A smartphone is the most widely used electronic device in daily life for many of us. The days of mobile phones being mainly used to call someone or send a text message are long gone – now, they operate as portable computers, with a vast array of apps for everything from social networking to online banking. The extent to which we rely on our phones, plus the amount of data they contain, means that phone security is crucial.
As our reliance on mobile devices has increased, so too have mobile security threats. Read on to learn more about phone security and how to protect your phone.
Mobile phone security threats
Some of the main phone security threats include:
Malicious apps and websites
Mobile malware (i.e., malicious applications) and malicious websites can achieve the same aims – such as stealing data and encrypting data – on mobile phones as on traditional computers. Malicious apps come in different forms – the most common are trojans that perform ad and click scams.
Mobile ransomware
Mobile ransomware is malware used to lock users out of their mobile device and demand a ransom payment, usually in cryptocurrency. The increased use of mobile devices for business has made ransomware a more common and damaging malware variant.
Phishing
On desktop or laptop computers, most phishing attacks start with an email that includes a malicious link or an attachment containing malware. However, on mobile devices, emails account for only 15% of phishing attacks. Most mobile phishing attempts occur via SMS messaging, social media, or other applications.
Man-in-the-Middle (MitM) attacks
Man-in-the-Middle (MitM) attacks involve an attacker intercepting network communications so they can eavesdrop on or modify the data being transmitted. While this type of attack is possible on different systems, mobile devices are especially susceptible. Unlike web traffic that typically uses encrypted HTTPS for communication, SMS messages can be easily intercepted, and mobile applications may use unencrypted HTTP when potentially sensitive data is being transferred.
Jailbreaking and rooting
Jailbreaking and rooting refer to gaining administrator access to iOS and Android mobile devices. Mobile users may jailbreak or root their devices to delete unwanted default apps or install apps from untrusted app stores – but doing this carries risk. Increased permissions can enable attackers to access data and therefore cause damage.
Spyware
Spyware can collect or use private data without your knowledge or approval. Data commonly targeted by spyware includes phone call history, text messages, user location, browser history, contact list, email, and private photos. Cybercriminals could use this stolen information for identity theft or financial fraud.
Are iPhones safer than Android phones?
A common question in phone security is whether iPhones are safer than Android. A critical difference between the two is that iOS is a closed operating system, whereas Android is used by various manufacturers. This means that Apple doesn't share its source code, reducing the chances of attackers finding vulnerabilities in its system. Because of this, many believe that iOS is a safer operating system. Regardless, there's no way to be completely safe, even if you own an Apple phone – so understanding phone security and how to protect your phone remains essential.
Bear in mind that older phones are less secure than newer ones. For example, earlier iPhones no longer receive security updates. If you're using an old smartphone, upgrading to a newer model will help increase your phone security.
Smartphone security tips
If you want to know how to protect your phone, essential smartphone security tips include:
Keep your phone locked
If your device is stolen, the thief could obtain access to your personal information. To prevent this, it’s important to have a lock on your screen. Whether this is a passcode, pattern, fingerprint, or face recognition depends on your preferences and your device’s capabilities.
You can usually specify how long the phone can be idle before locking when enabling a lock screen. Choose the shortest amount of time to increase your phone security. You are protected because the screen locks automatically even if you forget to lock it yourself. It will also conserve your battery because the screen goes dark after a set period of inactivity.
Setting this up is straightforward. For most Android devices, you can find instructions within Location & Security Settings. For iOS users, check within the General options of your settings.
Create a strong password for your phone and apps
Create a strong password for your smartphone. If a password attempt fails a certain number of times, the phone will lock, disable, and in some cases even erase all data. Surveys show that many business users don’t change the default passwords on their mobile devices or use multi-factor authentication. Weak passwords can place an entire organization at risk.
It’s also a good idea to set strong passwords for your apps – this will make it harder for a hacker to guess them. Using unique passwords for each app will ensure that the hacker won't have access to all your information across the board if one password is discovered.
Be wary of text messages
Text messages are an easy target for mobile malware, so avoid sending sensitive data such as credit card details or important private information by text. Equally, be cautious about text messages you receive.
