Protecting your smartphones and tablets.
Why Mobile Security Matters
Your phone likely contains more sensitive information than any other device you own:
| Data on Your Phone | Risk if Accessed |
|---|
| Email | Access to password resets |
| Banking apps | Financial theft |
| Authenticator apps | Bypass 2FA on all accounts |
| Photos | Privacy invasion, blackmail |
| Messages | Private conversations exposed |
| Location history | Stalking, burglary timing |
| Contacts | Social engineering material |
| Health data | Insurance discrimination |
Lock Screen Security
Your lock screen is the first defense against physical access.
Lock Methods Comparison
| Method | Security | Convenience | Recommended |
|---|
| No lock | None | Maximum | Never |
| Swipe | None | Maximum | Never |
| Pattern | Low | High | No |
| 4-digit PIN | Low | High | Minimum |
| 6-digit PIN | Moderate | Moderate | Good |
| Password | High | Lower | Best for sensitive needs |
| Fingerprint + PIN | High | High | Recommended |
| Face + PIN | High | Highest | Recommended |
Lock Screen Best Practices
| Setting | Recommendation |
|---|
| Auto-lock timeout | 30 seconds to 1 minute |
| Lock after failed attempts | Enable after 5-10 failures |
| Wipe after failures | Consider for very sensitive data |
| Lock screen notifications | Hide sensitive content |
| Emergency info | Add emergency contact |
Biometric Considerations
| Biometric Type | Strengths | Concerns |
|---|
| Fingerprint | Convenient, hard to spoof | Can be compelled by authorities |
| Face ID (advanced) | Very convenient, secure | Same legal concerns |
| Face unlock (basic) | Convenient | Can be fooled by photos |
| Iris scan | Very secure | Limited device support |
Legal note: In many jurisdictions, you can be compelled to provide biometrics but not passwords. Consider this for border crossings or high-risk situations.
iOS Security
iOS Security Advantages
| Feature | What It Does |
|---|
| App sandboxing | Apps can't access each other's data |
| App Store review | Apps checked before publication |
| Secure enclave | Hardware protection for sensitive data |
| Regular updates | Long support window |
| Restricted sideloading | Apps must come from App Store |
Essential iOS Security Settings
| Setting | Location | Recommendation |
|---|
| Passcode | Settings > Face ID/Touch ID | 6-digit or alphanumeric |
| Auto-lock | Settings > Display & Brightness | 30 seconds to 1 minute |
| Find My iPhone | Settings > [Your Name] > Find My | Enable |
| Erase after attempts | Settings > Face ID/Touch ID | Enable (10 attempts) |
| Lock screen preview | Settings > Notifications | Show When Unlocked |
| USB Accessories | Settings > Face ID/Touch ID | Off (requires unlock) |
iOS Privacy Settings
| Setting | Location | Recommendation |
|---|
| Location Services | Settings > Privacy | App-by-app basis |
| Tracking | Settings > Privacy > Tracking | Allow Apps to Request: Off |
| App Privacy Report | Settings > Privacy | Review regularly |
| Significant Locations | Settings > Privacy > Location | Disable or clear |
| Analytics | Settings > Privacy > Analytics | Disable sharing |
Android Security
Android Security Considerations
| Feature | What It Does |
|---|
| Google Play Protect | Scans apps for malware |
| Monthly security patches | Fix vulnerabilities |
| App permissions | Granular control |
| Work profile | Separate work and personal |
| Sideloading possible | More flexibility but risk |
Essential Android Security Settings
| Setting | Location | Recommendation |
|---|
| Screen lock | Settings > Security > Screen lock | PIN, password, or pattern + biometric |
| Auto-lock | Settings > Security | 30 seconds to 1 minute |
| Find My Device | Settings > Security > Find My Device | Enable |
| Google Play Protect | Play Store > Profile > Play Protect | Keep enabled |
| Install unknown apps | Settings > Apps > Special access | Disable for all |
| Lockdown mode | Power menu | Know how to use it |
Android Privacy Settings
| Setting | Location | Recommendation |
|---|
| App permissions | Settings > Privacy > Permission manager | Review and restrict |
| Ads | Settings > Privacy > Ads | Reset ID regularly |
| Location | Settings > Location | App-by-app basis |
| Usage and diagnostics | Settings > Privacy | Consider disabling |
| Autofill service | Settings > Privacy | Use trusted manager |
App Security
App Installation Safety
| Do | Don't |
|---|
| Use official app stores | Install from random websites |
| Check developer name | Install knockoff apps |
| Read recent reviews | Ignore warning signs |
| Check permissions requested | Grant all permissions |
| Keep apps updated | Use outdated apps |
App Permission Best Practices
| Permission | When to Grant |
|---|
| Camera | Photo apps, video calling, QR scanning |
| Microphone | Voice calls, voice recording apps |
| Location | Maps, weather (when using) |
| Contacts | Communication apps you trust |
| Phone | Only if calling features needed |
| Storage | File managers, photo apps |
| Background location | Almost never |
Evaluating App Safety
| Check | Red Flag |
|---|
| Developer name | Unknown or misspelled |
| Review count | Very few reviews |
| Recent reviews | Reports of malware or scams |
| Permissions | Excessive for app function |
| Update frequency | Not updated in years |
| Download count | Very low for established app |
Mobile Malware
Types of Mobile Malware
| Type | What It Does |
|---|
| Spyware | Monitors your activity |
| Banking trojans | Steals financial credentials |
| Ransomware | Locks device, demands payment |
| Adware | Displays intrusive ads |
| SMS fraud | Sends premium SMS messages |
| Cryptominers | Uses phone for cryptocurrency |
