Smartphone Security – (Android/IOS)
Smartphone security is not a new concept in itself, but its scope is changing day by day. While smartphones were used as a mere means of communication in the past, they are being used to store everything from important work-related details to bank account information.
If a potential vulnerability causes your smartphone data to be compromised, then it might turn out to be a potential catastrophe. They say prevention is better than cure. There are many ways how your smartphone’s data might be hindered with, and a number of solutions for the same. If you use a smartphone, it is a smart idea to stay updated about the kinds of potential threats and the preventive measures against them.
Theft Proof your Mobile Data
Taking preventive measures to theft-proof your mobile data saves you much trouble later. Stop malware makers and phishers on their tracks by taking these preventive measures into account:
- Lock your mobile
As simple as it sounds, locking your smartphone is one of the most basic things that you can do to ensure smartphone security. If your phone gets lost by any chance, a simple PIN lock can prevent someone from immediately doing any harm to your personal data. It gives you the time and the chance to block your credit card details or block access to other important data. Locking your data is as simple as setting a PIN code, pattern lock, password or Fingerprint lock.
A password is a strong, secure way to lock your phone. Passwords can be difficult to guess, and it can help ensure that your personal data remains personal. However, typing a password into your mobile phone several times a day can turn out to be cumbersome. Use passwords only when you need the highest level of security.
A PIN code can turn out to be a simple alternative to a password. It can be shorter, easier to remember and easier to type in several times a day. Using a 4 digit pin is a good solution, as there are 10 thousand different combinations. Just make sure not to choose something obvious like 1234 or 4321.
• Pattern Lock
A pattern lock allows you to draw a pattern using a grid of nine dots. You can create a huge combination of patterns, and it is easier to enter multiple times throughout the day. However, patterns are only as secure as the kind of pattern you create. Another con of using a pattern lock is the fact that someone can easily remember your pattern by just looking over their shoulder. Hence, patterns are recommended only if you have nothing to worry about.
• Fingerprint Sensor
Not all smartphones have fingerprint sensors. However, all new models of smartphones being shipped nowadays have fingerprint sensors embedded in them. A fingerprint sensor is by far the most secure and fast means of unlocking your phone. The only problem is that not all smartphone have a proper placing of the fingerprint sensor. Fingerprint sensors are hence the most recommended means of locking your smartphone. Use a PIN code or password only as a backup.
- Add protection
Use the security features that come in your Android/ iPhone devices. Apple device users can turn on the “Find My iPhone” feature in iCloud, which might come handy in locating a missing device and erasing important data using an activation lock feature.
- Set strong passwords
Be it your social media account, or your banking login account, setting a strong password everywhere is mandatory. Your password should be a unique combination of letters, numbers and special characters and should be difficult to guess. Do not use the same password everywhere, and use a password manager to keep track of all your passwords. Setting strong passwords is another method to ensure smartphone security and prevent someone from tampering with your personal information.
- Use apps from the Google Play Store or the Apple Store
Apple Store and the Google Play Store continuously remove fraudulent apps from the marketplace. Rarely, Google and Apple do fail at protecting the influx of fake apps that seep into the Google Store and Apple Store unknowingly. However, it can be said that the Google Play Store and Apple Store are safer than ever now and downloading apps from these stores are comparatively more secure than downloading bogus apps from unreliable third-party applications.
- Use device encryption
Encrypt your Android smartphone/ iPhone to encrypt the data in your phone. Encryption differs greatly from a simple PIN or passcode. Even if a hacker gets in through the lock screen, your personal information is rendered useless/unreadable unless they have the encryption key. The downside to encrypting your mobile data is that it takes you longer to log in to your device. However, using device encryption takes security one step further and is usable when you have extremely vital data in your smartphone.
If you are an IOS user, setting device encryption is as simple as setting up a passcode to lock your device. The option can be found under Settings > Passcode.
If you are an Android user, note that the lock screen and device encryption are separate entities but related. You cannot encrypt your data without turning on the lock screen. To enable device encryption, plugin in your device, set a strong password and navigate to Settings > Security > Encrypt Device. Follow the on-screen instructions and complete the process. Once you encrypt your phone, you cannot turn it off without factory resetting your phone.
