Keeping your mobile phone secure
By Tom Morgan
Your smartphone is a potential goldmine for thieves and hackers. Fortunately, there are some quick and easy steps you can take to protect your personal information.
Think about all the data that's stored on your smartphone: text messages, email exchanges, browsing history, photos and videos – none of which you'd want falling into the wrong hands.
Some phones will also have tracked where you've been and, in some cases, an app on your device may hold the keys to your bank account.
Thankfully, it's not too difficult to start taking precautions, and below we offer some top tips to help you protect your personal information. This advice relates specifically to iPhones running iOS11 and Android 7.0 Nougat. Older versions of both operating systems may differ in terms of controls and options.
Just want to know which are the best phones? Take a look at our Best Buy mobile phones.
Having no password on your phone is akin to leaving your front door open. It means anyone can delve straight into your emails, photos and any other personal data stored on the device. Setting up a layer of security on Android and iOS smartphones takes less than 60 seconds, so there's no reason not to protect your device.
We recommend setting up a password or Pin – it’s harder to crack than a pattern you draw with your finger. Here's how you do it:
- Android: On an Android phone, tap Settings, then Screen lock & passwords. Select Password or Screen lock and you'll be presented with a list of options that let you choose how to unlock your mobile. Most Android mobiles will let you decide between a pattern, a Pin or a written password.
- Apple: The latest iPhones prompt you to set up a six-digit Pin right after you unbox the device. But even on older models, you can upgrade to a six-digit Pin if there isn't one in place. To do so, tap Settings, then Touch ID and Passcode.
Many Android and iOS smartphones now ship with facial recognition technology, or Face Unlock. Apple's Face ID made its debut on the iPhone X in 2017, allowing users to 'register' their face with a selfie and unlock their mobile without a fingerprint or Pin.
Various big-name Android manufacturers have worked face unlock into their own handsets. We've seen this handy feature on the latest handsets from Samsung, Huawei, OnePlus and Asus. In terms of security, a facial recognition lock is obviously far harder to crack than a simple four-digit Pin or pattern. However, performance in low light can be mixed as the phone's front camera may struggle to scan your face.
To make sure you have an airtight password, read our guidance on how to create secure passwords.
Smartphone brands regularly make tweaks and changes to their mobile software. This isn’t just about adding new functionality, though – these updates often contain important security fixes that protect your data from hackers. Update your smartphone to ensure it's on the latest firmware by following these steps:
- Android: Tap Settings, and then scroll to Software update. On some devices, you'll need to tap System to access the updates page. Tap Check for update.
- Apple: Open Settings, then head to General and tap Software Update.
If there are updates ready to download, you’ll need to be connected to the internet and have the phone plugged in, or have around 50% or more battery, in order to complete the download.
Both Apple and Android have their own official app stores, although some manufacturers, including Samsung, have their own as well.
Most malware that can affect a mobile phone comes from illegitimate apps downloaded from third-party app stores or other websites.
It's always a good idea to stick to these official channels, where checks are in place to make sure available apps are genuine and safe to use. In other words, stick to the App Store (iOS), Google Play (Android) or another ‘official’ app store you clearly recognise.
Google Play Protect automatically scans all apps when you download them for malware, and periodically scans apps on your device as you use them. To find out more, open the Google Play store app, tap Menu and then the Play Protect icon.
Apple iOS doesn't have built-in anti-malware functionality, but that's because Apple vets each app that surfaces on the App Store to make sure it's safe.
Use our interactive tool to learn more about common app permission requests and how you should handle them.
An app may access either your precise or approximate location using a range of technologies, such as GPS.
You probably have your phone with you at all times, so you shouldn’t lightly give an app permission to know your location. Manage this one carefully.
An app can use your device's address book, which may include the ability to read and modify your contacts.
A lot of apps want to access your contacts. This can be legitimate, but can also be an attempt to market its services further afield. Deny if you aren’t comfortable with this.
An app can use your device's calendar information, which may include the ability to read calendar events and possibly add or modify them, too.
There’s a lot of private information in your calendar, not to mention details of your whereabouts for weeks and months ahead. Make sure the app justifies its access before giving it.
You wouldn’t let just anyone browse through your private messages or texts, so don’t give some company permission without it giving a good reason why.
