Just like computers, smartphones have their security flaws. There have been many examples of Android breaches, with the Kapersky Security Bulletin providing the recent example of the Android version of the Pegasus mobile espionage software, known as Chrysaor.
While the consensus is that Apple’s iOS is more secure than Google’s Android OS, all phones remain vulnerable to the latest chip vulnerability to be exposed: Spectre. Additionally, in September alone last year Sophos Labs found that more than 30% of the ransomware it identified was on the Android platform, and there are an estimated 10 million Android apps that are categorized as ‘suspicious.’
Given the rise of mobile malware, users need to be constantly vigilant and make sure that their phones are secure, and here are six ways you can do that.
1. Lock your phone
Enabling a phone to lock itself when not used for a short period is a cornerstone of keeping the device secure. When the phone is locked, it prevents others getting access to the device, and all of its data data and apps. While years ago locking your phone was a bit of a pain, modern smartphones offer a variety of unlock options, including fingerprint sensors and facial recognition, so you no longer have the excuse that it’s inconvenient to have to unlock the phone when you want to use it.
When you configure the lock settings you can specify the number of minutes before your phone locks, so specify a short interval of only a few minutes to make sure an unattended phone is locked down if found. The phone should also default to the lock screen after a restart, and require a PIN, not a fingerprint or other less secure shortcut, for the initial unlock to offer a higher level of security.
2. Keep the OS up to date
Android users continue to face the fragmentation of their OS. The most common version of Android in use as of February 2018 is Nougat (7.0, 7.1), with a 28.5% market share, but only 1.1% of Android phone users are running the latest version, Oreo (8.0, 8.1), while the five-year-old KitKat (4.4) still soldiers on with 12% of the market, according to Fossbytes.
The situation is better, but far from perfect, in the Apple camp. While the latest version of iOS, 11.2, does have the highest market share at 70%, there’s a persistent minority of users still on earlier versions, such as the 10.1% who are on version 10.3, which is approaching a year old and doesn’t offer all the latest security updates.
Android users continue to be quagmired between phone manufacturers not releasing the latest updates for their handsets, and then carriers not rolling them out, leaving users potentially vulnerable to new threats, a situation that Google is seeking to address with its latest attempt to facilitate Android updates, Project Treble.
Our recommendation would be that if your phone is no longer being updated, then it’s time to start shopping for a new one. When looking for a new smartphone, in addition to other features, look for a phone that’s likely to receive updates over the long term. This makes an argument for choosing a more popular flagship that’s more likely to get plenty of update love over its lifetime, or a Google Pixel phone that will be well supported with updates.
3. Avoid insecure brands
Some phones have a reputation for receiving more frequent updates, such as the aforementioned Google Pixel line, and Apple iPhones that continue to get updates for several years. However, with other smartphones it’s quite the opposite.
In February the issue of phone security reached the level of a congressional hearing in the US, with intelligence officials warning that phones from Chinese manufacturers Huawei and ZTE should be considered insecure, and going so far as to accuse these phones of spying on US citizens. And last year budget phones from Blu were pulled from Amazon due to privacy concerns.
In general, sticking to more mainstream brands that have a high profile in the market, rather than second- or third-tier products, is the safer choice.
With all the data that’s on your smartphone – emails, contacts, financial apps and more – it goes without saying that if the phone is lost or stolen you don’t want a crook gaining access to it. The solution is to encrypt the phone’s storage, so that if it falls into someone else’s hands the data is protected.
Thankfully, setting up encryption is pretty simple – just follow our handy guide.
5. Scan for viruses
Mobile devices are increasingly susceptible to malware, including ransomware. Even the Google Play Store continues to be plagued with malware, with unreputable programs attracting an astonishing 4.2 million downloads, including the ExpensiveWall hack that masqueraded as a wallpaper app. The solution, just as when downloading software to a laptop or PC, is to be wary of downloads from less mainstream vendors and unverified sources, and to scan periodically for viruses and malware.
While Windows desktop operating systems come with Windows Defender to guard against malware, mobile platforms don’t yet have a default antivirus program. The easy fix is to download and install an anti-malware app, and we have recommended choices from reputable vendors for both iOS and Android.
6. Don’t jailbreak your phone
A subsection of iPhone users have a reputation for ‘sticking it to the man’ by jailbreaking their devices, believing that in order to get the most from their phone they need to free it from Apple’s built-in restrictions on which apps and extensions they can install. Android users can do something similar, although the term here is to root the device, rather than to jailbreak it.
The problem with doing either is that it enables users to download unauthorized apps that may contain malware. For example, back in 2015 the KeyRaider malware that targeted jailbroken iPhones, and resulted in 225,000 Apple accounts, including passwords, being found on a server.
That attack, however, pales in comparison to the more recent CopyCat malware that affected 14 million Android devices, and even rooted eight million of them without the owner’s knowledge. The source of the malware was popular apps downloaded from sites other than the Google Play Store.
From a security standpoint, the best practice is to not jailbreak your phone, and stick with the original OS to avoid exposing the phones to malware and other threats.
Security Week by TechRadar Pro is brought to you in association with CyberGhost.