Mobile phone security: how safe is your phone?
THE latest research into smartphone usage by IDC suggests that nearly two thirds of users cannot resist the lure of their mobile phone upon waking up, using it immediately.
As mobile phone usage has become an unconscious act, the security of mobile devices and the personal information they contain within has grown to something of the utmost importance.
For most users mobiles and smartphones contain more intimate personal information than ever before, in one place, and often are protected by little more than a PIN code or pattern.
Our guide covers three important areas of mobile security:
Being secure in the mobile world doesn't have to be expensive, time-consuming or difficult, our guide shows you how.
Privacy and theft
Device and personal data theft
Futurologist Ben Hammersley refers to smartphones as our "robot brains". They have eliminated the need for people to have to remember anything ever again (except perhaps a battery charger).
It's little wonder then, that for most people, losing a smartphone would be like losing a small, shiny, rectangular limb.
Besides the monetary value of your mobile phone, there is a wealth of personal information on each device.
Email, Facebook, Twitter, Dropbox are all usually logged-in by default giving any dastardly criminals instant access.
If you are unfortunate enough to be a victim of theft inform the Police right away. This is important if you have mobile insurance as any policy will require this to be done at the first opportunity.
There are plenty of ways to secure your data and foil the thieves whilst the Police are trying to track it down though.
For Apple users, the Find my iPhone function, part of iCloud, allows you to locate your missing iPhone on a map and remotely lock it to protect unauthorised access to personal data.
Using Find my iPhone you can send a message to the lock screen and whoever has your phone is able to call the number displayed and that number only.
Even if the device is taken offline, it is possible to setup an email alert that tells you when the device is reconnected to a wi-fi or mobile connection.
Remember: If the device has been stolen, you need to make sure a canny thief doesn't turn off location services before the phone can be locked.
This can be done by protecting the settings for location services within the restrictions menu in settings. Set a password by going to: Settings > General > Restrictions > Under 'Privacy': Location Services > 'Don't Allow Changes'.
Once this is done, the location based services settings can't be altered unless the user knows the passcode to access the restrictions menu.
There are also other apps available to track stolen phones for Android as well as for iOS.
Cerberus (£2.99) and Anti Theft Droid (Free) are both available for Android. Hidden ($15 per year) is one of the most popular for iPhone working on iPads and Macbooks too.
The big security firms like Norton ($29.99), Lookout ($2.99 per month) and Kaspersky (£8.95) also offer all-encompassing mobile security packages.
Each offers a free version of the app and charge for more advanced security features.
All of these apps do much more than lock the phone if it is stolen.
Some of the best features are: secretly taking photos of the person using the device, remote wiping the phone, remote control via SMS, alarms, even placing a block on the device rendering it useless.
Even if you cannot get a stolen device back, there is a little peace of mind in knowing that your phone thief has gained not a smartphone but an expensive beer mat.
Privacy and app permissions
When using a smartphone or mobile device, the same rules apply with personal information that exists when using a computer.
You should never give out personal information to an untrusted source.
Additionally there are extra hurdles to be aware of when it comes to protecting personal information on a mobile phone.
Many applications like Facebook and LinkedIn like to get you connected to as many people as possible.
Often, on first use, an app will ask if you "would like to sync your contacts with your account?"
While this can be very useful, as with syncing your phonebook with an online email account such as Gmail, sometimes social apps can send out emails soliciting connections from people in your phonebook.
This may be embarrassing for you and annoying for the recipient if unintended, so it is important to realise what synchronising with your contacts means before doing it.
Legitimate apps will explain and normally have a tick box of yes/no screen offering to synchronise.
Once activated it should also be possible to "disconnect" the accounts within the phone's account settings dialog.
Facebook doesn't stop at syncing your address book however, and has more recently started syncing any of the photos on your mobile too.
Photo syncing gone wrong could be much more bothersome than accidentally syncing your contacts, however Facebook have made this 'opt-in' and so it isn't turned on by default.
To check or disable it though, see Facebook's help center page here.
You should also remember to check the permissions that an app requires before installation too.
Rogue apps often ask for extra permissions that they don't need such as access to your phone book for a bakery app.
Android users can check the permissions of all apps using the handy and open source Permission Explorer.
Although the App Store for iPhone users is much better protected from rogue apps than Google Play, Apple still allows all apps unfettered access to your contacts all the time. That's just how they roll.
Malware and scams
A recent survey revealed that Android devices account for 79% of mobile malware infections and iPhone just 0.7%.
Although the majority of apps, especially those that are very popular are entirely safe, clearly Android users need to be on the guard for suspicious software more than iPhone owners.
Luckily there are plenty of options out there, but it's often worth sticking to the ones from the big names in anti-malware like AVG and avast!
Most have free versions of the apps - that should keep Android users happy - but remember that a free anti-malware app that you've never heard of before is probably the opposite - a nasty trick from a dodgy scammer.
Avoid any apps offering 'free wallpaper', 'free music' or 'free anything'. If it seems too good to be true, it probably is.
If you are worried about mobile malware it might be worth considering combining your malware protection and anti-theft functions by using a phone protection package such as Lookout.