It is very unlikely that an app would turn your phone into a spy-style listening device. But if there’s no clear need to give access to the microphone, don’t.
An app may want to access the photos and files stored on your device. For example, a social network may need to access your camera roll in order to enable you to share your photos with other users. If the justification for access seems spurious, however, don't allow it.
Allows the app to access data from wearable sensors, such as heart rate monitors. This could be used to give you advanced tracking information, such as with a fitness app.
As the sensor information gathered can be very detailed, however, be careful which apps are given access.
Google’s Android has more than two billion active users on smartphones and tablets, and the Google Play store has more than three million apps, all offering different services and most wanting access to your data to some degree.
Ever since Android 6.0 (also known as Marshmallow), Google has given you more oversight and control over what apps can access. If your phone isn’t running Android 6.0 (check in the settings to find out) you can only review app permissions, not turn them on or off.
Open the Settings menu and go to Apps Notifications. Then click on App Permissions. You’ll see a list of different app permission areas, such as Body Sensors, Calendar and Contacts, and the number of apps that have requested access and the number allowed.
You can click on one of the tabs and see a series of toggle switches for each app that you can turn on or off, depending on whether you want to give the app access.
So, if you installed a calendar app, for example, you can deny it permission to access something like your photo library.
Bear in mind that denying an app certain permissions may stop some functions. That calendar app may have a feature where you can add a photo to a calendar invite, for example. If you’ll never use that feature, though, you won’t need to let it access your photos.
Apple doesn’t alert you in its App Store to what permissions individual apps are requesting in the same way that Android does. However, if you have an iPad or iPhone, you have plenty of options available to manage your privacy.
Click on the Settings menu and scroll down until you see Privacy. Tap on this and you’ll see a menu covering all the key permissions that apps are requesting.
Click on an individual item, such as Contacts, and you can see all the apps that have asked for access to this. You can then control the access you want to give by sliding the toggle switches.
As with Android, bear in mind that denying permission could lead to you losing some features and functions. You can always experiment and just turn a permission off to see if you notice any significant changes. If not, then leave it off completely.
For some apps, the permission levels are more granular, such as with Location Services. You can turn Share My Location off entirely or, instead, you can toggle whether apps can track your location by any of these three options: Never, only While Using the App or Always.
Be cautious when granting an ‘Always’ permission, as this means the app can follow your location even when you aren’t using it.
In some cases, Apple also gives deeper information on how apps access your data. You may see an arrow next to the permission level.
- A hollow arrow indicates that an app can get your location under certain conditions.
- If the arrow goes purple, it means the app has used your location recently.
- If it’s grey, then the app has used it in the last 24 hours. If an app has a constant grey arrow, consider whether you are comfortable with it tracking you so frequently.
A mobile security app can help keep your phone clear of malware, and prevent you from falling victim to phishing scams.
With these scams, you might receive a fake email claiming to be from HMRC or your bank that tries to lead you to a bogus website through a dodgy link that attempts to steal your data.
Some mobile security apps also have anti-theft features. These let you access your phone remotely through the app via the internet to help you find the location of your phone, block unauthorised access to your personal data, or even wipe it.
Find out more in our in-depth mobile antivirus software guide.
Using public wi-fi networks means you don’t have to burn through your data allowance when out and about. But take care when using these free networks, as it's possible for an attack to happen when you're using unsecured wi-fi.
This is known as a ‘man-in-the-middle’ attack, and involves a hacker intercepting your logins, passwords or financial information as you use wi-fi. We advise that you avoid logging into your bank or entering any credit card or personal details while using free networks.
If you do need to check your bank account or make a payment, use your 3G or 4G connection instead – it’s much more secure. You may be using public wi-fi because you have poor 3G/4G coverage, but it's best to wait until the signal improves if you're accessing sensitive personal information.
To make sure your phone doesn’t automatically try to connect to wi-fi, you can turn it off using the steps below.
- Android: Swipe down from the top of the screen and tap the wi-fi symbol. It will show green when it’s activated and grey when it’s off.
- Apple: Swipe up from the bottom of the screen and tap the wi-fi symbol. A message will appear to tell you that you’ve turned off the wi-fi.
Follow the steps and advice explained above and you're far less likely to be affected by threats to mobile phones. But it's always worth remaining vigilant and on the lookout for unusual behaviour to ensure you and your data stay safe.