Signs of Mobile Infection
| Symptom | Possible Cause |
|---|
| Rapid battery drain | Malware running constantly |
| Excessive data usage | Data being exfiltrated |
| Pop-up ads outside apps | Adware infection |
| Unknown apps appearing | Malware installing more malware |
| Phone overheating | Cryptominer running |
| Strange text messages | SMS malware |
| Slow performance | Malicious background activity |
Mobile Malware Protection
| Action | Benefit |
|---|
| Keep OS updated | Patches vulnerabilities |
| Only use official app stores | Vetted apps |
| Check app permissions | Limit access |
| Don't jailbreak/root | Maintains security model |
| Use built-in security features | Play Protect, iOS security |
| Be cautious with links | Mobile phishing is common |
Lost or Stolen Device
Before It Happens
| Preparation | Purpose |
|---|
| Enable device tracking | Locate if lost |
| Enable remote wipe | Protect data if stolen |
| Record serial/IMEI | For police reports |
| Enable encryption | Protect data at rest |
| Use strong lock | Prevent unauthorized access |
| Set up backup | Recover data on new device |
If Device Is Lost
| Step | Action |
|---|
| 1 | Try to locate with Find My iPhone/Device |
| 2 | Play sound if nearby |
| 3 | Enable lost mode (shows contact info) |
| 4 | If definitely stolen, remote wipe |
| 5 | Report to carrier to disable SIM |
| 6 | Change passwords for sensitive accounts |
| 7 | File police report if stolen |
| 8 | Remove device from trusted devices |
Finding Your Device
| Platform | Service |
|---|
| iPhone | icloud.com/find or Find My app |
| Android | google.com/android/find or Find My Device app |
| Samsung | findmymobile.samsung.com |
SIM Security
SIM Swap Attacks
Attackers convince your carrier to transfer your number to their SIM:
| Attack Step | What Happens |
|---|
| Information gathering | Attacker collects your personal info |
| Contact carrier | Pretends to be you |
| Transfer number | Your SIM stops working |
| Receive 2FA codes | Attacker gets your SMS |
| Account takeover | Access accounts using SMS 2FA |
Protecting Against SIM Swap
| Action | How It Helps |
|---|
| Add carrier PIN | Required to make changes |
| Ask about port freeze | Prevent number transfers |
| Use authenticator apps | Don't rely on SMS 2FA |
| Minimize public personal info | Less for attacker to use |
| Act quickly if SIM fails | Sign of attack in progress |
Carrier Security Features
| Carrier | Security Options |
|---|
| Most carriers | Account PIN required for changes |
| T-Mobile | SIM Protection feature |
| AT&T | Extra security passcode |
| Verizon | Number Lock feature |
Mobile Payment Security
Digital Wallet Security
| Wallet | Security Features |
|---|
| Apple Pay | Tokenization, Face/Touch ID required |
| Google Pay | Tokenization, screen lock required |
| Samsung Pay | Tokenization, fingerprint required |
Mobile Payment Best Practices
| Do | Don't |
|---|
| Enable biometric authentication | Store card photos in gallery |
| Keep phone OS updated | Use on jailbroken/rooted devices |
| Only add trusted cards | Share phone with others |
| Lock phone when paying | Leave phone unlocked |
| Review transaction notifications | Ignore suspicious charges |
Mobile Backup
Backup Importance
| Reason | Benefit |
|---|
| Device loss | Restore data on new device |
| Device failure | Don't lose photos and data |
| Ransomware | Recover without paying |
| Upgrade | Smooth transition |
Backup Options
| Platform | Built-in | Frequency |
|---|
| iOS | iCloud Backup | Automatic daily |
| Android | Google Backup | Automatic |
| Both | Computer backup | Manual, periodic |
| Both | Third-party cloud | Varies |
What Gets Backed Up
| Typically Included | Often Not Included |
|---|
| App data | Some app-specific data |
| Photos (if enabled) | Downloaded files |
| Settings | Apps themselves (redownloaded) |
| Messages | Some authentication tokens |
| Contacts | WhatsApp (needs separate backup) |
Traveling with Mobile Devices
Before Travel
| Task | Purpose |
|---|
| Back up device | Protect data before trip |
| Enable Find My | Locate if lost |
| Update everything | Latest security patches |
| Consider travel mode | Lock down sensitive apps |
| Note emergency contacts | Accessible even if phone lost |
At Borders
| Risk | Consideration |
|---|
| Device search | Authorities may request access |
| Data seizure | Contents may be copied |
| Forced biometric unlock | May be compelled |
| Encrypted data | May be held until unlocked |
Options for high-risk travel:
| Option | Trade-off |
|---|
| Travel with clean device | Inconvenient but safe |
| Remove sensitive apps | Balance of access and risk |
| Use strong password only | Can't be compelled like biometrics |
| Cloud storage (not on device) | Access after passing border |
Using Phones Abroad
| Issue | Solution |
|---|
| Public WiFi risks | Use VPN or cellular data |
| Charging stations | Use own charger or data blocker |
| Lost phone in foreign country | Have backup contact method |
| Local SIM | Secure your regular SIM |
Key Takeaways
- Lock your phone - Use 6-digit PIN minimum with biometrics
- Enable Find My - Essential for lost or stolen devices
- Update regularly - Security patches matter
- Official app stores only - Side loading increases risk
- Review permissions - Don't give apps more access than needed
- Protect against SIM swap - Set carrier PIN, use authenticator apps
- Back up regularly - Automatic cloud backup preferred
- Prepare for loss - Know your remote wipe and locate options
- Mobile payments are safe - Tokenization protects card numbers
- Consider border crossing risks - Travel mode or clean device for sensitive situations