Skip to main content

You are your phone: Why smartphone security is of paramount importance

The first smartphones weren't good for much more than checking your email. Modern smartphones are so handy that there's nothing we won't use them for – short of performing major surgery. But because smartphones are so capable and so easy to use, they also tend to amass a vast amount of information about their users. That's why you should take care to protect your phone, because you are your phone.

What's on your phone?

Because they're so personal, smartphones accumulate lots of personal information. There are the obvious things like photos and notes, which are important to us personally. But equally important are things like contacts, call and message logs, and location data. All of this can be used to build up a picture of you, the people you know, and your habits.

In some ways, however, the most powerful features of your phone are the applications themselves. Try to think of the last time you actually needed to enter your password for Facebook or Twitter. It was probably the last time a major system update was pushed to your phone. In the hands of a thief or a scammer, your phone gives unfettered access to your digital life and the lives of all the friends and family members it touches.

Who wants it?

While we talk a lot about identity theft and hackers, the biggest threat to your phone is theft – that is, someone stealing the handset itself. As an object, your phone has immediate value, and thieves know it – and indeed smartphone theft is becoming an increasing problem.

The data on your phone is another matter, and the most data-hungry people out there are advertisers. Many app developers will take code from advertising companies and insert them into their free apps. The developers get some cash, you get a free app, and the advertisers get information from your phone. Pieces of information like location and web history are useful, but advertisers also go after personal information like phone numbers and device IDs. With these, they can match you to your data and collate information from many apps and devices into large, detailed dossiers that cover your movements and habits. The NSA could learn a thing or two from these advertisers – and they probably have.

Last, but not least, are hackers and scammers. These people are looking for personal information to use for nefarious purposes, such as gaining access to your bank account, creating highly-targeted phishing attacks, or spamming your friends. Unfortunately, many app developers and advertisers do not encrypt their app's transmissions. This means that someone carrying out a man-in-the-middle attack can read all that juicy personal data flowing off your phone. We call these "leaky apps," and there are unfortunately quite a lot of them.

Hackers and scammers may also use malicious applications to steal money and data. These are mostly found on third-party app stores, though Google Play is not immune. A popular tactic is to use an application to sign victims up for recurring charges on their wireless bills, but there are worse offenders. Some applications work with PC malware to sidestep two-factor authentication on banking websites, and others simply hijack your phone – even its microphone and camera. iOS has less of a problem with malware, but there are plenty of other ways to swipe data from iPhones.

Protecting stolen phones

Your average thief will try to convert your phone into money as fast as possible and will probably ignore the information on board. Of course, it's better to not give him the temptation, so keep your phone locked with a passcode. This is a very easy step, but it will pay dividends in keeping your phone secure. Android users have a number of options to choose from, including passcodes, pattern codes, face recognition, fingerprints, and others, depending on the device. iOS also supports biometric logins on the iPhone 5S, and a simple four-digit passcode or a complex passphrase for other devices.

Also, be sure to learn about and use the tools that are available to keep your device secure when it's out of your hands. Apple's Find My iPhone service is very robust, and will let you track, message, lock, and remotely wipe your phone. Also, changes in iOS 7 mean that even after your phone is wiped, it remains locked to your Apple account. Sadly, this hasn't deterred some thieves. Just search eBay for "iCloud locked iPhone."

Android users have even more options available when it comes to stolen phones. Google provides the handy Android Device Manager, which can also track, message, lock, and wipe your device. However, your Android device will not be locked to your account like an iPhone after being wiped. If you want that kind of control, you can root your phone and use the impressive capabilities of Avast Mobile Security & Antivirus, which can survive repeated system wipes. Other security apps, like Bitdefender Mobile Security & Antivirus have a host of tools to deal with a lost phone.

Leaky apps and malware

When it comes to apps that leak your personal information, there's not much users can do besides choose apps that use SSL to secure their transmissions. Unfortunately, it's difficult to see what and how apps are communicating, but viaProtect can shed some light on the subject. viaProtect can't yet give much information to iPhone users, but on Android the service can show you where data was sent, who received it, and if it was encrypted. You could also use a VPN service when you're not on a trusted wireless network. iPhone users should activate the Advertising ID feature to limit data collection.

There are also malicious apps and attacks to consider. For Android, the best way to avoid malware is to stick to Google Play, keep your phone out of debugging mode, and don't enable app side-loading. Security apps, like those listed above and many others besides can detect malware on your device and help you remove it. Google also has some unique tools to protect Android users outside the mainstream app ecosystem. However, many malicious attacks, such as phishing, are platform agnostic. Use common sense and don't click on unexpected links, and don't assume you're safe just because you're on a smartphone.

Securing a smartphone does require some work, but it's well worth the effort when you consider that a smartphone is probably the most personal device you own. Your handset has your memories, carries your information, and knows your habits. Don't let all that be used against you – protect your phone, and protect your identity.