Protecting Your Phone from Malware
While not all that common today, malware on phones is increasing, and you should get to know what puts your security at risk.
Dealing with a virus or malware has long been accepted as an unavoidable part of life when it comes to using a computer. But what about on your cell phone? While not all that common today, malware on phones is increasing, and you should get to know what puts your security at risk.
Passcode, Smishing and Wi-Fi
Your smartphone is a very personal device. We all share and store very private things on our beloved device. Indeed, for many of us, a phone is just about the first things we reach for when we wake up, and the last thing we look at before falling asleep.
So, why don’t most of us take the time to set up a password on our phone to protect private information, should the device become lost or stolen?
Setting a password on an Android or iOS device takes but a few minutes, but it will prevent your personal information from being accessed should your device end up in the wrong hands. Not only does this simple passcode prevent someone from accessing your info, but it also prevents anyone from installing unwanted apps while it’s not in your control.
Here’s what to do:
On an iOS device, tap “Settings,” then tap “General,” followed by “Passcode Lock.” You can set a 4-digit numeric password, or turn off the “Simple Password” option and enter a longer, alphanumeric password.
On most Android devices you can set a passcode by launching “Settings” and then selecting “Security.” Depending on the version of Android, you’ll likely see a few different passcode methods. Select the one that works best for you.
From time to time you might receive a random text message claiming to be from Target, Best Buy, Wal-Mart or another major retail chain. The contents of the text message claim you’ve won a free gift card or a free device of some sort. There’s typically a link in the message for you to visit and claim your prize. This is known as “Smishing.”
Delete the messages without opening the link — it’s likely that this leads to a malicious website. Not long ago, this sort of exploit — just clicking a link — was used by the iOS Jailbreak community to gain access to the root system of an iOS device and install custom software. The same type of exploit could be used to steal information or install malware on the device.
Wi-Fi is another potential point of entry for malware and data theft. On an insecure public Wi-Fi network, anyone with the right software can intercept data you’re transmitting across the Internet. This included user names, passwords, credit card numbers, and e-mail address. One solution: Whenever you’re on a Wi-Fi network, use a Virtual Private Network (VPN). There are VPN apps available for both iOS and Android, ranging from free for a set amount of bandwidth to a pay-per-use setup. Search the Play Store or the App Store for “VPN” to find an app that works for you.
A Map of Your Life
Snapping a photo using your smartphone and posting it to Twitter or Facebook may seem like an innocent behavior, but it’s actually a gold mine of information about you.
Here’s what you might not realize: Your smartphone geo-tags your photos with your exact location using GPS. Once the photo is public, anyone with the right know-how can extract that information from the photo and find out where you live, where you work, or where your kids to go school.
If the idea of plotting out your life on a map using photos isn’t something you like, you can disable the location services for your phone’s camera app. On an iOS device running iOS 6 and up, find it under the “Privacy” option in “Settings.” Using Android, location control varies depending on the version of Android you’re running; a good place to start looking is in the settings of the Camera app itself. On my Nexus 4 running Android 4.2.2, there’s a “Store Location” option I can turn on or off at will.
Keep in mind that photos aren’t the only way to unwittingly share your location. Facebook and Twitter add your location to each tweet or status update by default. You have to opt-out of sharing your location with the respective services through your account settings page.
And lastly, sharing your location using a service like Foursquare is a fun way to let your friends know where you are and what you’re doing. But pushing those check-ins to a social network, or accepting random friend requests is a convenient way of letting crooks know when you aren’t home.
Be Aware of App Permissions
Both the App Store and Google Play represent a “safe” place for users to download and install apps. While most apps are harmless, from time to time there some bad app(le)s.
When it comes to installing apps on your phone, make sure you’re downloading from a trusted developer. Read some reviews and pay attention to the app permissions it requests (on Android). If a game is requesting access to your contact list, for example, you might want to think twice about why on earth they’d ask for such a thing. It could be something as harmless as sending out an SMS of a new high score to your friends, or it could be for malicious reasons.
For iOS users, you don’t know what permissions an app is going to request until the app needs to access something in particular. For example: Suppose you download the Twitter app and set up an account. The first time you try to post a picture, a prompt will ask you to grant Twitter permission to access your photos. If you want to find friends from your contact book who are also using Twitter, another prompt will show up asking you to grant the app permission. The same type of prompts will show up for Location, Reminders, Calendars and Bluetooth Sharing. At any time you can review which apps have access to data on your device by launching the Settings app and tapping on “Privacy.”
Some Android and iOS users like to “root” or “jailbreak” their phones so they can do more than the manufacturer intended. When you hack your phone in this way, the sky is the limit — but it comes at a price.
If you jailbreaks (iOS) or roots (Android) your phone, it creates a potential security threat. Any iOS-savvy hacker knows that the default password for root access to a jailbroken device is “alpine.” Needless to say, you should change the password if you decide to jailbreak your iOS device.
Android users don’t have to change the root password; instead, they need to be aware of what apps are requesting super user permissions (in other words, root access).
Once an app, malware or not, has root access, it can do anything and everything it wants to do with your device and the data stored on it.
As time goes on, the need to better protect our smartphones from malware, viruses and other sophisticated attacks will only increase. For now, a little bit of research, some forward thinking, and common sense will go a long way towards keeping your device safe.