Setting up a Secure Phone: A Complete How-To Guide for Privacy Paranoids and Whistleblowers

By Haseeb Awan

While many attempts were made to build the most secure phone, the majority of them ended up a flop. It's super expensive to build the hardware software and then market it. There's a reason why we have a monopoly on Android and Apple. It's a super tough business. Does that mean Android and iOS are both safe? Heck no! This article will explain how you can secure your devices – either Android or iPhone.

Both of the devices have inbuilt issues. Those issues will be addressed here step-by-step.

Your "unsecure" device is a lottery to hackers. It is a loophole or a result of compromised privacy where the hackers find a crack to enter as a rabbit.

  • The conventional device encompasses dozens of personal information – from auto-fill credit card details to passwords.
  • As an average gadget-dependent individual, we all rely on our smartphones for everything – from ordering Uber to online shopping, communication, etc.
  • Surprisingly, despite everything, we are not securing our devices while recognizing the cyber risks.

Such considerate lapses make us easy to hack prey. To avoid such vicious attacks, consider these security tips to make your device more secure.

Educate – Open Source vs Closed Source

iOS is deemed to be more secure than Android. Regarding privacy and security (even the closed-source technology might be a victim of hacking), for instance, Apple's older version, iOS 11, was cracked 24 hours (after its launch). Does that make Android safe?

Android devices are reciprocal and dependent on open-source code. The manufacturing permission allows the manufacturer to modify Android's operating systems. Hackers thank them for this, furthermore, YOU for not knowing this before them.

The code is easily modified on Android. In the mirror, the fragmentation of an iOS operating system is by a host of companies. The (iOS) device manufacturer ensures the base OS that is not open to malicious interference.

Although iOS is pretty secure, that should not create an impression to disregard the myriad of threats (it has to your data security). Hackers do not see how strong or weak the portal is to trespass it – they just trespass. iPhone 11 was specific with its "confirmed" security launch, but mid-term (July) report 2019 revealed shocking patterns of malware developers aiming to deploy malicious variants to exploit the "promised" security features of iOS 13.

Red Flags – Regular Android Security Threats

Modern devices are the new frontier or incentives for data breach incidents. Malware is infectious, and it could be possible by installing an unauthorized application without any reviews, clicking on the doubtful email (phishing), or simply via SMS. Usually, the malware takes the forms of ransomware, trojans, spyware, and worms.

Man-in-the-middle attacks

MITM is a three-way play: the victim, the correspondent with whom the victim communicates, and the whistleblower (or interceptor). As you can get, the interceptor is using your live information.

Trojans

Stealth malware disguised as verified software. They are on the verge of tricking you, and at this stage, you should know how to spot and implement the right strategy. If you let them in, then.

Ransomware

This is where your device is locked, so your precious information is encrypted. They demand payment to unlock your device (just like a kidnapper) or to revert your data back to you at a predetermined cost. Attackers trick you via social networking schemes, bogus texts, pop-ups, embedded viruses etc.

Insidious Keyloggers

Software that records keystrokes. They record your information while you are typing.

Adware

Pop-up advertisements on your device, from more sophisticated to modest or most straightforward versions. It may contain some malvertising code to eat your device by implanting pop-ups.

Spyware

Hackers spy on you remotely, recording your information.

The Operating System

There are reportedly, or figuratively, layers of protection in an Android OS that determines or adds value to its security. There is a default function to "allow" or "block" a specific action. This permission function is vulnerable to malware because it is open-source. This greater flexibility is a cause of such vulnerabilities, where an adjustment is needed to secure your device. These security settings help you serve the internet or download the content safely. Android has brilliant lock-in device options such as Trusted Places, Trusted Voice Recognition, Trusted Face, and On-Body Detection.

Just rely on the authenticated source. Android is available to many – this opens the hacker's portal. This does not mean that iOS users are not attractive targets for cybercriminals. Both the device users need to be vigilant when downloading third-party applications that are a door to viruses or malware. Google Play Store suffices. Standard Security Settings include Google Play Protect and On-device encryption.

Let's check the "by-default" Security Settings. The most notable examples are Google Play Protect (malware protection) and on-device encryption. The first one helps you eliminate malware, such as their Play Protect scan apps (available to be downloaded from the Google Play Store) to ensure malware-safety content. This also recognizes and removes malicious applications before they are ready to download on your device.

So, whatever app is developed, it passes from the vetting stage on the Google Play Store, where the Google Play Protect scans your applications (by default) for malware before or post installation.

Secondly, Google Play Protect limits jailbreaking incidents, which means downloading unauthorized applications from unauthorized platforms. A rogue application can infect your Android OS. Android's popularity opens the development of new applications, probably designed to infect your holy Android from unknown sources.

The need for safe browsing using Google Chrome – helps protect you against malware/ phishing content – perhaps unknown sources. Android OS provides prevention from malicious (unknown) or cryptic downloads. The latest, on-device encryption is another default security feature of an Android System. To reap the benefits of encryption, you need to lock your Android with a password, PIN, or a pattern. Once locked, the 256-bit AES standard encryption works as a safeguard to protect the stored data on your device.

