6 ways to make your phone more secure
Keeping your device locked is just the start
Just like computers, smartphones have their security flaws. There have been many examples of Android breaches.
In 2017 the Kapersky Security Bulletin provided the example of the Android version of the Pegasus mobile espionage software, known as Chrysaor. In December 2022, a popular Android browser app was shown to be capable of leaking personal details, which was worrying given that it had over 5 million users. The Android developers themselves release a monthly security bulletin detailing vulnerabilities, such as those that would allow someone to install apps or make other system-wide changes without permission.
Part of the issue is that Android has to run on many types of different hardware made by different companies. Many of them use their own chipsets or variations of Android’s software so it’s difficult to keep every device safe.
While the consensus is that Apple’s iOS is more secure than Google’s Android OS, all phones remain vulnerable to chip set exploits like Spectre.
Additionally, in 2018 Sophos Labs found that more than 30% of the ransomware it identified was on the Android platform, and there are an estimated 10 million Android apps that are categorized as ‘suspicious .’
In October 2022, another study done by Dr. Web antivirus showed that the situation hasn’t improved much in the past few years, as a new set of malware, phishing and rogue adware apps had managed to find their way onto the Google Play store. Dr. Web and other researchers found some particularly nasty trojans which could hijack sensitive information from other apps. These had already been installed thousands of times.
Given the rise of mobile malware, users need to be constantly vigilant and make sure that their phones are secure, and here are six ways you can do that.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
1. Lock your phone
Enabling a phone to lock itself when not used for a short period is a cornerstone of keeping the device secure. When the phone is locked, it prevents others from getting access to the device, and all of its data and apps.
While years ago locking your phone was a bit of a pain, modern smartphones offer a variety of unlock options, including fingerprint sensors and facial recognition, so you no longer have the excuse that it’s inconvenient to have to unlock the phone when you want to use it.
When you configure the lock settings you can specify the number of minutes before your phone locks, so specify a short interval of only a few minutes to make sure an unattended phone is locked down if found.
The phone should also default to the lock screen after a restart, and require a PIN. An alphanumeric code i.e combination of letters and numbers is better than just a numeric PIN code.
Identifying using a fingerprint via Touch ID or face via services like Face ID is much less secure. For example, Face ID has been known to be fooled by 3D-printed masks of a phone’s owner in the past, though Apple have released updates to prevent this. An adversary can also force you to place your thumb on a device or hold it up to your face much more easily than they can get you to hand over a PIN code.
If you use a PIN code you can also program your iPhone to reset and wipe all its data after 10 failed passcode attempts. If you’ve kept backups in iCloud, you can always restore an iPhone afterwards.
Make sure also to control what information is viewable from the lock screen. If someone steals your phone and tries to set up your banking app on another device, for example, your bank will usually text you a security code. By default, this is visible even when your phone’s locked.
Modern versions of Android and iOS allow you to show notifications without providing details : for instance you’ll see a ‘new e-mail’ notification but will need to unlock the device to find out who it’s from and what it says.
Follow our guide on how to manage Android notifications to do this. If you’re running iOS 15 and above on your Apple device, you can also use the Focus feature to control notifications.
2. Keep the OS up to date
Android users continue to face the fragmentation of their OS. The most common version of Android in use as of December 2022 is Snow Cone (12.0.0), with a 28.2% market share, but the previous version Red Velvet Cake (11.0, 11,1) doesn’t lag far behind at 23.6%, while the three-year-old Android Q (10.0) still soldiers on with over 18% of the Android market. Astonishingly almost 9% of all Android device are running Android Pie (9.0), which came out in 2018 according to Stat Counter.
And, according to Stat Counter, the situation is better, but far from perfect, in the Apple camp. While the latest version of iOS (16.0, 16.1), does have the highest market share at 53.79%, there’s a persistent minority of users still on earlier versions, such as the 24.65% who are on iOS 15 (15.5 - 15.7), which is approaching a year old and doesn’t offer all the latest security updates.
If you’re still clinging to your old iPhone, Apple have recently released security updates for older versions of iOS such as iOS 12 which runs on older devices like the iPhone 5S and iPod Touch (6th generation). Still, our advice remains you should always have a device capable of running the latest version of iOS to stay extra safe.
Android users continue to be mired by phone manufacturers not releasing the latest updates for their handsets, and then carriers not rolling them out, leaving users potentially vulnerable to new threats, a situation that Google is seeking to address with a more structured way to roll out Android updates,Project Treble.
As for the iPhone, our recommendation is that if your Android device is no longer being updated, then it’s time to start shopping for a new one.
When looking for a new smartphone, in addition to other features, look for a phone that’s likely to receive updates over the long term. This makes an argument for choosing a more popular flagship that’s more likely to get plenty of update love over its lifetime, or the best Google Pixel phones that will be well supported with updates.
