Last updated on November 8th, 2018
Everyone nowadays owns a smartphone – it has become a necessity than a luxury.
For a fact, there are more than 5 Billion mobile subscribers (for the year 2017) according to GSMA Intelligence. The research arm of GSMA also shared something interesting:
More than half (55 percent) of mobile subscribers are based in the Asia Pacific region, which is home to the world’s two largest mobile markets: China and India. China accounts for more than a billion of the world’s subscribers, while India accounts for 730 million.
Is Your Smartphone Really Secure?
Among millions of users across the world, is your data safe? Is your smartphone really secure?
Now, you must be having second thoughts to my question. Yeah? If that’s a yes, then let me ask you something:
Why aren’t you confident about your smartphone’s security?
Don’t worry…After reading this article, you will be confident about your smartphone’s security.
It is very easy to keep your device safe – you will realise it when you finish reading the article.
iOS vs. Android – The Reality Check
Did someone suggest you to use an iOS device over an Android smartphone for security benefits?
Fret not, we’ve all been there – endlessly arguing why one of them is superior – but that’s just not productive.
So, here’s a news for you – everything is vulnerable (even an iOS device) – unless you are aware of the basic tips and techniques to keep your smartphone secure.
Don’t believe me….?
Recently, Gordon Kelly at Forbes highlighted a serious problem after iOS 12.1 update. So, it’s a no-brainer that any smartphone you own can be exploited. On the other side, Android isn’t innocent either. An “API breaking” vulnerability was found which leaked device data without the user knowing it.
Yes, it is true that you will get security patches / major OS upgrades on an iOS device for a longer period of time when compared to an Android device. So, that comes to your personal preference and has nothing to do with your smartphone’s security state.
Shocking Facts: The Dominant form of Knowledge
The more you know, the more steps you can take to protect your data without needing an expert’s help.
We remain cautious about the things that we’re aware of – even before we encounter it.
Similarly, you need to know about some of the biggest shocking facts or news that concerns with security risks on your smartphone to stay alert.
In his piece, Mike highlights Google, OnePlus, and Apple.
But, trust no one!
Yes, you should not trust any smartphone manufacturer with your privacy and device security. You need to be the one controlling it – not the manufacturers.
Even if it’s not intentional (I’m not too sure about that!) for the manufacturers to introduce security risks, they do take some decisions to add new features or functionalities to a smartphone which makes the device vulnerable without the user knowing it.
No matter what – you will always encounter some kind of bug after an OS update (or a minor patch) – which could potentially compromise your device.
Thanks to some of the hard-working security researchers who often find out about it – even when the smartphone manufacturers do not inform you about it.
This is a serious concern for Android devices because only a few percent of users are running the latest version.
In addition to Symantec’s report, Kaspersky also shared an alarming stat:
In Q1 2018, Kaspersky Lab detected 1,322,578 malicious installation packages.
For iOS users, the situation is better and potentially less dangerous. Although you need to perform a background check of an application – to be on the safe side.
Let’s assume that you have the latest security patches installed along with the latest version of the Operating System. Is there still something to be concerned about?
I’m sure you must be browsing the web every now and then. Also, you must be utilizing several services like email, instant messaging, and similar.
It’s a nightmare – but you have to realize that there are tons of cyber threats that could compromise your device or any sensitive information that you have on your smartphone.
We’ll discuss more in the later section of this article.
Expert Opinions on Smartphone Security
We are mostly aware of the basic security tips like setting a password and updating the software (when available). But, no matter what, we tend to simply ignore most of the tips or maybe we weren’t aware of it in the first place.
Whatever be the case, we thought of bringing in some professional experts to answer our question:
How do you keep your smartphone secure?
Let’s take a look at what they had to say:
Expert 1: Georgia Weidman
At the end of the day, security starts with the user. And especially in mobile, individual users must be vigilant about not falling prey to a wide variety of phishing attack vectors, not installing questionable apps, or not giving away questionable permissions. Security depends upon us users using our brains.
Georgia emphasizes the phishing component of an attack against a mobile device.
If you’re wondering – Phishing involves tricking you to think that you are actually entering your credentials (user ID & passphrase) or other sensitive information (like credit card details) on a trustworthy website or service.
For example, a website may appear to look like PayPal/YouTube – but it isn’t actually (as shown in the image below).
Phishing does not necessarily stop with a similar looking webpage – but you might also find similar looking emails (making you think that it is an official email). Someone might even try to spread a fake announcement on WhatsApp/other instant messengers to get your details.
Now that you’ve understood what it means, let us point out a few important things Georgia suggested that you should take care of:
- Be cautious when you download/install attachments
- Being wary of clicking on links in emails/messages
- Cross-check the integrity of the website before entering sensitive information
- A QR Code might send you to a spoofed website – to verify the link before taking any action or do not scan the QR Code at all (unless if it’s from someone you trust).
She also highlighted a couple of basic practices that we should follow:
- You should install applications from the official marketplace only (Google Play Store/App Store).
- Verify the permissions you give to the applications installed.
In addition to all the tips, she also mentioned that even if your mobile device is under some form of management by a preventive technology (mobile anti-virus, enterprise mobility management, mobile threat defense or similar) – there’s no way to be 100% sure that they protect you against all the threats.
Expert 2: Rebecca Herold aka The Privacy Professor
Of course, being another expert, Rebecca also mentions the phishing component but she emphasizes on users’ privacy.
You do not need any special skills to protect your privacy. The tips mentioned by Rebecca are easy to implement – while it also improves the device’s security in a great way.
