Having your smartphone hacked feels like someone robbed your house. Your smartphone doesn’t just hold your valuables; it signals to intruders which of your valuables are the most important to you. If something is on the phone you always have with you, then by definition, it’s meaningful. This massive invasion of privacy is a gross violation of your personal space, and it may take time to figure out what is missing.
Smartphones, small devices that are constantly online sending and receiving signals, are always a target for criminals. To keep your phone and its contents safe and secure, you need to develop a strategy for protecting your personal information. Here are some tips on how to protect your smartphone from hackers and intruders. The examples below are derived from an iPhone 12 Mini running iOS 14.3 and an LG V40 ThinQ running Android 10.
Update your OS and apps
Software companies are constantly updating software, and many software updates and bug fixes contain security improvements that help guard your smartphone against data breaches and intrusions, or close off vulnerabilities, making it harder for hackers to break in. When an update is announced for your smartphone’s operating system or for any of the apps you use, install it immediately, or better still, set up automatic install for all.
Avoid public Wi-Fi
Everyone should be aware of the dangers of using open Wi-Fi, because the free Wi-Fi of shopping centers, cafes, airports, or any other public venue, is open season for all kinds of online mischief. Try to use only your private cell connection whenever possible and switch off Wi-Fi on your mobile phone altogether whenever you are in a public place. If that is not possible, consider using a VPN app, a utility that tunnels network communications through an encrypted connection. But choose carefully — not all VPNs are equal in quality. Also, consider disabling Bluetooth while you’re out and about unless you are wearing a smartwatch that requires it.
Lock your smartphone
Always engage a four or six-digit passcode to enter your device. Passcodes may not be super convenient, but peace of mind dictates that if your smartphone falls out of your pocket while you’re trying out new sofas at Ikea, the first person who picks it up should not be able to get your life story from your email, contacts, photos, and banking information. Consider setting an even longer passcode with both numbers and letters. Not a big passcode fan? No worries. Fingerprint scanning and Face ID are easy, fast alternatives to punching in numbers. While you’re at it, make sure apps with personal information are also locked behind passwords.
Keep your mobile phone number private
Just like you wouldn’t give out your old landline phone number to anyone who asked for it, don’t automatically offer your mobile number to any app that prompts you. The more places that have your number, the more vulnerable you are to SMS intrusions and scams, and even invasion of your protected 2FA accounts. Consider adding a second line to your mobile phone. Google Voice is an excellent way to shield your phone number from online miscreants, as are apps like Sideline, Line2, and Hushed, which facilitate adding a second line to your mobile phone.
Don’t overshare on social media
While it’s fine to use your real name on social media outlets like Facebook and Twitter, avoid sharing a ton of revealing information about yourself on social networks. Avoid listing home towns, specific addresses, specific work locations, phone numbers, family names, and other details hackers can use to track you. These days, Facebook lets you conceal the vast portion of information about yourself with its privacy settings and tools, including most photos, friend lists, and more. Curate and streamline your feed to get rid of old, outdated information that may reveal more about you than you’d like. Revoke permissions and ditch apps on Facebook that you no longer need or use. Better still, use Facebook on your home computer, as opposed to accessing it on your phone, if you can.
Don’t store personal information, documents, or files on your phone, and limit the number of geotagged photos in your Camera Roll or Gallery. Make a habit of keeping your phone relatively pristine by offloading images and documents to your computer, and eliminating confidential emails from financial, employer, and health-related accounts.
Use two-factor authentication
Here’s another obnoxious security measure that most people can’t stand. Two-factor authentication (2FA) is hated because it requires an extra step, and it’s really a pain if you forget to have your phone or watch nearby. But like passwords, it serves a purpose by providing an extra layer of protection in case someone gets ahold of your password.
Use strong passwords
Everyone hates passwords. But when it comes to assigning them, don’t take half measures. Use only strong passwords that are not easily cracked by hackers. They should contain at least 16-20 characters with a mix of letters and numbers, upper and lowercase letters, and symbols. Brute force password crackers can dismantle many strong passwords, but making it easy for hackers by using your birthday, your pet’s name, or the same password for everything is a truly terrible idea.