Smishing (phishing via text) and vishing (voice phishing that takes place over the phone) are popular ways to target mobile phone users. A smishing victim may receive a text message that appears to be from a business, prompting them to call a number and disclose secure account information to address an issue with their account. If you receive emails or texts which appear to be from a business asking you to confirm or update account information, contact that business directly to confirm the request. Avoid tapping links in unsolicited emails or texts.
Check your browser for the lock symbol
The lock icon in the browser's address bar indicates that you are on a secure connection and that the website you are using has an up-to-date security certificate. Look out for this when entering personal data such as your address or payment information or sending emails from your mobile browser.
Ensure your apps are from reputable sources
Always download apps from official app stores. Google and Apple test every app before it is allowed into the Play Store or App Store, which means downloading an app from an official store is less risky than obtaining them from elsewhere. Cybercriminals create fake mobile apps that mimic trusted brands so they can obtain users’ confidential information. To avoid this trap, read app reviews and check the developer's last update and contact information. These details should be available within the app information on the store. Deleting apps you no longer use or want is also good practice.
Keep your device’s OS up-to-date
From performance to security, mobile phone operating system updates are designed to improve your experience. To ensure a secure smartphone, it's essential to keep your mobile's operating system up to date. Operating system updates protect your device from newly discovered threats. You can check if your phone’s operating system is up to date by looking within About Phone or General and clicking on System Updates or Software Update (depending on your device).
Connect to secure Wi-Fi
Mobile devices allow us to access the internet wherever we go. Often, one of the first things we do when out and about is search for Wi-Fi. While free Wi-Fi can save on data, unsecured networks carry security risks. To maximize your safety while using public Wi-Fi, connect to a virtual private network or VPN. A VPN encrypts your data, protecting your location and keeping your information from prying eyes. Equally at home, make sure your home network is set up securely to maximize your safety.
Don’t jailbreak or root your phone
Jailbreaking or rooting your phone is the process of unlocking your phone and removing the safeguards that manufacturers have put in place so you can access anything you want. Users jailbreak or root their phones to access app stores other than the official ones, but this carries risk. The apps on illegitimate stores have not been vetted – which means they can spy on your phone and steal sensitive information.
Encrypt your data
Our smartphones hold a wealth of data. If your phone is lost or stolen, sensitive information like your emails, contacts, and financial information could be at risk. To protect your mobile phone data, you can encrypt it. Encrypted data is stored in an unreadable form so it can’t be understood. Most phones have encryption settings you can control via the security menu.
To check if your iOS device is encrypted:
- Go to the settings menu.
- Click on Touch ID & Passcode.
- You will be prompted to enter your lock screen code.
- Go to the bottom of the page – if your phone is encrypted, it should say “Data Protection is enabled.”
To encrypt an Android:
- First, make sure your device is at least 80% charged.
- If your phone is rooted, then unroot it before continuing.
- Then, go to Security and choose Encrypt Phone.
- If you interrupt the encryption process, or if you don’t charge and unroot your device, you could lose all your data. Encryption can take an hour or more.
Enable remote wiping of your phone
If your phone is lost or stolen, you can remotely clear your personal data from its memory. Provided you have previously backed up your data to the cloud, you don’t have to worry about losing that data. Learn more about how to erase your iPhone remotely and erase your Android device remotely on Apple and Google’s support pages.
Log out of sites after you make a payment
If you use your smartphone for online shopping or online banking, log out of the relevant sites once your transactions are complete. Don’t store your usernames and passwords on your phone, and avoid sensitive transactions while using public Wi-Fi.
Turn off Wi-Fi and Bluetooth when not in use
When you keep Wi-Fi and Bluetooth active, hackers can see what networks you have connected to before, spoof them and deceive your phone into connecting to Wi-Fi and Bluetooth devices that hackers carry around. Once connected to your phone, hackers can attack your device with malware, steal data, or spy on you – without you necessarily noticing. Therefore, it’s good to turn off Wi-Fi and Bluetooth when you don’t need them.
Use a good antivirus
Antivirus isn't just for laptops or desktop computers – it's also essential for mobile devices. A good mobile antivirus will protect your smartphone from viruses and hacking attempts. Kaspersky for Android provides 24/7 protection and includes a ‘Where is my device’ feature as well as spy app detection.
Recommended products:
