Mobile Security

Avoid Questionable Mobile Apps

It is important to make sure a mobile app is reliable before downloading it. Detecting malicious apps is not always easy, but here are a few steps you should take before downloading an app.

Android users have the highest risk of downloading malicious apps. Researchers at Kaspersky found over 200,000 samples of mobile malware at the Google Play store and additional sources, in 2013. The malicious malware is often used as a multiplier, sending text messages containing malicious links to the contacts saved on the phone, or stealing other personal informational directly from the infected phone.

When the app Flappy Bird was removed by its owner, hackers used the app's popularity to their advantage by creating similar looking apps. Nearly 80 percent of these spoofed apps contained malware.

We suggest sticking with just the Apple App Store and the Google Play Store. Most third party app stores are best to avoid. Your phone manufacturer may also have their own app store, and some of these are good, but it is best to be wary of them as well.

Apple app store logo

  • Read the reviews.
  • Only download from legitimate app stores - other places to get apps aren't as safe.
  • Research the app's publisher.
  • Enable the "verify apps" tab in the security settings.
  • Do not activate "developer mode" on your phone.
  • Secure the service with anti-virus software.

Protecting Mobile Devices

With the growth in smartphone usage around the world, issues surrounding mobile security have grown as well. It is more important than ever to arm your mobile devices with protective software. The largest target for attacks on mobile devices is Google's Android operating system, due to the rapid expansion and market penetration of Android smartphones.

Mobile Security Software

When considering mobile device security software it is vital to pay attention to what protection and features are offered.

                     

  • Avast Mobile Security
  • Bitdefender Antivirus
  • Lookout Security & Antivirus
  • McAfee Security & Power Booster Free
  • Kaspersky Mobile Antivirus
  • Sophos Free Antivirus and Security
  • Norton Security and Antivirus
  • CM Security Master

  • Antivirus
  • SIM card locks (Android includes this now)
  • Real time protection
  • Quarantine section
  • Remote lock
  • Device scream
  • Ability to locate and track lost devices
  • Remote wipe
  • Blocking of malicious codes on sites
  • Phone app scans

Secure Your Lock Screen

Smartphones contain a wealth of your personal information, ranging from personal messages and photos, to bank information. In the event of your mobile device being lost or stolen, the first line of defense is locking it securely. Smartphones offer several locking options including pins, passwords and biometric methods.

  • Uncheck the "make pattern visible" option in the settings. This makes it more difficult for people around you to see your pattern.
  • Use six or more nodes.
  • Don't use a simple or common pattern. 40% of patterns start in the top left corner, and 77% start in one of the four corners.

pattern lock screen

  • Use at least a six digit PIN.
  • Avoid simple number sequences (123456), simple patterns of numbers (147147), and just repeating the same number (11111).
  • Don’t use a significant date like a birthday or anniversary.
  • Don’t use any part of your address as your PIN number.

PIN number lock screen

  • Long alphanumeric passwords are stronger than either a PIN or a pattern.
  • A common mistake is using passwords like 123456 or password.
  • Always remember that the longer the password, the more secure it is.

password lock screen

See our recommendations for creating strong passwords when choosing yours.

  • There is a 1 in 50,000 chance that someone else's fingerprint will unlock your phone.
  • There is a 1 in a million chance that someone else's face will unlock your phone.
  • Combine this with a strong pattern, PIN or password for the best security.

Importance of Mobile Security

As the number of mobile devices increases every year, the idea of mobile security becomes more important than ever. Mobile security is the protection of portable devices such as smartphones, smartwatches, and tablets from threats and vulnerabilities. People are now commonly using mobile devices for tasks that involve classified data like credit card numbers, social security numbers, and important banking information. According to the Federal Reserve, 39% of all mobile phone users are using online banking, up from 29% in 2012. This creates a larger target for hackers and a larger collection of private data to be stolen.

Within these pages are some mobile security practices that you can use to increase your mobile protection from online threats. It is not uncommon for a person to lose their mobile device or a scam application to steal credentials, so follow these tips in order to keep for private data safe.

Importance of Passwords

Passwords are one of the most important tools in technology that keeps our data safe. Passwords are like a lock on a box containing some of our most valuable private information. Of course you want that lock to be the best lock possible so that your information will always stay safe. Passwords should be the same. Longer is always better when it comes to making a secure password. Rather than using a pin as a password, consider changing the password options to require a string of characters and numbers, similar to what is commonly required for a website or computer. If you do happen to use a 4 pin password, make sure is not easy to guess like "0000", "1234", or "2580". These are equivalent to using "password" as a password.

