12 Best Mobile Privacy & Security Tips You Need Now
Our mobile devices are a hacker’s wet dream. Think about it: we store so much information about ourselves online through these devices, including info about our identities, activities, opinions and thoughts. Nowadays, our smartphones and tablets have more information about us than our PCs.
Couple this with the stark reality that various groups—from governments from cybercriminals—would all love to get their hands on that information, and it becomes pretty easy to understand why we’ve got to take mobile security matters into our own hands.
Without further ado, here are the things you must keep in mind in order to protect your online privacy and mobile security.
4 Must-Do’s Before You Download an App
It’s pretty amazing how many apps there are out there, isn’t it? Fitness trackers, anti-virus protection, calendar add-ons, restaurant services, news portals… You can probably find some version of any tool you can dream up in the app store.
But the luxury of all these readily available tools doesn’t come for free (and I’m not referring to the cost of the apps). Cybercriminals have exploited app stores for years, turning them into a gold mine for stolen personal information. They create malicious programs meant to look like legitimate apps; once downloaded, they infect the victim’s device and steal his or her information. And these criminal apps are everywhere; one example is Durak, a card game that seems legitimate, until your device starts acting up a few days after downloading it. Would you believe that the U.S. is the biggest creator of malicious mobile apps?
Be smart about how you use apps by following these 4 guidelines:
1. Download only from known stores, and start with an anti-virus app.
It’s understandable why you may want to stray from Google Play from time to time. Perhaps you’re curious about what else is out there, like what other apps are available to you that didn’t get ranked as high on Google Play. Whatever your reason for seeking one, other app stores—like AppsLib, Mobogenie and Slide ME—exist in plenty. See Digital Trend’s list of recommended alternative Android app stores. But proceed with caution: many of these contain apps that might infect your device with malicious software. A recent study found that 1 in 3 Android apps on non-Google stores are malicious. For the security-conscious, our advice is to stick to Google Play. (And don’t even think about downloading apps from untrusted sources like piracy sites or forums; that’s almost a guaranteed way to infect your device.)
Also keep in mind that even legitimate stores carry malicious apps. That’s why it’s crucial to download an anti-virus app for your mobile device. There are a number of anti-virus apps that were specifically designed for mobile platforms. And while there are many, it’s easy to find a resource to help you determine which one is right for you, like this Digital Trends article on the best Android security apps.
2. Stick to official apps.
In addition to malicious apps, mobile users must also combat the threat of “rogue apps.” These apps may not contain malicious code aimed at infecting your device, but they still have malicious intent nonetheless. Rogue applications are the mobile equivalent to Phishing attacks; they attempt to appear like a legitimate, official app from a financial institution or other service in an attempt to fool people into installing them and providing their login details and other credentials. Imagine a malicious app that appears to look like your banking app, and actually steals all of your online banking credentials. A recent study found that there are over 40,000 malicious banking apps, many of which take advantage of permissions like recording audio and accessing contact lists. Some years ago, a single malicious app developer known as 09Droid released at least 40 malicious banking apps that appeared legitimate. Scary stuff!
How do you steer clear of rogue apps? By reviewing the developer’s credentials enough to verify that the app indeed comes from the official source. Check out this short list of tips on how to spot a rogue app, and Greenbot’s tools for finding, taming, and eliminating rogue apps.
3. Pay attention to app permissions.
Some apps may be legit even if they don’t come from high profile sources like Facebook or Tinder. When you’re considering downloading such an app, make sure you carefully review the app permissions. Hackers bank on users not reading the app permissions before downloading. Avoid apps that may exploit their given access (for example, an app that provides quotes from Arnold Schwarzenegger movies should not have access to your contacts, SMS messages, or camera). Also pay attention to apps from legitimate developers that request illogical permissions; for example, why would the PayPal app require access to your microphone, camera and photos? Check out this resource from Android Central on what some application permissions mean to help you discern whether or not they’re legit.
These app permissions for the LogDog anti-hacking app are a good example of legitimate app permissions.
4. Use apps that communicate securely.
When you communicate with people using your mobile devices, your data is transferred from your device to the servers of the service you’re using, and from there to the recipient’s device. If that data moves un-securely, anyone who taps into the communication lines will be able to read your conversation. The good news? It doesn’t take a niche app to communicate securely; some apps like WhatsApp and Viber encrypt messages out-of-the-box.
Want to take incognito a step further? According to the EFF, FaceTime, iMessage and Wickr encrypt messages to the extent that even the service provider will not be able to read them. According to their report, which checked seven aspects of secured communication, the following apps have ticked all the boxes: ChatSecure + Orbot, CryptoCat, Signal / RedPhone, Silent Phone, Silent Text and TextSecure. So if you want to avoid your service provider ever being able to spy on you, use one of these apps.
Keep It Private
For better or for worse, some of the functions on our mobile devices come built-in with measures that track information like our location and browsing history. To keep your privacy under your control, take these two easy steps.
1. Disable location tracking.
Imagine this: You take a picture with your phone, and publish it on Facebook or Twitter. How would you feel about your exact location when you took the picture getting published along with the image itself?
A trend in recent years has been to include geotagging (or very specific geographical coordinates) with various types of data we create, like images. If you have this feature enabled on your smartphone or tablet, geotagging information will be saved with every image you take using your device and will be available to anyone who can see the image.
Why does this matter? Because your location can reveal a lot about you, like where you live and what times of day you’re not at home. For these reasons, you should maintain your privacy by disabling location tracking.
To find out whether location tracking is enabled in your Android phone, open your camera, and then click the Settings “gear” icon at the top left. You’ll see the “Location tag” option in the drop-down menu that appears.