Let us take a look at them:
- Use 2-factor authentication for access into the phone/device.
- Make sure passwords are strong (long, complex), and PINs are long (more than 6 digits, non-consecutive and non-repeating, wherever possible)
- Set auto-updates for OS patches. Most folks don’t do this.
- Occasionally power off your phone to clear memory. There are some malicious things that will hide there. Plus, it will help your phone to run a bit better in most instances.
- Remove all apps you don’t use. Most people have a large number of unused apps they’ve downloaded, but then stopped, or never, used. These could be exfiltration paths for data from the phones to unknown, and unlimited numbers of, third parties.
- Don’t click links in text messages from senders you don’t know. Classic phishing.
- Don’t click links in the text message from senders you think you know, but is uncharacteristic for them. Their device or account may have been compromised.
- Don’t auto-connect to public wi-fi’s.
- Use anti-malware and firewalls on all types of smartphones
- Encrypt all data on your phone.
Now, that you’ve known the best security tips by some of the experts. You should be good to go if you follow them.
But, if you’re still wondering about the tips – in order to secure your smartphone, continue reading…
Smartphone Security: Detailed Roundup
There’s no secret recipe to keep your device secure. You just have to keep an eye out for a couple of things and you should be fine. The expert tips that we just read about sums up almost everything – but if you want a detailed explanation on the tips, let’s do that here:
- Device lock: If your smartphone comes with a biometric identification system (fingerprint scanner, face unlock, or an iris scanner) – use it over the traditional password. And, if you prefer typing to unlock your device, set a password rather than a PIN.
- App Installation: Always prefer installing applications from the Google Play Store and the App Store. You should avoid sideloading apps – unless you are sure about the integrity of the APK file.
- Unused/Obsolete apps: If you observe an app that you no longer require or if it’s no longer actively maintained by the developers – you should consider uninstalling those.
- Review app permissions: There’s always something fishy about the permissions an app required – even some of the popular ones. If you think that the app does not require the permissions given in order to work – simply uninstall the app and find an alternative.
- Phishing: We’ve already discussed it above – but to recap: you need to avoid clicking on the links sent to you in any form – unless you are sure of its authenticity. No matter how tempting the offer is – do not enter your credentials or personal information without verifying the integrity of the website. You can be tricked via message, email, or a spoofed web page.
- Secure network connection: It’s not a good idea to connect and work on a Public Wi-Fi. If you rely on those, consider using a VPN like VyprVPN.
- 2 Factor Authentication: For every account, you create and associate with your smartphone, you should have 2FA enabled. Also, I suggest you use Authy instead of the Google Authenticator app to generate 2FA codes. Authy lets you sync your codes to your desktop and other devices – with an option to backup and encrypt them in the cloud.
- Safe web browsing: You can use an ad-blocker to block potential malicious ads/pop-ups on a website.
- Password strength: 2FA helps but you need a strong password – which should be a combination of multiple alphabets, symbols, and numbers. Some services do not accept certain symbols – but that’s not a big deal.
- Prefer using Privacy-oriented services: If you want complete privacy, then you can try switching to services that care more about your privacy than personalizing your experience by collecting your data. For example, you can start by using DuckDuckGo over Google.com as your search engine on your browser. You can also search for a privacy-focused email service – like – Proton Mail.
- Use Encryption: You get the option to encrypt your Android device by heading into the security settings and then encrypting the device. All pixel phones are encrypted by default.
- Data backup: Whatever you have stored on your smartphone, make sure to keep a backup of it. You never know what might happen if a bug accidentally deletes your files. You can utilize Automatic backups on Android and iCloud backup on iOS devices.
- Remote device locator: If you do not want to lose your smartphone, consider using Find My iPhone or Find My Device (Android) to be able to remotely locate your device and wipe your private data in case of theft.
Recommended VPN: VyprVPN
Opinion: Before you get a new Smartphone…
Smartphone security isn’t just about using a secure Wi-Fi network or encryption – you should take certain decisions even before purchasing a smartphone. So, let’s get right into it:
Prioritize Software over Hardware
No matter what smartphone you prefer – or what budget you have. You need to be sure whether the smartphone is eligible for software updates or not.
If yes, how many more years of software updates you’d expect it to get?
(Also) How often does the smartphone manufacturer roll out security patches or OS updates?
You need to make an effort to inquire about these things – if you really want a secure smartphone.
Without proper software support, you should not expect your smartphone to be “technically” secure. Of course, not every manufacturer provides the necessary software support. So, you need to make a wise decision.
I would personally prefer one of the latest smartphones from Google (with stock Android) or else I’ll find a cheaper Android One alternative. Currently, Nokia seems to be doing a pretty good job when it comes to software updates on Android One devices. You can expect 3 years of security patches and 2 years of major OS updates.
If you prefer iOS devices – anything that was unveiled not more than a year back should be perfect. You can easily expect 3-5 years of software updates on an iPhone and the iPad.
If you do not care about the budget you spend, the hardware you get nor the after-sales service (which you should inquire about), then you can consider getting any of the smartphones that are specifically tailored for security and privacy.
For example, Silent Phone by Silent Circle.
This isn’t for everyone – but still, an option if you are up for it.
Securing your smartphone isn’t a difficult task. You just need to take care of certain things while using your smartphone.
You do not need to rely on cybersecurity experts unless you have specific enterprise requirements.
I hope you found this guide useful. I’ll make sure to keep it up-to-date as per the latest threats against mobile devices.
Share this with your friends and family to let them secure their smartphones!