There are plenty of secure password generators online, so you don’t have to think them up for yourself. Change your passwords every six months to a year, or as soon as you hear about a data breach of any program you use. Oh, and a word about security questions: Lie. Do not answer security questions honestly, and change your answers for different setups. You can use a password style answer for such questions — comprised of letters and numbers — instead of your first pet’s name, for example. This makes it harder for hackers to figure out how to break into your phone based on public information about you online.
Beware of spam and phishing emails
One of the easiest ways for hackers to invade your phone and access your information is through your email inbox. Phishing scams are designed to trick you into handing over access to your accounts. Avoid clicking on links in promotional emails, opening suspicious attachments, or running app updates prompted through email. Do not try to access financial accounts through random emails, but instead, go directly to the financial institution website and sign in with a proper username and password.
Use built-in device protections
They’re not called “smartphones” for nothing. If your phone gets lost or stolen, you can contain the damage using device tracking services, such as Find My iPhone and Android’s Find My Device, that can locate your missing phone on a map and, in some cases, automatically erase it. These services can also make your phone ring to help you locate a device you have temporarily misplaced. You can also arrange for the phone to delete all information after a set number of incorrect passcode tries.
Use an antivirus app
Hackers favor malware to steal passwords and account information. But you can combat that with a smartphone antivirus app — some of which are offshoots of popular desktop apps like Avast, McAfee, and Panda. The smartphone app variations provide enhanced security by ensuring apps, PDFs, images, and other files you download aren’t infected with malware before you open them.
Manage app permissions
Check the apps on your phone to determine whether they have more privileges than they need. You can grant or deny permissions like access to the camera, microphone, your contacts, or your location. Keep track of which permissions you gave to your apps, and revoke permissions that are not needed. For iPhones, go to Settings > Privacy, where you’ll see a list of all apps and the permissions you’ve granted to them. The exact path to app permissions on an Android device depends on the device, but on a Google Pixel you’ll find them in Settings > Apps & notifications > Advanced > Permission manager or on a Samsung Galaxy look in Settings > Apps > App permissions (via the three vertical dots at the top right).
One thing you need to be vigilant about is being prepared for the worst by making sure your phone is backed up to protect critical documents and images in case your phone is lost or stolen. We have a guide on how to back up your Android smartphone and also how to back up your iPhone. At least that way, if your phone is lost or wiped, you can still access those precious photos or files. If your iPhone is backed up, you can program it to automatically wipe after 10 consecutive unsuccessful passcode tries.
Know where your apps come from
Don’t just download any old app to your phone. While your choice of iPhone apps is limited to Apple’s App Store, which vets all apps sold on the platform, it is easier to sideload apps on Android, which simply means downloading and installing them from a source other than the Google Play Store. However, you do have to dig into the settings and allow it. The best way to avoid malware on Android is to stick with the selections available from the Google Play Store, which are vetted by Google. Never download apps via text message, as that is an infamous method hackers use to inject malware directly into your phone.
Steer clear of public chargers
Charge your phone only on trusted USB ports like your computer and in your car. Using USB charging ports in public places like airports, public libraries, or coffee houses will expose your private data to cyberattacks from lurking cybercriminals. Tote your outlet adapter along in addition to your USB cable if you’re traveling. A USB adapter will also safeguard any personal information on your phone from cyberattacks.
While jailbreaking lets iPhone owners access apps and software not available in Apple’s App Store (a real no-no in Apple Land), it also exposes your phone to viruses and malware. If you decide to jailbreak your phone, you’ll be out of favor with Apple support resources. They will void your warranty, and Apple personnel will probably not be able to assist you if something bad happens.
When you are proactive about putting proper safety precautions in place, you can rest assured that you have taken every measure within your power to safeguard personal and sensitive data from cyberattacks. This makes it much less likely that thieves will be able to steal your identity, delve into your personal life, siphon off your money, control your phone, and generally make your life miserable.