Skip to main content

Mobile Security Guide: Everything You Need to Know

General safeguards and tips for mobile security

Although both Android and iOS offer their own tools to protect your device's security, there are certain measures every user can take to counter the concerns discussed in the previous section.

Data leakage resulting from device loss or theft

·         Always set a PIN, passcode, password or pattern lock on your device. While these may not stop a dedicated hacker, they can prevent the average thief from quickly accessing important information, such as your credit-card number and saved passwords for online accounts.

·         Configure your screen to lock after a few minutes of inactivity. This is often enabled by default on newer phones.

·         Use a different password for each of the various services on your device, such as email, social media and shopping accounts. This will help mitigate the theft of personal information in the event that someone manages to bypass your phone's PIN or password.

·         Don't store credit-card information on your device. Although this can make everyday shopping less convenient, a thief won't be able to use your phone or tablet to go on a shopping spree.

·         Remotely wipe your phone or tablet if it's lost. Apple iOS devices can use the free Find My iPhone app; Android users must enable Android Device Manager in the Google Settings app. Many third-party security Android apps also have remote wipe capabilities.

·         Encrypt your phone or tablet. With iOS devices, this is done automatically as soon as you enable a PIN or passcode. Android users must go into Settings > Security > Encrypt phone. Without encryption, it's not hard for a thief to read the phone's data from a USB-connected computer.

Unintentional disclosure of data

·         Disable geotagging on your camera app and any other apps than can access the camera. This will prevent apps from automatically tagging your location.

·         Refrain from using the "check in" feature on apps like Yelp and Foursquare.

Attacks on decommissioned mobile devices

·         Always reset the device to factory settings before donating or recycling your phone. This is much more effective than attempting to clear the data from each app individually.

·         When purchasing a new device, reset your old device to factory settings even if you're keeping it. Theft of an unsecured phone or tablet that still contains personal information — even if it is no longer in use — can be just as damaging as the theft of your current device.

MORE: Best Antivirus Software

Phishing attacks

·         Look for typos in SMS messages and emails. This is often indicative of a phishing scam.

·         Verify that the app you're installing comes from a trusted source. If that "Angry Birds" app you're viewing doesn't list Rovio as the developer, avoid it.

·         Never include a password, credit-card number, or other personal data in an email or text message. If you receive a message asking for this kind of information, it's most likely a phishing scam.

Spyware attacks

·         Review app permissions before installing them, especially for Android devices. If the app is asking for access to personal information or wants to perform certain functions on your phone or tablet, make sure that these permissions fit the stated purpose of the application.

·         Don't alter your phone's security settings. Rooting or jailbreaking your device can make it more susceptible to an attack.

·         Keep your device's software as up-to-date as possible. Manufacturers frequently plug security leaks after launch, and downloading the software updates is key to making sure that your phone or tablet is as secure as possible.

·         Install firewall and antivirus software to block and detect any infections.

Network spoofing attacks

·         When possible, connect only to secure Wi-Fi networks that you recognize.

·         When browsing on an unsecured Wi-Fi network, only log into sites that use SSL encryption, which will have the "https" prefix in the URL.