SMS scams and spam
Texting a premium rate number to download content for your mobile might seem like a bit of a throwback to the days of polyphonic ringtones but it remains big business.
According to mobile security firm Lookout, SMS scams have emerged as a "lead threat" to mobile users and allow fraudsters to steal millions of dollars each year from unsuspecting consumers.
SMS scams normally work either when a rogue app fires off text messages to a premium rate number owned by the fraudsters or spammers send out messages usually along the lines of:
"CAT FACTS, YOU HAVE SUBSCRIBED TO CAT FACTS. TO STOP RECEIVING FACTS ABOUT CATS, TEXT 'STOP' TO 823433. (£12 per message)"
There are also phishing texts, similar to emails that purport to come from a trusted institution, usually a bank, asking you for account or personal information. You should never reply to these messages.
More recently the amount of spam messages related to PPI and pension reviews has grown to new levels of annoyingness too.
You can check where a message has come from by using the search function at the PhonepayPlus website, a regulator for premium rate services in the UK.
To complain about marketing texts, you should contact the ICO.
How can you avoid these scams?
In the first instance, never download apps that offer 'free' wallpaper or ringtones as they are a big source of the malware that run SMS scams.
The Information Commissioner's Office issues the following advice to deal with SMS phishing:
- Be careful about who you give your number to
- Don't put your number anywhere on the Internet
- Check privacy policies and marketing opt-outs carefully
The ICO also suggests replying "STOP" to prevent further messages.
Whilst this is a good tactic to stop premium rate subscription services, it might not work to stop spam texts as it simply confirms to the spammers that the number is active and could increase the amount of text-junk in your inbox.
If the messages are not charging you but are simply spam, ignoring and deleting them is the most straightforward tactic but if the spam gets too much, contact the ICO or your mobile network, who may be able to take further action.
Parental controls and protection for kids
Adult content/Parental controls
Mobile networks block adult or unsuitable content by default and require you to opt-in, usually verifying via credit card in order to turn off the restrictions.
This won't prevent access to unsuitable content when a mobile device is hooked up to unprotected wi-fi however.
Further protection using a third-party app with parental controls can be helpful when mobile phones are being used by children.
Norton Family or Kids Place is often recommended for parents wishing block access to adult material online, prevent app downloads, texting, making calls or other functions that little hands might be tempted to alter.
iPhone users can control access to a wide variety of phone functions including mobile internet, installing apps, cameras and other privacy settings using the iPhone Parental Controls menu which can be found under Settings > General > Restrictions.
In a theft scenario most users are more than happy to allow the phone to reveal all to the outside world.
While location-based services can be very useful, there are other possible risks with being able to find out the location of a device and, potentially its owner, particularly if it's being used by a child.
Wi-fi receivers, GPS sensors and mobile networks all surrender location-based information if allowed to operate unchecked.
To power Google Now, Android collects location data about your whereabouts via wi-fi, even if not connected to any wireless network.
These settings can all be controlled via the location settings menus on your handset.
O2 goes further offering parents the ability to control location-based services on their child's phone by calling an automated response line.
In-app purchases generate significant revenues for developers who can make hundreds of thousands of dollars a month encouraging customers to purchase faster cars for racing games, weapons packs for adventure games or more functions for a scientific calculator.
They even hit the headlines after a spate of cases where young kids playing games on mobile devices have innocently racked up bills that would rival a rap star's check for room service.
Most recently a five-year-old boy, Daniel Kitchen, spent £1700 on weapons packs playing Zombies vs Ninja on his father's iPad.
"I was worried and I felt sad. I'm banned from the iPad now." Daniel Kitchen told the BBC.
Apple refunded these "unintentional purchases" but the only certainty to come out of the episode is that the boy will never be allowed to use the iPad again.
Would Apple refund the parents if it happened twice? No one can be sure. Thankfully however there are a number of steps you can take to ensure that mishaps such as these are prevented.
iPads or iPhones - Apple iOS devices have a 'Restrictions' menu within 'Settings' that gives you the option to turn off in-app purchases completely or, if you need to make purchases yourself but want to prevent the kids from spending the mortgage payment on zombie repellent, it is possible to set the device to ask you for a password before purchasing anything.
Android - Google offers similar PIN-protected restrictions for the Play store. By opening the Play store app and going into the menu on the top right, within 'settings' turn on the option to 'Set or change PIN'. Any purchase will require the PIN to be input before continuing.
Meeting the mobile security challenge
Many of these things can at first seem like a lot of hassle, but once set up, a lot of the security and protection features outlined above will happily purr along in the background.
Please read our full disclaimer for important information that relates to the service we provide and your use of this site.
We aim to provide free reviews and comparisons of consumer products and to keep our editorial content as objective as possible. To keep the site free, we are paid by some providers when new customers take products after they've clicked on our links. We don't allow our editorial content to be affected by those links, however we may not include all of the products available in the market. Finally, we do not submit or process any applications for any products or services and we cannot guarantee that any product or service listed on this website will be available to you. Credit providers make the final decision on whether an application for credit will be accepted.
If you would like to get in touch with us you can contact us here.