Improve Cell Phone Security


This is my list of things you can do to improve the security and privacy of your cell phone use. I discuss threats and include solutions to help mitigate each threat. Improving and maintaining your cell phones security is especially important if you use your phone to transact business (shopping, banking, onlne payments).

NOTE: It has become common for thieves to take cell phones as well as money and other valuables during a robbery. The criminals are tech savvy enough to demand passcodes, patterns or other verification needed to unlock the screen and gain access to the phone. With full access to a phone many security features can be disabled.

To Improve Your Cell Phone Security & Privacy:

  1. Turn off Bluetooth "discovery mode" after setting up a new headset, headphones, speakers or other Bluetooth wireless accessory.

    Cell phones use "Bluetooth", a short range wireless system to connect accessories like wireless headsets, headphones, speakers. When you set up a new Bluetooth device for the first time you configure it in "discovery mode". While in discovery mode you "pair" the phone with another device (headsets, headphones, speakers) to connect them and allow the devices to communicate with each other.

    If you leave your cell phone in discovery mode it is possible for a malicious individual to attack your phone. The following is a list of potential Bluetooth attacks.
    • Blue bugging: Blue bugging allows a malicious person to take control of your phone. Once they gain control they can do many of the same things you can do with your phone to include placing calls, send text messages, listen to conversations, forward your calls and more.
    • Bluejacking: Someone can send messages to other nearby cell phones using your phone. Imagine the potentially embarrassing and dangerous scenarios that could be created by a malicious organization or person.
    • Bluesnarfing: Bluesnarfing allows someone to gain access to your phone. The attacker could potentially read and steal your text messages, contact information, e-mail, pictures or video stored on your phone.

  2. Lock Your Phone Screen
    Use a PIN (personal identification number), pattern, password, fingerprint or other method your phone offers to lock your phone. Which method is more secure? Any method is better than NOT locking your screen. Choose the method to lock your screen you are most comfortable using. On current Android phones go to "Settings" then "Lock screen" to choose a method to lock your screen.

  3. Charge Your Phone With Equipment You Own
    Use the charger that came with your phone or a charger you purchased. Plug your charger into a standard electrical outlet. Why? It is possible for someone to modify a charging station or kiosk in a way that allows it to steal data and information stored on your cell phone. The modified charging station could also be used to upload malware or viruses to infect your cell phone. How is this possible? Current cell phones use the same "port" to transfer electrical current as is used to transfer data, information. The "port" I'm referring to is the place on your phone where you plug in your charger. It is often located at the bottom of the phone.

  4. Install Antivirus, Anti-Malware App On Your Phone
    The number of people who use their cell phone to conduct financial transactions (shopping, banking, trading stocks, making payments) is increasing each year. Malware currently exists that targets cell phones. The types, number of Malware and viruses targeting cell phones will increase as financial transactions using cell phones increase. Where there is money to be stolen there are criminals to steal it.

    There are people who assert that antivirus, anti-malware applications are not needed on cell phones. I suggest you consider an antivirus, anti-malaware app as one layer in what should be a multi layered approach to securing your phone.

    If you can't afford to purchase an Antivirus, Anti-malware app I suggest you try some of the high quality free apps currently available. Check your phones app store for availability. Free Antivirus, Anti-malware Apps for Android phones are:

  5. Use Encryption
    ENCRYPTION is the process of scrambling data or information to make it unreadable. The encrypted data or information can be "decrypted" to make it readable once again. Encryption can be used to protect the confidentiality of data or information stored on your phone to include passwords, photos, text messages, e-mails, credit card numbers, contacts and videos.

    If your phone is lost or stolen encryption will provide an additional layer of protection. Enabling the use of encryption is easy on most phones. See your phones owners manual or the manufacturers Web site support pages for specific details.

  6. Exercise Caution When Installing Apps
    Malware infected apps have been discovered on well known app stores. The most common malware infected apps are games. Some of the companies that manage app stores do not invest the resources needed to verify the security of the apps they host and distribute. Reading app reviews can help you determine if other people are having problems with an app. However, if malware and viruses are well designed they will not be easy to discover by average people. If you are NOT able to decompile and verify the source code of an app you may not be able to determine whether it is infected with malware.

    1. Install an an antivirus, anti-malware app.
    2. Download apps created by well known and established companies. Do a little research on the company before you install their app. How large is the company? How long has the company been in business? Are there any negative news regarding the company and it's products/apps?
    3. Download apps from app stores that screen and monitor the apps they host for malware and viruses.
    Before you download and install an app contact the company that owns the app store. Ask them how and if apps are screened for malware.

  7. Keep Your Phone Operating System & Apps Up To Date
    The software (operating system) that makes your phone work and any installed apps are often updated to address security, usability and performance issues discovered over time. Check for available updates on a routine basis (I suggest weekly). See your phones owners manual or the manufacturers Web site support pages for specific details. Connect to a known, secure wireless network if possible to save data usage when you update your phone. To check for updates on an Android based phone:

    1. Tap the "Settings" icon (looks like a gear) usually located in the same menu as all your apps.
    2. Tap "About phone" or "About Device"
    3. Tap "Update Center"
    4. Tap "Software Update" to update the software (operating system) that runs the phone. It may be labeled "Software" or "System" update. If you do not see these update options you may need to download updates for you phone from the support page of your phone manufacturer.
    5. Tap "Update now" to begin the update process.

  8. Enable Android Device Manager
    If you are using an Android based phone Device Manager" can help protect your privacy if your phone is stolen or lost? When enabled "Android Device Manager" allows you to remotely:
    • Change the screen-unlock password. Your current lock screen will be replaced with a password lock.
    • Locate your phone.
    • Ring your phone. Your device will ring at full volume for 5 minutes. Useful if you've misplaced your phone.
    • Add a recovery message that will show on your lock screen.
    • Add a recovery phone number. A button to call this phone number will be added to your lock screen.
    • Erase all data from your phone. A "factory reset" is performed on your phone or other device. Your apps, photos, music, and settings will be deleted. After you erase the phone or device, Android Device Manager will no longer work. This reset is permanent. It may not be possible to wipe the content of the microSD card in your phone or device. If your device is powered off or offline the factory reset will be performed as soon as it goes online.

    To enable Android Device Manager for example, on Android 4.4:
    1. Go to Settings, Security, then Phone administrators.
    2. Tap the option button next to "Android Device Manager" to place a check mark in it.
    You must enable Android Device Manager before your phone is stolen or lost. Your phone must have an active data or wireless connection to issue remote commands. Your phone must be powered on with a charged battery. If the phone is powered off or offline when you initiate a remote feature for example, a "factory reset" the reset will not complete until the next time the phone is powered on and online with Wi-Fi or mobile data enabled.

    You can find similar features on other non Android phones for example, Apple products have "Find My iPhone". Some mobile security applications also offer similar functionality.

  9. Turn Off Wi-Fi, Bluetooth & Mobile Data When Not Used
    Wi-Fi, Bluetooth and your phones mobile data connection each provide a pathway to your phone that can be exploited by a malicious organization or person with the requisite knowledge, skills and resources. Turn off Wi-Fi, Bluetooth and mobile data if you are not using these features. Another benefit of getting in the habit of turning mobile data off is you save data time & money depending on your phone carrier's contract.