Keeping your mobile phone secure
By Tom Morgan
Our top tips will help you keep the personal data on your smartphone safe and secure, and also explain how to manage app permissions.
Your smartphone is a potential goldmine for thieves and hackers. Fortunately, there are some quick and easy steps you can take to protect your personal information.
Think about all the data that's stored on your smartphone: text messages, email exchanges, browsing history, photos and videos – none of which you'd want falling into the wrong hands. Some phones will also have tracked where you've been and, in some cases, an app on your device may hold the keys to your bank account.
Thankfully, it's not too difficult to start taking precautions, and below we offer some top tips to help you protect your personal information. The steps relate specifically to iPhones running iOS11 (although older versions will be very similar) and Android 7.0 Nougat, but it will be similar for other iterations such as 5.0 Lollipop or 6.0 Marshmallow.
Just want to know what the best phones are? Take a look at our Best Buy mobile phones.
Having no password on your phone is akin to leaving your front door open. It means anyone can delve straight into your emails, photos and any other personal data stored on the device. Setting up a layer of security on Android and iOS smartphones takes less than 60 seconds, so there's no reason not to protect your device.
We recommend setting up a password or Pin – it’s harder to crack than a pattern your draw with your finger. Here's how you do it:
- Android: On an Android phone, tap Settings, then Screen lock & passwords. Select Password or Screen lock and you'll be presented with a list of options that let you choose how to unlock your mobile. Most Android mobiles will let you decide between a pattern, a Pin or a written password.
- Apple: The latest iPhones prompt you to set up a six-digit Pin right after you unbox the device. But even on older models, you can upgrade to a six-digit Pin if there isn't one in place. To do so, tap Settings, then Touch ID and Passcode.
Many Android and iOS smartphones now ship with facial recognition technology, or Face Unlock. Apple's Face ID made its debut on the iPhone X back in 2017, allowing users to 'register' their face with a selfie and unlock their mobile without a fingerprint or Pin.
Various big-name Android manufacturers have worked face unlock into their own handsets. We've seen this handy feature on the latest handsets from Samsung, Huawei, OnePlus and Asus. In terms of security, a facial recognition lock is obviously far harder to crack than a simple four-digit Pin or pattern. However, performance in low light can be mixed as the phone's front camera may struggle to scan your face.
If you want an airtight password, read our guidance on how to create secure passwords.
Smartphone brands regularly make tweaks and changes to their mobile software. This isn’t just about adding new functionality, though – these updates often contain important security fixes that protect your data from hackers. Update your smartphone to ensure it's on the latest firmware by following these steps:
- Android: Tap Settings, and then scroll to Software update. On some devices, you'll need to tap System to access the updates page. Tap Check for update.
- Apple: Open Settings, then head to General and tap Software Update.
If there are updates ready to download, you’ll need to be connected to the internet and have the phone plugged in, or with around 50% or more battery, in order to complete the download.
Both Apple and Android have their own official app stores, although some manufacturers, including Samsung, have their own as well.
Most malware that can affect a mobile phone comes from illegitimate apps downloaded from third-party app stores or other websites. It's always a good idea to stick to these official channels, where checks are in place to make sure available apps are genuine and safe to use. In other words, stick to the App Store (iOS), Google Play (Android) or another ‘official’ app store that you clearly recognise.
A mobile security app can help keep your phone clear of malware, and prevent you from falling victim to phishing scams. With these scams, you might receive a fake email claiming to be from HMRC or your bank, which try to lead you to a bogus website through a dodgy link that attempts to steal your data.
Some mobile security apps also have anti-theft features. These let you access your phone remotely through the app via the internet to help you find the location of your phone, block unauthorised access to your personal data, or even wipe it.
We've found brilliant mobile security apps that provide a strong defence against these digital demons, but also some that are too relaxed in combat.
