In the past 15 years, smartphones have gone from a status symbol of cutting-edge mobile tech to a universal part of everyday life.
People of widely diverse ages, orientations, and socioeconomic backgrounds now often have communication devices in their pockets that are exponentially more powerful than older PCs. This ubiquity has come at a price, as now many people are never far from a mobile device that includes a plethora of sensitive data and personal information that malicious actors are looking to steal.
The Importance of phone security
In our other Cyber Primers, we have extolled the virtues of secure authentication methods and passwords, and there may be nowhere in which that is more important than with smartphones. Leaving your phone unlocked is a mortal cybersecurity sin, one that can have untold consequences if a phone is stolen. Yes, many apps have Multi-factor Authentication (MFA) and other authentication methods to secure their accounts, but many default apps (such as photos, contacts, and notes) are usually left unsecured. Phones are easy to misplace, and not having a strong password or pin to protect your data in such an event is incredibly unwise.
What are Mobile Security Threats?
Beyond the possibility of physical theft, phones are a central target for digital threats. While we have talked at length about the rise of smishing and mobile-specific phishing attacks, one of the largest threats to phone safety comes not from unsolicited mobile communications, but via application stores.
While most primary app stores like Google Play and the Apple App Store have a vetting process for whatever apps they display, some other lesser stores do not, and malicious apps downloaded from third-party app stores are a huge risk to phone safety.
These apps can contain intricate and ever-evolving malware and ransomware that can hijack your phone and force you to pay large sums of money for the return of your data and use of your cellular device. The caution mobile users should have towards downloading suspicious apps should not stop there. For one, the vetting processes of legitimate app stores are not always reliable, and independent audits routinely find malicious apps hiding in their midst. Even apps from well-known, seemingly security-conscious companies can be fallible.
A 2020 Ponemon Institute report highlighted the disparity in care organizations give to mobile security, with fully half of the companies surveyed allocating no budget to the security of their mobile applications. Taken as a whole, this information should make users practice caution whenever they download apps from any app store.
Permissions and location data: when apps ask too much of their users
For secure apps from trusted stores, there still arises the issue of app permissions. Many apps ask for specific permissions, some of which are perfectly reasonable. For example, a video conferencing app such as Microsoft Teams requires access to your phone's microphone and camera, as both are needed to be heard and seen. However, some apps require permissions that go beyond what is necessary.
Collectively, these permissions can allow these apps to harvest your personal data and sell them to willing third parties. While apps using audio and video permissions to listen and watch you without your consent is obviously terrifying, another significant phone safety risk is the sharing of location data.
Apps can use location data provided by your phone to track your exact location and your travels in distressing detail, information that can then be auctioned off to companies for location-specific advertisements, activity data, and a host of unique and deeply unsettling ends. Luckily, many apps have the ability for users to view and pick which permissions they allow, and there are ways to disable location sharing, both on specific apps and on your mobile devices in general. Be wary of what apps ask of you, and do not comply with any requests that you believe go beyond what is needed for an app to function.
Cell phones are not going away, and neither are the security concerns associated with them. While phone companies and application stores put measures in place to secure these phones, it is also up to users to practice common sense phone safety at all times.
Always keep your phone locked. If someone gets hold of your phone, tablet or computer, and there's no lock screen, the person suddenly has access to everything on your device. While some of your apps will require passwords and multifactor authentication, many apps, like your photos and notes, typically don’t.
Turn off location sharing. Location settings come in handy when you’re navigating a new city or searching for driving directions. But they also allow others to get and see information on where you’re at or where you’re going. You can turn off location settings for individual apps within your settings or turn your phone on “Airplane Mode” temporarily to disable tracking features. This is especially important for your kids and teens to be aware of.
Use official app stores only. Both the Google Play and Apple App stores vet the apps they sell; third-party app stores don’t always. Buying from well-known app stores can help reduce your risk.
Always install updates when prompted. System updates often contain patches for recently-discovered security vulnerabilities.
Using your data is safer than using public Wi-Fi. Be sure to use HTTPS websites and use a VPN if you can to minimize public Wi-Fi risks.
Monitor App Permissions. Learn the privacy settings for any device, app or service you use. Some apps might ask for permission to access photos and other personal information. Stay informed so you aren't sharing anything you don't want to. Consider deleting apps you don’t use, they still track and access even if they aren’t being used.