Security is a very complicated issue, and we’re all just trying to keep up with the latest threats and security enhancements. This article quickly outlines 4 key security tips for smartphone users.
1. App Stores Don’t Necessarily Protect You
While they are incorrectly mistaken as such, app stores are not an exclusive, clean environment of carefully vetted apps. Many phone operating systems come equipped with one app store intended for it, and they’ll tell you that installing apps outside of those stores is ‘unsafe’.
While that is true in some cases, the reality is that there are many app submissions (partly due to updates) to app stores, and they are not vetted to anywhere near the extent they need to be in order to be considered ‘safe’.
This has been proven by malware found in the largest app stores such as Google Play, and the Apple App Store, as well as fake placebo security apps on Amazon that charge users. As always, you have to do your own research and look into the reputation of an app before downloading it.
To go the extra mile, you can prioritize open-source apps and review their source code before installing them. Fortunately, open-source apps are already significantly less likely to contain malware, as the code is publicly viewable.
It’s also possible for developers to provide a binary compiled from a source different from the source code they provided, but you can compile the app from source yourself if you don’t want to take the chance.
2. Check The URL In Your Address Bar
Thousands of people are phished every year, and one of the most common phishing methods is impersonating a known website. For example: If you want to visit Google.com, read the address bar carefully to ensure that it says ‘google.com’ and check for misspellings. If it doesn’t, then don’t trust it. If on a login page for a financial institution, check for the green padlock in the address bar. If it isn’t there, don’t use it. The green padlock denotes an encrypted connection to that website’s server.
Phished emails claim to be a legitimate organization and ask you to click a link or reply to the email with your login credentials, payment details, or other sensitive information. Never send any payment details or credentials via e-mail. Legitimate organizations won’t ask you to do that. Also avoid sending contact information and your date of birth anywhere.
3. Turn Off ADB On Android Phones (If You Aren’t Using It To Program Your Phone)
Android Debug Bridge (ADB) is a utility that enables you to load apps onto your Android phone via USB, which is useful if you’re developing Android apps and need to test them. If you aren’t doing that, you should turn ADB debugging off, as it enables people to easily load apps on your device without your permission.
4. Encrypt
Privacy and security go hand-in-hand, and encryption is essential in this day and age. Your phone is a gold mine of information that makes it easy for identity thieves to ruin your life. Why? You most likely do the following on your phone, leaving traces that could help identity thieves learn a lot about you:
- Chatting on messengers, which log messages (both on the server and on your device, so lock your messenger app if you can). Collectively, your messenger history contains a lot of information about you.
- Browsing and commenting on social media.
- E-mail: Can be used to reset passwords for various services that you use, gaining thieves access to your accounts.
Please bear in mind that encryption is useless if your phone is not locked with a password. Despite all of this, it isn’t safe to store payment details on your phone. You also need to be wary of keyloggers that may capture your passwords and send them to thieves.
The Significance Of E-Mail
If someone steals your phone, they will see e-mails from the services you use such as PayPal, Twitter, Amazon, among others, request to reset your passwords, and then approve those password reset requests via e-mail on your phone. This means that your phone can be used to take over your Internet presence and rob you blind (in the case of PayPal, and even through Facebook by sending themselves money).
This is a case for both a lock screen password, and for encryption (one or the other won’t do. It has to be both).