It's worth bearing in mind that apps for iOS don't have anti-malware functionality – that's because Apple vets each app that surfaces on the App Store, to make sure it's safe.
Head to our mobile security app reviews to make the best choice for your phone.
App permissions are used to control the data each of your apps has access to. On iOS you’re able to fine-tune what each app can and can’t see. You can do the same for versions of Android from Marshmallow onwards, but not on Android Lollipop or an earlier iteration.
App permissions on Android
There are two ways to manage app permissions on Android. The first method will present you with a list of your installed apps, and you'll have the option to tap any app icon to dive deeper. Head to Settings, then Apps or Application Manager. Tap the app you want to examine in closer detail and you'll see something like this:
In our example above, the Google Drive app has access to our list of phone contacts and our internal storage. That's a logical request, as the app needs to interact with your files so it can upload a picture or video. If you want to, you can manually disable individual permissions.
You might find it easier to browse by permissions instead of installed apps. To do this, tap Settings and then Permissions. You’ll get a clear breakdown of the information you’re handing out through installed apps. If you’re unhappy with the information being requested, you can deny a specific app access.
App permissions on iOS
If you’re an iPhone user running iOS 8 or later, tap Settings and then Privacy. A list of your pre-installed and third-party apps will appear here, and you can tap on any of them to see what sort of data they’re interacting with. An app won’t appear on this page until it asks for permission to use your data.
In our example above, the Outlook app for iOS has access to Photos and is able to work using your mobile data connection.
Keep your eyes peeled for suspicious requests – a calculator app that forces access to your location or camera, for example.
Want to learn more about how each permission is defined? Our interactive tool below has been created using Google's own permissions guidelines, but the definitions also apply to iOS apps.
An app can do one or more of the following:
- Read sensitive data
- Read your web bookmarks and history
- Retrieve running apps
An app can use your device's contacts, which may include the ability to read and modify your contacts.
An app can use your device's calendar information, which may include the ability to:
- Read calendar events plus confidential information
- Add or modify calendar events and send email to guests without owners' knowledge
An app can use your device's location. Location access may include:
- Approximate location (network-based)
- Precise location (GPS and network-based)
- GPS access
An app can use your phone and/or its call history. Depending on your plan, you may be charged by your carrier for phone calls. Phone access may include the ability to:
- Directly call phone numbers (may cost you money)
- Read call log
- Reroute outgoing calls
- Make calls without your intervention
An app can use files or data stored on your device. Photos / Media / Files access may include the ability to:
- Read the contents of your USB storage (example: SD card)
- Modify or delete the contents of your USB storage
- Format external storage
Allows the app to access data from wearable sensors, such as heart rate monitors. Can receive periodic updates on physical activity levels.
Using public wi-fi networks means you don’t have to burn through your data allowance when out and about. But take care when using these free networks, as it's possible for an attack to happen when you're using unsecured wi-fi.
This is known as a ‘man-in-the-middle’ attack, and involves a hacker intercepting your logins, passwords or financial information as you use wi-fi. We advise that you avoid logging into your bank or entering any credit card or personal details while using free networks.
If you do need to check your bank account or make a payment, use your 3G or 4G connection instead – it’s much more secure. You may be using public wi-fi because you have poor 3G/4G coverage – but you're best advised to wait until the signal improves if you're accessing sensitive personal information.
To make sure your phone doesn’t automatically try to connect to wi-fi, you can turn it off using the steps below.
- Android: Swipe down from the top of the screen and tap the wi-fi symbol. It will show green when it’s activated and grey when it’s off.
- Apple: Swipe up from the bottom of the screen and tap the wi-fi symbol. A message will appear to tell you that you’ve turned off the wi-fi.
Follow the steps and advice explained above and you're far less likely to be affected by threats to mobile phones. But it's always worth remaining vigilant and on the lookout for unusual behaviour to ensure you and your data stay safe.
Thinking about upgrading your mobile phone? Click to read our expert mobile phone reviews.