With Verizon now carrying the iPhone and the overall mass appeal of smartphones, the general public desperately needs a refresher on security for portable devices and how to protect their proprietary data.
I’ve created my top ten recommendations for safe smartphone usage. Some of these are basic, and some are pretty common sense, but sometimes all it takes is a simple “oops” to create an epic disaster.
1. Protect the smartphone itself. Much of the control you have over information on your smartphone relies on you being able to physically protect the device. If you lose the device, you have lost any information on the Smartphone, at least until you can reach a backup source. And, if someone else has the device, they may be able to get access to information on your phone, by resetting the phone, mounting it as an external hard drive, removing the media card, or by otherwise hacking your security. If you keep the phone in your pocket (or some other reasonably safe place) it is more difficult for someone else to steal information off it. Most smartphones at least have the ability to require a four digit PIN to lock the phone. This may not stop a determined attacker, but it can make the phone harder to access for the casual attack. Enable the automatic timeout to lock your device if it is supported.
2. Backup your cool data. If you have information on the phone, including pictures, phone directories, or other data, backup that data when you can. iPhones can use iTunes and MobileMe. Blackberry devices can use the Blackberry Desktop Software and Blackberry Protect. Android Phones have a variety of options as well, including MyBackup, AppBrain, or even using an app like IDrive with iTunes. More frustrating than losing your device is actually losing all of the information on the device. If you have the information backed up you can restore it back to your replacement device.
3. Be careful when you Wi-Fi. There is usually a difference between private Wi-Fi and public Wi-Fi. If you are on public Wi-Fi, like at a coffee shop or in an airport, chances are that the Wi-Fi is not encrypted, which means it is possible for someone to watch what you are doing over the Wi-Fi connection. This is simply the same rule that anyone should be following when using public Wi-Fi even from his or her laptop or any portable device. Do not do anything private over the public Wi-Fi. You should not consider your information secure. If you are shopping from your smartphone, or doing banking, or any other process where you should be worried about the security of your information, you want to make sure that you are not doing this over an unsecure Wi-Fi connection.
4. Browse wisely. If you want to use your smartphone to do banking, download your bank's app. If they do not have one, ALWAYS make sure you browse to an HTTPS site. Be careful of any shortcuts you follow, and check the link carefully to make sure you are truly at the desired site.
5. Clear your cache. Check your Android settings to ensure you are NOT remembering forms data, and NOT remembering passwords. On your iPhone, periodically "Clear Cache", "Clear History", and "Clear Cookies" from your browser (under “Settings”). If you are using a banking or shopping app, check it's settings to NOT remember passwords, and to clear that cache as well. You don't want to make it easy on someone if you do happen to have your phone stolen (or lost).
6. Find your lost smartphone. If you lose your smartphone, there are ways you can help find it. By using Blackberry Protect, Apple's MobileMe and Android's "Where's My Android" (among others) you can turn on your phone's speakers and listen for it, or find a GPS/map location for the device.
7. Think about your apps. Think about the app you are loading before you load it. And think about what level of access that app claims to need, instead of just letting it install. If you have an Android phone, for instance, you might want that cool Android screen saver app, but when you download it, it says that it wants to access phone settings, systems data, and location data. There is a clue there that this is not "just" a screen saver. Is there really any reason a screen saver should need access to your systems data OR your location? Absolutely not. Tests by security firms have shown that as many as 30% of apps in iTunes and the Android marketplace gather information from your phone and make it available in some "undesired" manner back to advertisers or other "outside" sources. So, you can still install the app, but make sure you are doing it with open eyes. This distinction is not as obvious with the iPhone, but you can use your own balance of logic and paranoia, and can at least check the reputation of developers before you just start installing random apps.
8. Be aware of your surroundings. This is not just for smartphones, but also for all phones. Be aware about what you say out loud in a public area. You may be speaking into a cell phone, but you may also be somewhere that dozens of people can hear what you are saying. Maybe calling the store and telling them your credit card number, while you are in the airport, isn't the best idea. Maybe calling your credit card company and verifying your social security number, while riding on the airport shuttle, isn't the best idea. I have personally heard both of these in the last few months, from different users. You don't have to go nuts, but a little paranoia is a good thing.
9. Check your invoice. Periodically check your cellular bill for "extra" services that you did not realize you signed up for when installing a new app. Perhaps the app itself was free, but by installing the app you didn't read the tiny print that said you also agreed to pay $9.99 a month for some licensing or update capability. If you check your bill and find these random charges you may very well be out that month's charges, but you get the chance to stop it from continuing for months.
10. Don't throw away your smartphone. You have all sorts of cool data on your phone. You have browsing history. You have cached passwords. You have an address book. You might have call logs and text messages. You probably have emails as well. You might have other information as well. Do not just throw the phone away, or drop it in a recycling bin. A significant number of phones are recycled every year, and a high percentage of those include information about the previous owner. Take the time to check your phone for any stored or cached information and delete anything private. The iPhone keyboard cache remembers things types on the keyboard to help with auto completion, but that also makes the information available to someone looking for usernames and passwords. And remember to remove any media card.
