3DSC 2.25: Smartphone Security Part III

Today’s article will follow up on yesterday’s, and cover three follow-up tasks that will greatly increase the security of your mobile device.  They are simple and easy.

Difficulty: Easy
Active Time: 15 minutes
What it Protects You From: Malware, remote exploitation, Wi-Fi tracking and sniffing

Remove unnecessary/unused apps.  Installing an app allows it tremendous access to your device.  Though apps are sandboxed on both Android and iOS devices, each app you add to your phone increases your attack surface.  Apps can compromise your privacy by collecting, transmitting (often insecurely), and selling your data.  Apps can also compromise your security; if an app has a security hole it may give an attacker or malware access to your device.  Go through your applications and get rid of anything you can’t live without, or whose function cannot be replicated by your web browser.

The most difficult part of this process will be the personal decisions you will have to make. First, you can easily remove any application that you haven’t used within the last month. The remaining applications will probably require some consideration on your part: weighing the convenience lost against the privacy and security gained. When in doubt, get rid of the app in question. You can always install it later if you find that you really need it.

Restrict app permissions:  The latest versions of Android (6/Marshmallow and 7/Nougat) and iOS allow you to have granular control over app permissions. This allows you to decide which apps have access to your phone’s camera, microphone, contacts, location data, and more.  Remember, some apps may require these functions.  A messaging app will need access to your photos if you want to use it to send pictures.  A banking app will need access to your camera if you want to use it to scan and deposit checks.  It is up to you to decide what permissions each app should have.  I recommend erring on the side of caution: when in doubt deny the permission.  If you later find the app needs that permission you can always re-enable it

  • Android: To modify these settings in Android, open Settings >> Apps.  Tap the gear icon and select App Permissions.  You will be shown Body Sensors, Calender, Camera, Contacts, Location, Microphone.  Tapping any of these will show you the apps that can currently access the selected data set.  A slider button allows you to disable access.
  • iOS:  Open settings and scroll to the bottom where the list of your apps begins.  Tapping on an app will let you manage its permissions and notifications settings.

Manage Your Wi-Fi Networks:  When your Wi-Fi is turned on it is constantly transmitting a list of the Wi-Fi networks your phone has saved.  These can reveal where you live, work, and frequent, and can set you up for a rogue access point attack.  Your set of networks is also incredibly unique and can be used to track your device.  You can defeat most of this simply by turning off Wi-Fi when you leave your home or work.  Though you should do this, it is easy to forget.  It is a good idea to be redundant and clean up your list of networks.

  • Android:  Deleting a Wi-Fi network in Android is incredibly simple.  Open Settings >> Wi-Fi.  Choose the network you wish to “forget” and tap it.  This will open a dialogue that will allow you to delete or modify the network (modifying will allow you to update the password if necessary).
  • iOS:  The iPhone operating system does not allow you to delete individual networks, except while you are connected to them.  If you have not been extremely careful about managing your Wi-Fi networks, I recommend deleting them all by resetting your network settings.  Be aware that this will delete ALL of your Wi-Fi networks and you will have to re-enter passwords for trusted networks.  To do this navigate to Settings >> General >> Reset >> Reset Network Settings.

Leave a Reply