Here is an article I wrote a few years ago about securing smartphones:
I remember the first time I noticed it. I was at a stop light, and I glanced down at my phone. I saw the pop-up say it was connecting to an AT&T Hotspot. As I looked around at all the businesses and restaurants at the corner wondering which store it was connecting to, I had a thought. “How often does this happen as I drive through the city? How about when I am in a store with my phone in my pocket? What do I need to do to secure my smartphone?”
This sounds like it could be a whole other website, and it many ways it could. Smartphones are computers. They have all the same things computers have, just in slightly different form. They have CPUs, RAM, displays, keyboards, and long term storage – in the form of flash memory. They also have an operating systems, be it Android, iOS, Windows Phone, Blackberry, or something else. And as such, it has all of the security risks of your personal computer.
So you ask, what do I do for security. Well here are some steps you can take to help secure your phone.
1. Lock the device with a PIN. A PIN is like a password. It won’t guarantee your device’s security if someone really wants to get into it, but it helps. And if you are thinking, “Oh, I already put in a 4 digit PIN;” that has bought you and hour… maybe. Seriously, that is about how long it takes to crack a 4 digit PIN. So go with something longer; just follow all the normal password rules – no birthdays, phone numbers, drivers license numbers, social security numbers, etc….
Oh and if you have a touch screen, wipe it off once in a while. People have been known to use the smudges to figure out what you type in.
2. Disable WI-FI when not in use. Unless you are actively using the Internet or email, disable your WI-FI. Constantly connecting to unsecured networks (or even carrier specific secure ones) over WI-FI isn’t just a drain on your battery, it’s a security risk. There are all kinds of bad people out there waiting for unsuspecting devices to join a nearby network so they can hack their device.
3. Install security software. I don’t care how secure the carrier, manufacturer, or your best friend said your phone is, install security software on it. Things are always slipping through the cracks, so add an extra layer of defense.
4. Do not Root/Unlock/Hack your phone. A common thing to do is “root” your phone. This is a process of disabling certain manufacturer or carrier restrictions giving you uninhibited access to your phone. Sometimes this is necessary to change carriers or access “other” app stores. Some people will do this so they can install a newer version of the phone’s OS that the carrier hasn’t made available. Doing this opens up a lot of security vulnerabilities.
5. Use official app stores. There are lots of unofficial sources of apps out there. Many of them can not get approved by the official ones. Sometimes it is because they compete directly with an official app, but more often, they do not follow correct development procedures. Shoddy coding is not something new. Bad apps often introduce security issues. And then there is all the malware out there looking to compromise your phone. You should also consider putting a separate password on your app store purchases.
6. Backup your data. Just like a PC, the data on your phone should be backed up. Some hackers abide by the principle “If I can’t have it, nobody can.” In other words, if they can’t hack your phone, they will settle for erasing it – a much easier task.
7. Be wary of unsecured WI-FI. WI-FI is a great way to use the Internet on your phone without running up data charges. However, so many businesses just hang a wireless access point out there with no security and advertise free WI-FI. Hackers love that. They may compromise the access point or just wait around for unsuspecting users with unsecured phones to connect.
With the rise of smartphones and tablets, users need to be just as cautious with these devices as they are with personal computers storing personal financial information. Your whole world can be undone with one malicious software package or one bored hacker.