Beware that Google may also be watching you! Google location history tracks where you are, but in doing so it also provides some great conveniences. For example, you phone can know that you’re at the airport on time for your flight, or alert you if you’re not. But for those who are privacy conscious, this may come off as an intrusion.
Here’s how to disable Google location history on an Android device:
1. Open your Settings menu and scroll down to Location.
2. Click on Location, and then scroll down to Google Location History, under “Location Services.”
3. Make sure the checkbox at the top of the screen is unchecked to disable Location History.
2. Browse using an anonymity network.
Web users who are highly concerned about their security often choose to browse using TOR. If you hop over to the TOR website, you’ll see it described as “free software and an open network that helps you defend against traffic analysis, a form of network surveillance that threatens personal freedom and privacy, confidential business activities and relationships, and state security.”
If you’re keen on preserving your privacy while you’re browsing, we recommend you check out the Onion Browser, which uses the TOR anonymizing network to conceal your device’s IP address, basically making it untraceable.
Want to know more about TOR? Here’s how it works: Every communication request that passes through the network goes through a number of nodes. Each node only knows the node from which it received the request, and the node that it needs to pass the request to. Each request is encrypted multiple times in multiple layers (like an onion) with each node able to decrypt only one layer. This way, no single node knows the entire route the data has gone through, nor is it able to read the information in the request. The NSA has described TOR as “the king of high-secure, low latency internet anonymity.”
But using TOR may slow things down. When each request travels to multiple nodes around the world, things don’t move as fast. In addition, since TOR is often used by cybercriminals to conceal their real identities, some sites like banking websites can detect you’re using TOR and may block you as a result. However, for most uses online, TOR can be quite useful.
Image source: http://en.wikipedia.org/wiki/Tor_(anonymity_network)
Back Up Your Device (No, Seriously)
As far as your device itself is concerned, there are some basic steps you can take to maintain its overall health. These include updating and—you guessed it—backing up.
1. Update your mobile phone’s operating system
It’s easy to forget that our mobile devices run on fully featured operating systems with vulnerabilities that can be exploited by attackers. Just like refraining from updating your PC operating system can leave you open to exploits, the same goes for your smartphone and tablet.
Don’t be lazy about updating your mobile. To update an Android device, go to Settings and then Software update.
If you want more in-depth guidance on how to update your device, check out PC Advisor’s article on how to update your Android smartphone or tablet.
Remember to update your apps, too. Developers are often quick to release a fix for vulnerabilities that are discovered within their apps.
2. Backup your device
Who backs up their device, right? People who are serious about securing their data—that’s who! Backing up your data can mean the difference between “something bad” happening to your device and a complete catastrophe. Backing up your device can also provide a solution to problems that have nothing to do with security, such as your phone dying, and it can also help you restore everything on your device if you become a victim of a cyberattack. Furthermore, backing up your device can help you retrieve your data should you ever physically lose your device. For help with backing up your device, check out CNET’s guide on how to back up your Android phone, and Tom’s Guide’s 10 Best Android Backup Apps.
Keep Intruders Out
You wouldn’t want a stranger using your device, would you? Fortunately, you can take a few simple steps to make sure your device is only accessed by the people you’ve allowed access to. Here are four of the most straightforward ones:
1. Remote wipe.
There are apps available today that enable you to remotely wipe your device, which can be extremely helpful if your smartphone or tablet gets lost or stolen. But beware: employing these tools can be a double-edged sword; an attacker who gains access to your method for performing the remote wipe may be able to track your location, or make all your data disappear himself (did we already mention why backing up is so important?).
Still, many mobile device users choose to have a remote wipe app that can allow them to clear their devices of all of their data if those devices ever land in the wrong hands. For more guidance on remote wipe apps for Android, check out Tech Republic’s roundup of five apps to wipe data from your Android phone.
2. Add a lock screen password.
Enabling screen lock and requiring a password of some sort for unlocking your device is an easy way to make sure that your data is accessed only by you or people you’ve granted access to. Forget about keeping embarrassing photos from prying eyes; unauthorized users can do worse damage with a short window of opportunity when they have your phone, like installing malware on your device and forwarding or deleting your data.
True, it may take time to adjust to having to unlock your device using a password or pattern every time, but this step is really important to your device security.
To add a screen lock on an Android device:
1. Go into your Settings menu and select “Lock Screen.”
2. Choose which method you’d like to use and click to enable and configure it.
3. Encrypt your data.
Android devices have a built-in option for encrypting your data. You can find it under Settings > Security > Encrypt Phone.
If the data on your phone is encrypted, only people with the proper permissions will be able to use the device. This means that, if your phone is stolen and the thief tries to get to your personal information, say, by connecting the device to a computer and using various software, all they’ll find is encrypted, useless data. Win!
If you do choose to encrypt your data, make sure you use a strong password and not a PIN code, as this will make the encryption more difficult (if not impossible) to crack. Also, keep in mind that encryption may impact your device’s performance, though not to any great extent. Here, again, it’s a matter of weighing the costs and the benefits of encrypting your data.
4. Restrict your Wi-Fi activity.
Using a public Wi-Fi network puts you at high risk of having your personal data stolen, since hackers often use public Wi-Fi networks to steal your information. Have you ever connected to a free Wi-Fi network at Starbucks or any other coffee shop you frequent? Once you’ve done so, your phone may automatically connect to that network next time you’re even in the vicinity of the place. The same goes for any public network you’ve connected to. Be cautious connecting to any open Wi-Fi network where security is questionable. And if you must connect to one, use a VPN (virtual private network). This will encrypt everything end-to-end, so attackers will have a harder time getting their hands on your credentials even if you’re communicating through a network they control. Check out this Lifehacker article on staying safe using public Wi-Fi networks, which has more information on VPNs.