Protecting Your Smart Phone, the Basics

iPhone

  1. Don’t jailbreak, a not jailbroken iPhone is a pretty secure device.
  2. Use PIN code Settings -> General -> Passcode* *(and not something like 1234)
  3. Make sure data is really encrypted – default since iPhone 4 (which have hardware encryption). If you have an older version go to Settings -> General -> Passcode and look for “Data Protection is Enabled” on the bottom.
  4. Don’t install any profiles you’re not absolutely sure about. I saw that some ads company started to use these profiles in order to overcome the App Store restrictions. If you see something like this don’t approve it unless your absolutely sure. Here’s some more info about the danger of malicious profiles.
  5. Consider using alphanumeric passcode by setting “Simple Passcode” to “Off”
  6. Don’t use Consider not using “Find My iPhone”. This is a trade off, “Find My iPhone” is really great tool for finding your lost phone. But, there is a 1 failure point which is your apple ID. Accessing it will gives attackers your exact position and an easy way to wipe all of your phone data.

Android

  1. Don’t root your phone
  2. Use a screen lock
  3. Encrypt data – works better from Android 4.0 and above, might affect performance (it does not encrypt external SD card)
  4. Use a security app like Lookout or AVast – it’s free!
  5. Don’t install an app unlesss you have decent amount of confidance in it, also check the permisisons it requires. Remeber to uninstall it if it’s useless.

We all know that Android is open and its apps needs no approval, which make it more vurenable by nature. This openness has another aspect of vurnability, external SD cards will have variant quality and because of that the Android OS doesn’t encrypt it. It can’t promise a good enough performance on cheap external memory. Which make sense in a way, your somewhat compromising security by being open.

Windows 8 Phone
Never had a windows 8 phone only 7.5, but it’s obvious that Microsoft is batting big on their most loyal enterprise consumers, that need enterprise security. From reading online it seems that it has a built in encryption but not for the SD card (same as Android).

Common sense still applies.

  1. Use screen lock 
  2. Encryption is built in for you, just don’t save anything important on the external SD card.

Guy A

Read more posts by this author.