lock & hide private photos & videos with high-security encryption. These vaults can also backup your secured data on the cloud thus ensuring that you still have full control of your data even if you lose your mobile device. Vaults have a premium membership fee and it’s worth each penny to invest in such apps.
- Vault for iOS – https://apps.apple.com/us/app/vault-hide-photos-videos/id513852898
- Vault for Android – https://play.google.com/store/apps/details?id=com.netqin.ps&hl=en_IN&gl=US
5) Use Strong Passwords
Users should set their device to lock automatically after 1-2 minutes, make sure they have strong passwords/pins on their lock screen, and update them regularly. Avoid passwords i.e., data of birth, car registration number, social security number, etc which are easy to guess. Avoid pattern passwords since they are easier to crack.
Consider enabling Two-Factor Authentication. This acts as a second layer of security when you’re signing in to your device.
6) Update Software & Apps Regularly
No matter you’re using an Android or iOS-based device, it’s recommended to update the device software and apps as soon as possible after any new release. The latest version will contain security enhancements from previous versions in order to combat vulnerabilities that may have been discovered. Software updates also include any patches, which are fixes for glitches or other errors found. Set notification alerts for software updates in case you are not comfortable enabling the auto-download & install update feature in your mobile device.
7) Use Biometrics Authentication
Smartphones these days can store one’s unique fingerprint or face scan data in the device. If someone else tries to access data or activity on that device, they will be blocked from doing so if they are not in possession of your biometric scan. Avoid adding biometric data of your friends & family members to your device.
8) Avoid Public Wi-Fi networks
Do not connect your devices with public wi-fi networks, such as coffee shops, airports, etc. Connecting to public wi-fi networks can help cyber criminals intercept sensitive information, steal passwords and even commit fraud. The best practice is not to connect at all or use VPN softwares like ExpressVPN, NordVPN, Cloudflare WARP+, Speedtest VPN while using the Internet through public wi-fi networks.
9) Check App Permissions
Apps like Google Maps, Waze might require ‘location’ permission to be enabled for the app to work properly but the location permission might not be required for a fitness app. Apps like Facebook may require access to your photos & videos to upload content whenever you’re posting an update but it does not require ‘microphone’ permission unless you like the dictate option rather than typing.
Open the Settings app, tap Privacy, and tap each of the categories to see which apps have access to what.
10) Install Apps With Care
Apple App Store, Google Play, or Amazon Appstore shows information about the total number of times a particular app has been installed. This can help you understand if a mobile app is popular or not. I would personally download apps that have already been downloaded by 1M+ users. App stores generally keep a close eye on all the apps available on their platform.
Certain Android users tend to download the App setup file (APK file) through third-party sources and install the app directly. This can be dangerous and should be avoided at all times.