Apple

On an iPhone, try using a 6 pin password instead of the default 4 pin password. You can even change it to be an alphanumerical password. Change your password options in the settings.

Android

On Android devices, it is more secure to use a pin or alphanumerical password than the lock screen pattern design. Try changing password options in the settings of your android device.

Using any sort of password is still one of the most important methods for securing your mobile devices. In the case that you lose your cell phone or it is stolen, the thief will not be able to examine or use your data. Learn more about Creating Strong Passwords here.

What do security applications actually do?

Try downloading a mobile security application on your phone such as Avast, Lookout, or Norton Mobile Security. These different applications come with built in features such as two-factor authentication, private browsing, anti-virus, and theft protection to keep you and your data safe. There are a lot of options that are free for consumers, making it more easy and convenient to be secure on your personal mobile device.

Avast: https://www.avast.com/en-us/index

Lookout: https://www.lookout.com/

Norton: https://mobilesecurity.norton.com/

Why should I update my phone?

Running the latest software and operating systems are an important part of staying secure for all devices, such as desktop computers, laptops, and phones. A lot of the time when your phone notifies that there is an update ready to be installed, it includes a security patch that is needed to fix a vulnerability that was detected in the system. Not only should you update your phone's operating system, but also the applications that are already installed.

How do I update my phone?

Sometimes your phone will not notify you if there is update. In this case, check the settings for anything concerning "software updates", typically found in a "general" section within the settings. If available, consider setting up your phone to update to the latest version automatically. This will save you from having to remember to check if a software update is available and ready to install.

Android: http://www.wikihow.tech/Check-for-Updates-on-Your-Android-Phone

Apple: https://support.apple.com/en-us/HT204204

Why should I back up my mobile device?

Just like backing up your desktop computer or laptop, it is also crucial to back up your mobile device. Both Apple and Android have their own methods of backing up data that are easy and free, so everyone should be able to save their data in case of an attack. Backups are useful for saving photos, videos, and personal contacts on your phone. In the case that your device is stolen, the hard drive fails, or is infected with ransomware, your data will not be affected as long as you properly back up your mobile device.

What is "hovering"?

A phishing attack is an email in which includes a link to a malicious website that leads the victim into giving up private credentials or financial information. One of the best techniques in determining if an email is a phishing scam is to hover your mouse over the link to determine the full address. While more people are continuing to read emails on a mobile device every year, it is important to understand how to implement this same technique on a smart phone or tablet. 

How do I do this on a phone?

In order to "hover" on a link, all you need to do is hold your finger down on the link for a couple of seconds. A window will pop of that gives the full address of the link. This will help you determine whether or not the link leads to a malicious website or is reliable. The window will have an option to close the window or open a new window to the directed website. 

Why shouldn't I connect to an unknown public network?

Sometimes on a mobile device, the settings will configure to connect to an unknown network without notifying the user. There are many risks included in connecting to an unknown public network, such as a man in the middle attack which allows a hacker to position themselves between you and the router, sending your information straight to him. This could lead to a personal data leak of confidential information. Change the settings in order for the device to ask whether or not you want to join the discovered network.

Caution with Online Banking

Do not do any sort of online shopping or banking when connected to an unsecured wireless network. If totally needed, it is safer to use your cellular data than connect to a public network to do your online shopping. The best place to do any sort of mobile online shopping or banking is at home on our own secure wireless network. 

If you find yourself needing to do an important financial transaction without using up your cellular data and without a secure network, try setting up a VPN on your phone. It is easy to set up and allows users to securely access a private network and remotely share data over public networks.

For more information about VPNs on iPhones, check out https://help.apple.com/deployment/ios/#/ior9f7b5ff26

Should I use it?

After being tested by pen-testers and anonymous hackers, Apple Pay and Android Pay turn out to be safer than using your actual debit or credit card. This mobile software virtually creates a new card every time you use the payment service, and then expires after usage. So if someone were to steal that credit card number from a store’s digital system, it will already be expired and invalid for use.

Download apps from a trusted source

Make sure to only download mobile applications from a trusted source. For Apple devices, this is the App Store. For an Android, you are going to want to use Google Play. It is also important to read reviews about the app. If it has a negative review, read more to see if anybody noted any security concerns like bugs or unencrypted passwords. Sometimes applications are filled with spyware and other types of malware.