- Use a Virtual Private Network
Use a mobile Virtual Private Network to ensure that the free Wi-Fi you use when you have that sip of coffee on the way to work does not come back to bite you. However, make sure that you do not use a free VPN service as they usually don’t work.
- Use an anti-virus software
Use a suitable, paid, anti-virus software to prevent malware from attacking your smartphone data. Some smartphone security anti-virus software also offers the feature of phone tracking, which might not work as expected, but are good-to-have additions.
- Delete unused applications
Constant security updates of apps make the apps secure. However, not all apps regularly release patches, hence stagnant and unused apps might turn out to be an open door for a possible attack. Delete unused apps to reduce the chances of an attacker entering your phone to obtain vital information.
- Turn off unused connections
Turning off Bluetooth and Wi-Fi when not in use does not only save your battery life but can also prevent your smartphone from possible attacks. Open network connections can be used to attack you hence it is advisable to turn off all connections when not in use.
Mobile Threats and Scams
Mobile threats and scams have become a rampant problem as smartphones are in the hands of every average person in this era. There are some common types of fraud committed through mobile devices that one should be aware of:
This is one of the easiest ways for scammers to steal personal data. You get a message, asking to enter your login information. This information is then used to make purchases through the app to which you revealed the information. The same login information can also be used to gain access to other apps that you use since a normal user has the same login credential across several applications.
Vishing is much like phishing and is its telephone equivalent. It involves the act of calling unsuspecting users by appearing to be a legitimate business. Scammers then extract vital information by making the victim think that they will profit. For example, a scammer might call you by pretending to be your bank and asking you for your PIN, or call you as an IRS agent asking for your tax details.
- Fraudulent websites
A smartphone has a smaller screen than that of a desktop computer. Hence, it is difficult to differentiate a fraudulent website from a real one in a smartphone than on a computer. The difference in the logo, quality, and display of the website is un-noticeable in a smaller screen. The use of phony websites and information tampering using fraudulent websites are thus more common on a smartphone.
- Subscription fraud
Fraudulent users gain access to a person’s information and use it to sign up for an expensive subscription. This kind of fraud falls among the most common mobile fraud.
- Stolen devices
If your smartphone gets stolen, fraudulent users can use the device to make purchases through apps.
- SMS Fraud
This kind of fraud usually involves sending SMS on behalf of a user, without his/her knowledge. The SMS is sent to make a purchase, which the user is unaware of. The payments received by the purchase then benefits the fraudulent user.
- Phantom apps
Fake apps of well-known companies can also prove to be a big scam that lures users to pay fraudsters unknowingly. For example, a phony version of Google Wallet was released in 2014, that tricked users to paying money for cheap cars.
- Drive-by downloads
The malware installed into your phone without your consent is referred to as drive-by downloads. Visiting the wrong website can generally trigger these drive-by downloads to be installed in your mobile device and causing harm later.
- Viruses and Trojans
Viruses and Trojans attack your mobile devices by attaching themselves to legitimate programs and later hijacking your smartphone system. Viruses and Trojans can also send premium, costly, text messages.
- Network spoofs
Network spoofs are fake access points set up by hackers to look like Wi-Fi networks. They are set up in high traffic locations with names like “Free Wi-Fi” or “Coffeehouse Wi-Fi” to lure users into creating accounts to log in. Most people generally use the same login credentials to log in to several places. The same username and password obtained from this account are used to gain access to the duped user’s email and banking details.
How to spot Fake Android Apps?
One of the major mobile scam on trend nowadays are fake Android apps that act as masters of disguise and cause harm to your personal data. Copycat apps are released extensively on a daily basis. It is difficult to keep track of which app is genuine and which is not. It is hence important for every smartphone user to know how to spot fake android apps and ensure their smartphone security.
Before you download an app, do some background research on the number of downloads and the number of reviews that the app has. In some cases, lesser reviews might be an indication of a developer just starting out. In other cases, it might be a scammer intent on tricking you into downloading their malicious app.