3. Avoid insecure brands
The best smartphones have a reputation for receiving more frequent updates, such as the aforementioned Google Pixel line, and Apple iPhones that continue to get updates for several years. However, with other smartphones it’s quite the opposite.
In February 2019 the issue of phone security reached the level of a congressional hearing in the US, with intelligence officials warning that phones from Chinese manufacturers Huawei and ZTE should be considered insecure, and going so far as to accuse these phones of spying on US citizens and levelling criminal charges against Huawei. In August 2017 budget phones from Blu were pulled from Amazon due to privacy concerns.
In general, sticking to more mainstream brands that have a high profile in the market, rather than second- or third-tier products, is the safer choice.
You should also consider only buying a new mobile device. That way you know that the device will have default settings, isn’t ‘rooted’ or ‘jailbroken’ and can’t be accessed remotely by the previous owner (see below). Old mobile phones can still be recycled for parts by your manufacturer.
If this isn’t possible, see if you can buy a refurbished unit from a trusted supplier such as Amazon’s “renewed” program. Vendors like these will do quality testing of devices and return them to factory settings before selling them.
4. Encryption
With all the data that’s on your smartphone – emails, contacts, financial apps and more – it goes without saying that if the phone is lost or stolen you don’t want a crook gaining access to it. The solution is to encrypt the phone’s storage, so that if it falls into someone else’s hands the data is protected.
If you’re using an iPhone made in the last ten years or an Android device running Android 10 or above, then you’re in luck: your device is fully encrypted by default and even the manufacturers can’t access the information on it without the correct PIN code.
You can also use iPhone parental controls to set individual PIN codes for certain apps such as your photos. Provided you set the limit to something brief e.g. one minute, no one else will be able to access the app, even if they can boot the device and bypass the encryption.
For those using an older Android device, setting up encryption is pretty simple - check out our guide on how to encrypt an Android phone - but remember this won’t protect you from other security vulnerabilities. We strongly recommend upgrading to the latest version of Android before going ahead. If your device doesn’t support this, it’s time to start thinking about buying yourself a new mobile phone.
5. Scan for viruses
Mobile devices are increasingly susceptible to malware, including ransomware. Even the Google Play Store continues to be plagued with malware, with unreputable programs attracting an astonishing 4.2 million downloads, including the ExpensiveWall hack that masqueraded as a wallpaper app.
The solution, just as when downloading software to a laptop or PC, is to be wary of downloads from less mainstream vendors and unverified sources, and to scan periodically for viruses and malware.
In this case, prevention is better than cure. Make sure only to download and install apps from the official Apple App or Google Play stores on your device. Don’t ‘root’ or ‘jailbreak’ your device to install others (see below).
If you’re an Android user, you need to be especially careful if a software vendor asks you to change your security settings to install an APK. This usually means you have to disable Android’s default security settings. Stick to apps available in the official stores instead.
Some of the best ad blockers such as uBlock Origin are available for mobile devices. Installing one should prevent most harmful links from loading in your browser in the first place.
While Windows desktop operating systems come with Windows Defender to guard against malware, mobile platforms don’t yet have a default antivirus program. The easy fix is to download and install an anti-malware app, with both iOS antivirus apps and Android antivirus apps available
6. Don’t jailbreak your phone
A subsection of iPhone users have a reputation for ‘sticking it to the man’ by jailbreaking their devices, believing that in order to get the most from their phone they need to free it from Apple’s built-in restrictions on which apps and extensions they can install. Android users can do something similar, although the term here is to root the Android device, rather than to jailbreak it.
The problem with doing either is that it enables users to download unauthorized apps that may contain malware. For example, back in 2015 the KeyRaider malware that targeted jailbroken iPhones, and resulted in 225,000 Apple accounts, including passwords, being found on a server.
That attack, however, pales in comparison to CopyCat malware that affected 14 million Android devices in 2017, and even rooted eight million of them without the owner’s knowledge. The source of the malware was popular apps downloaded from sites other than the Google Play Store.
There’s an ongoing debate between security researchers and iPhone users about the benefits and drawbacks of jailbreaking your phone.
Still, the fact remains that when you jailbreak an iPhone, you have to use the alternative Cydia app store. This store doesn’t have the resources Apple does to check each app that’s uploaded to see if it might harm your device. Apple warns specifically against it and antivirus mogul Kasperksy points out that while malware is rare on iPhones, most infections occur on jailbroken phones.
Unless you're very competent with computers, there’s also a very real danger that trying to root your Android device or jailbreak your iPhone will “brick” it, turning it into little more than an expensive paperweight.
This is particularly a concern as not all “rooting” or “jailbreaking” apps do what they say on the tin. Some might root your phone but also install spyware. Some might just be malware masquerading as a “rooting” program.
From a security standpoint, the best practice is to not jailbreak your phone, and stick with the original OS to avoid exposing the phones to malware and other threats.
Jonas P. DeMuro is a freelance reviewer covering wireless networking hardware.