For many of us, our smartphones are our lifelines. We use them for personal and professional purposes: to join Zoom calls, to scroll through social media, to manage our money and to communicate with friends and family.
It can be easy to forget that these devices hold or connect to a lot of sensitive personal information — and that they can be easily hacked if we're not careful.
- The best smartphones you can buy today
- Buying a used smartphone could put you at risk — here's why
- iPhone 12 mini review: This is a revelation
Fortunately, there are steps you can take to secure your smartphone from hackers as well as habits you can avoid that would otherwise put your data at risk.
Choose your apps carefully — and monitor continuously
Charles Edge, a security expert and software developer, suggests running only apps that are available from the Google Play Store or Apple App Store or another truly trusted source.
These apps have to meet certain security standards set by the store and are also scanned for malware. Do your research when downloading a lesser-known app, even from an official app store, to ensure that the developer is reputable.
Once you've downloaded an app, limit its access to other information on your device, including your location, contacts and photos. Apps may request limited or permanent access to other services multiple times — and this access may violate your privacy if the app itself is ever compromised.
"Don't get click fatigue and start just tapping to grant access," Edge says. "And if an app asks for a resource that seems way out of bounds of what it should have access to, not only say no, but open a ticket with the App Store for your platform."
If you haven't audited your apps in a while, take some time to clean up your device. Delete apps you no longer use and revoke app permissions that are no longer needed.
Strengthen your security settings
Always protect your phone, and any apps that access sensitive personal information, with a passcode, a strong password or, if possible, biometric-authentication mechanisms like Touch ID or Face ID.
You should also enable two-factor authentication (2FA) on services that make it available and have the second factor delivered to a different device. This way your physical phone has an additional layer of security if it is ever lost or stolen.
Remember to turn off AirDrop and Bluetooth when you're in public, at least when you're not actively using them. Bluetooth leaves your device vulnerable to a number of malicious attacks, even from pretty far away. Even if your phone isn't hacked via Bluetooth, it leaves you open to AirDrop crossfire.
Enable auto updates
One of the simplest steps you can take to protect your phone from hackers is to turn on automatic updates for both your apps and your operating system. Updates are how security flaws get patched and allowing these to happen automatically ensures you won't leave your device unprotected for any length of time.
If your mobile OS is weak, it doesn't matter what else you use to secure your phone — everything is vulnerable to attacks.
Add extra layers of security
A virtual public network (VPN) can add another layer of privacy for your data, especially if you frequently use public Wi-Fi networks. The best VPNs encrypt your information to ensure that your location and browning history remain encrypted. Essentially, a VPN will render your data unreadable by anyone who intercepts it on the open Wi-Fi network.
Another option is to download a mobile security or antivirus app. These apps detect malware, deter theft, and may even offer data backup, device tracking or VPNs of their own.
Android devices come with Google Play Protect, a built-in malware scanner for your apps, although third-party Android antivirus apps are better. You can manage security options in your device's Settings app under Security.
What not to do
While preventive measures are important, there are also a few bad digital-hygiene habits that put your phone at risk.
Don't give people your phone number
First, stop handing out your phone number unless it's absolutely necessary. A phone number may seem innocuous, but it's often used as a form of ID, and it's where temporary 2FA codes are usually sent.
Hackers who learn your mobile phone number can use SMS to send you malware or phishing links that prompt you to compromise your personal data, and can also try to steal the number from you by having it transferred to another phone.
Don't download random files or apps
Don't download anything sent to your phone via SMS or email without carefully vetting the source first, even if the message seems to come from someone you know. And if the contact is unknown — or if the message demands you take urgent action — don't answer or click any links.
"When in doubt, don't respond," says Chandler Givens, a privacy expert at antivirus firm Avast. "Just as with email, mobile requests for personal data or immediate action are almost always scams."
Don't jailbreak or root your phone
You should also avoid jailbreaking or rooting your device, which may compromise any security built into your OS or apps.
"Once jailbroken, all the safety wheels are off," Edge says. "The basic protections Apple assumes when creating API endpoints are gone and apps can pretty much do whatever they want."
Don't use public Wi-Fi
Finally, try to avoid using public Wi-Fi networks, which are a prime place for hackers to gain access to your mobile device. Use your cellular data plan instead. If you have to hop on an unsecured network, such as when traveling overseas, make sure your VPN is enabled.
Indications that your phone has been compromised include overheating and diminished battery life. To see if any apps are using an unusual amount of power on your Android device, go to Settings > Battery > More > Battery Usage. In iOS, head to Settings > Battery.