- Read reviews
Short and vague reviews or very less number of reviews are often the sign of malicious apps. Some reviews can also give you an insight into the pain shared by other users who have been duped by the app.
- Notice details
Notice the details like the images and design of the app. If they look unprofessional and shoddy, it is probably a fake Android app put together to dupe unknowing users.
- Watch out for clones
Most malicious and fake apps are the clones of the more popular apps. Examine the name of the developer and read reviews carefully in order to differentiate between the original app and the fake one.
- Read the documentation
Good developers usually push out some minor description of what the app does. Read the documentation carefully to figure out if the app has just been pushed out to lure customers, or if it has actually been created with care.
How Free are Free apps?
Everyone loves free stuff. However, everyone also knows that not many things are actually free. The internet is full of free things to offer. How free are free apps? Have you paused before downloading a free app? Do you ever pause to realize that when you download a free app, you give something in return, i.e., your personal information?
Why is your personal information important?
Information is a commodity. Facebook and Google offer free services but collect, sell and analyze user data on behalf of advertisers. The information we share for free is monetized in a big way. When using an app for free, you are giving away your valuable information in return.
Every time you download a free app, you generally share:
• Your browsing history
• Your SMS app
• Your contact list
• Access to your camera
• Access to manipulate your cookies
This data is analyzed and used to deduce the advertisement content of products that you are most likely to purchase.
How do free apps earn money by using your personal data?
Since it is established that free apps are not actually free and take up your personal information in return, read on to find out the ways how free apps earn money:
- Online games
Applications like WeChat (a messaging app in China) earn money through their online games which require purchases to unlock special features.
Online advertising is a big business, and it is driven by the personal data that you share to a free app. Most free apps also earn money through advertising the products that you are most likely to purchase.
- In-app purchases
Some applications allow the user the download the application for free, but require money to unlock special features.
- Add-on services
Many free applications like LinkedIn earn by offering add-on services. They obtain revenue from providing a platform for these add-on services.
How to protect yourself from free apps?
A huge percentage of top free Android and iOS apps have found to pose some risk to the users. It is always safe to know ways to protect yourself from free apps and prevent your personal data from being used.
- Be careful of what you install
You might be asked to grant various permissions of an app. However, when you are granting permission to a free app, make sure you review the permissions first. For example, if you download a calculator, it does not make sense for the calculator to access your photos, contacts and other mobile data. Sometimes, just some common sense can save your personal data from being monetized.
- Stay updated
Install your mobile updates as soon as they are available. Updating can be a gruesome process and can hamper your activities, but the updates are usually packaged with security updates that are essential in ensuring safety against unauthorized access of data.
- Review your installed applications
You might have at some point in time, given unnecessary permissions to some free apps that you have downloaded. Review the installed applications and the permissions provided to them from time to time. Changing and reviewing application permissions can prevent the misuse of your personal data.
Other Mobile Threats
There are a number of other less common, but equally threatening mobile threats that one should be aware of:
A jealous co-worker or a nosy spouse might install a hidden, application into your smartphone to keep track of your whereabouts. This kind of application is known as spyware, and needless to state, you would not want to be tracked and have your privacy compromised.
- Broken cryptography
Some apps that you download into your mobile might have crappy code including weak encryption mechanisms that any hacker break. Flaws in an app created in haste is common, and hacking such apps is easier in comparison.
- Improper session handling
Improper session handling can let your personal data float free into the hands of scammers with ease. To ease the access mechanism of mobile devices, many apps use tokens. These tokens allow users to access the application multiple times without forcing them to re-authenticate themselves. For security, apps need to generate new tokens with each access attempt. Not doing so can leave the app exposed and vulnerable to attacks and impersonation.
A normal, tech-savvy person has access to a huge load of information on the types of smartphone threats and the ways to prevent them. However, few people take smartphone security seriously and implement methods to ensure the protection of their personal data. It is always advisable to ensure that your personal data remains truly personal by doing whatever needs to be done to keep scammers at bay.