Smartphone security – be informed
Smartphone security and the specific risks attached to increased smartphone use have attracted a lot of attention recently. Not only is the technology ever more sophisticated, inter-connected and beyond many people’s ken, but we rely on these phones in business and give them free access to much of what we do.
By sending information back and forth and connecting to myriad accounts and services we concentrate lots of valuable data about ourselves in one easy to intercept location. Here we outline three steps you can take today to minimise your exposure.
Reviewing connected apps & accounts
Do you run social media on your phone, using Twitter, LinkedIn, Instagram, Pinterest, Facebook etc for your business? Five minutes’ use of these platforms will show you that many people automate cross-platform posting so that every Facebook status update is tweeted and every Instagram post pops up on Tumblr – often with no accompanying information and without any suggestion of why we should want to schlep over to FB or Instagram to see it in its full glory.
There are lots of reasons for not cross-posting (from a content point of view, these platforms have different functions and audiences therefore your FB content isn’t suitable for Twitter and vice versa, and it bores audiences who follow you on several platforms to see the same content on each), but the most significant is that linking your accounts like this dramatically increases your exposure to hacking. If someone gets into one account it’s a short hop to compromise the others.
- Review your linked accounts and consciously uncouple wherever you can.
Remove apps that sell information
Downloading a free app is always a gamble (and some paid ones are risky too – do your homework before downloading). Consider how the developer is going to monetise that app: it might be advertising, it might be anonymised user data gathering or it might be simply selling on your data, with or without – most likely without – your consent.
Consider this Flashlight case. First of all, what on earth is a torch app doing asking for access to such a range of data in the first place? It gets worse. To quote the Wired article linked to above:
The FTC has clamped down on another flashlight apps [sic] for doing downloading data for advertisers without informing consumers
Trying to find out precisely what information is being gathered (as opposed to simply the scope the app requests) is very difficult, and that’s in the developers’ interest. As the article goes on to say, there’s really no such thing as a free app.
As well as that article listen to this brief podcast article from The Naked Scientists.
- Pay attention to the permissions a new app asks for and don’t download it if it’s not essential and you have concerns
Apply software updates
Do you keep on top of your phone’s requests to update apps and software, or do you automate updating? Patches and updates come out in response to changes in external elements that apps use to run (ie not something within the developer’s control), in response to security concerns and calamities, and in order to offer you a better service or user experience.
You should have the option to authorise these updates manually (and change other settings such as downloading updates only over wifi so you don’t hammer your data allowance). Setting update to manual is a good idea if you want to keep close control over updates and have the option to review what they’re asking for. You might be surprised at what’s still lurking on your phone (you can uninstall anything you feel you don’t need any more – do you really need that eBay app these days, the one with your eBay password stored in it?) and what updates are asking to access.
- Set updates to manual and review them with every update request