Mobile Devices

Smartphones have revolutionized many aspects of life. For many of us, smartphones are the primary means of communication, entertainment, and access to knowledge. But while they've brought convenience to a whole new level, there are some ugly things going on behind the screen. Geo-tracking is used to trace our every move. And then there's the malicious apps, lack of security patches, and potential backdoors.

0 out of 18 (0%) complete, 0 ignored

Done?	Advice	Level	Details
Ignore	Encrypt your device	Essential	In order to keep your data safe from physical access, set up a strong passphrase for your smartphone. All data is encrypted when the phone is locked, and decryption is tied to the user’s password or biometrics. This will mean if your device is lost or stolen, no one will have access to your data. Take a look at which OS versions can be easily hacked if someone has physical access to your device.
Ignore	Keep smartphone updated	Essential	Apple typically provides iOS updates for 6 to 8 years. Google Pixel Series has 3 to 7 years, depending on the model. Samsung, OnePlus, Xiaomi, OPPO can offer 2 to 5 years of updates for certain flagship models. The countdown starts from a device’s release date.
Ignore	Keep your primary number private	Essential	Your phone number should not be used for authentication purposes, yet every second website wants it. Make sure the number that your bank and payment provider knows is not the same one you use daily. Setting up a prepaid e-SIM is the most reliable option. There are services that allow you to create and use virtual phone numbers, but each has its own reliability concerns and caveats.
Ignore	Turn off connectivity features that aren’t being used	Essential	When you're not using Wi-Fi, Bluetooth, NFC or any other wireless features, turn them off. There are several threats that utilise these features. On an iPhone, Wi-Fi and Bluetooth can be turned off in two ways: temporarily via Control Center or permanently via Settings. Use the Shortcuts app to create automation routines that disable Wi-Fi and Bluetooth under specific conditions.
Ignore	Keep app count to a minimum	Essential	Uninstall apps that you don’t need or use regularly. Apps often run in the background, slowing your device down and collecting data. When an application is allowed to show notifications, it also automatically enables silent remote activation of the app to process any requests from the app backend. While this is technically required for notifications to work, there are cases where it is also used for user tracking.
Ignore	Only install applications from official sources	Essential	Applications on the Apple App Store and Google Play Store undergo at least minimal checks before publication, making them less likely to contain 100% malicious code. Anything you download and install from sources claiming "free" games or software will be uncharted territory.
Ignore	Always limit application permissions	Essential	Don’t grant apps permissions that they don’t need. Both iOS and Android have wide permission controls, running applications in a sandbox and allowing access to only certain sensors. Increase your awareness if an application requests access to any of these: Location, Notifications, Accessibility Services, Microphone, Camera, Contacts, SMS and Phone, Storage/Files, Calendar, Bluetooth, Local Network.
Ignore	Be careful with USB charging cables	Essential	Hackers can physically "upgrade" public charging stations to install malware on your smartphone or tablet through a compromised USB port. Always deny if your device asks you if you allow to connect, but you only wanted to charge. BadUSB is a family of attacks, where attached device can simulate keyboard and external storage. Now these microchips are so small, that they could be included in a cable.
Ignore	Secure your SIM card	Essential	Go to your phone’s settings and enable SIM card PIN lock, and change the default PIN. This will require a PIN each time your phone restarts or the SIM is moved to a new device. SIM hijacking occurs when an attacker fraudulently transfers your phone number to their SIM card, gaining access to your calls and incoming SMS. Contact your mobile operator and ask for a "No Port Freeze" or setting "Port-Out Authorization PIN/password". If possible, request that SIM swaps can only be done in person at a carrier store with proper ID. This mostly prevents unauthorized changes to your account. Ensure the password doesn't look like random characters (3-5 words is best). The reason is that it would be verified by a human operator, and a hacker can try to say "I just entered gibberish".
Ignore	Opt-out of caller ID listings	Optional	To keep your details private, you can unlist your number from caller ID apps like TrueCaller, CallApp, SyncMe, and Hiya. This requires a request to each of these providers.
Ignore	Opt-out of personalized ads	Optional	You can slightly reduce the amount of data collected by opting out of seeing personalized ads. On iOS, go to Settings > Privacy & Security > Tracking > Allow Apps to Request to Track. Then Settings > Privacy & Security > Apple Advertising > Personalized Ads. On Android, go to Settings > Privacy > Ads > Opt out of Ads Personalization. Review all other available options and reports in Privacy Settings on your smartphone to understand them.
Ignore	Erase after too many unlock attempts	Optional	To protect against an attacker brute forcing your PIN, set your device to erase all the data after too many failed login attempts (it's 10 for iOS and 15 for Android). This works bad if you have a small kid.
Ignore	Check installed apps for trackers	Optional	εxodus is a web service that lets you search for any app and see which trackers are embedded in it and what permissions (Android only) it requires. It's kind of a rabbit hole, since most applications request too much, and if you ask support why, it's very hard to get any meaningful answers.
Ignore	Reduce background activity	Optional	For iOS, go to Settings > General > Background App Refresh and toggle off Background App Refresh globally or for all but chosen apps. Do the same at Settings > Privacy & Security > Location Services. For Android, go to Settings > Apps or App Management, and disable Background Data to prevent the app from using data in the background. At Settings > Battery > Battery Optimization page, you can restrict the app's ability to run in the background.
Ignore	Avoid custom virtual keyboards	Optional	It is recommended to stick with your device's stock keyboard. If you choose to use a third-party keyboard app, because it is awesome and free, think: why is it free? Google has Gboard keyboard for iOS users, Microsoft has SwiftKey keyboard, and many others exist. Keep the stock keyboard; it has swipe, cursor, and many other abilities you can configure.
Ignore	Turn off your device when unused	Optional	When you restart or turn off your device, before it's unlocked for the first time, it's in the state which is the most hard to hack into. While a sleeping/locked device would also ask to authenticate, it's not the same. Restarting your phone at least once a week will clear the app state cached in memory and even may run more smoothly after a restart.
Ignore	Watch out for Stalkerware	Optional	Stalkerware is malware that is installed directly onto your device by someone you know, or comes as a pre-installed application on a new Android smartphone. Review the list of installed apps on your device. Look for unfamiliar or suspicious applications, especially those with generic names like “System Service” or “Device Cleanup.” Uninstall or additionally investigate any app that you do not recognize or remember installing.
Ignore	Consider running a custom firmware	Advanced	If you're concerned about your device manufacturer collecting your information, consider switch to a privacy-focused custom firmware. GrapheneOS runs on Google Pixel with Android app compatibility. No Pixel? Consider LineageOS, or /e/OS, or CalyxOS.