Tips to Secure Your Android Phone

Hackers don't expect you to have this in place – let's disinfect these pests. At the fundamental level, it includes:

  • A good password
  • Two-step verification
  • Find My Device tool

How to Set Up Your Password?

Conventionally, a PIN works or password are locking methods of an Android. The best layer of protection you could add is to set up a perplexing, complex, unique alpha-numeric password with a combination of uppercase and lowercase letters, numbers, and symbols. This guide to setting up a strong password is beneficial.

How Does Two-Step Verification or the 2FA Work?

This means needing two different codes from different sources. An SMS-based 2FA means a code is sent to you via text. This means the code when you enter on the account password bar, then will you get access.

This prevents hacking because the culprit doesn't have access to your SIM. You must be thinking, "Hey! What if they hack my SIM?" I have an option for you, you can enjoy your safety with America's Most Secure and Private phone plan with a 100% money-back guarantee for 60 days. To set up a 2FA, go to your Google Account's Security > Sign in > Enable 2-step verification.

Is It Necessary to Opt to Find My Device?

Yes. Losing a device is an unpleasant circumstance. You never know when it will fall into the wrong hands. This tool is an immediate backup plan suggested to every Android user – as this tool keeps your valuable data safe. It is designed to keep you worry-free when unexpected circumstances take place.

How is "Find My Device" a Lifesaver, and How to Enable it?

Sign in to your Google account with your location turned ON. While you get into your account, please go to settings > security > Find My Device – toggle it ON.

Fingerprint Unlock

The fingerprint sensor offers secure authentication as well as protection from passwords. Settings > Lock screen and security > Screen lock type > fingerprint.

On-Body Detection

It is unlocked only when it is in your hands. Otherwise, it automatically locks but cannot detect once passed to another human.

Trusted Places

It is a configuration where the device remains unlocked where you want them to be unlocked (for instance, home; or regular workstation).

Trusted Face Recognition

Facial recognition is considerate and is available on Android's Smart Lock suite. It is advised not to use a 2D or 3D sensing camera, as it could be easily recreated.

Trusted Voice

As the name suggests, it can only be opened when the device hears a trusted voice. Here is how to opt it – Settings > (Smart Lock can be found under settings and should be on) > security > Advanced > On Body Detection/Trusted Places/ Trusted Face Recognition/ Trusted Voice/ Trusted Devices can be on as per your choice.

Additive Security Layer – Pro Android Security Settings

Now, let's add more security layers: a physical security key; disable Bluetooth connectivity; password managers; authenticator app; lockdown mode; VPN; Smart Lock/ Auto Sign-In.

Now, let's add more security layers: a physical security key; disable Bluetooth connectivity; password managers; authenticator app; lockdown mode; VPN; Smart Lock/ Auto Sign-In.

Physical Security Key

A security key means you and your trusted individual only. If someone breaks into your account, they cannot get in due to the security key. What does it look like? A portable, teeny-tiny flash drive allows you to save your precious authorized data.

Disable Bluetooth Connectivity

Don't trust your Bluetooth connectivity in public because it gets your device connected with someone unauthorized.

Password Manager

Like LastPass' vault', Dashlane and 1Password work well, keeping your password organized and safe from hackers. They also help you save complex passwords and even work with your fingerprint.

Authenticator App

Instead of 2FA sending you SMS codes, this app helps generate more unique codes on your device and does not rely on your SMS only (even if an eavesdropper encrypts it).

Lockdown Mode

Android 9 users are blessed to activate this mode where your device will be locked and won't be accessed even with your fingerprint scanner, and Smart Lock will not work. Hold down the power button and select lockdown.

VPN

Using a public (coffee shop or airport) Wi-Fi is a sin, but you may be tempted to use it and surf the web. VPN encrypts online activities. Trust me, it saves you from eavesdroppers or hackers. In the Android world, you can use:

Smart Lock

Use it on and off. Keep updating or off it when not auto-fill is not needed. This is because hackers could take benefit from it. Security > Sign in > Saved Passwords > Toggle On/Off per need.

Tips to Secure Your iPhone

Like every clockwork, a new iPhone is launched every year with a new iOS for the pre-existing models. This is tremendous excitement for users – as well as – hackers.

Recently, a renowned hacking team has launched a new "jailbreak" technique that unlocks every "walled garden" iPhone – even the latest iOS 13.5. New features help to minimize cyber risks. Here are some tips for doing so:

Turn on your automatic iOS updates

Updating OS is essential, as these address software (past) weaknesses. A specific code by a hacker can target this vulnerability if you don't frequently update your operating system. You can auto-on it:


Go to Settings > Press general > Tap software update to turn on automatic updates.

USB Restricted Mode

This prevents juice jacking. At most straightforward, it means when you can install malware or information could be stolen by plugging in a USB port. You can find it by:

Go to settings > Scroll down to Touch ID & Passcode > Please type in your passcode and scroll further down to USB Accessories not permitted on the lock screen > Turn it off in case it is on.

Toggle on built-in Find my iPhone

This is tracking software that uses GPS to locate a stolen phone. The activation lock prevents hackers from using your iPhone and gaining access to your user data. If you want to get a hold of it, use your Apple ID and password because a hacker cannot turn off your Find My iPhone feature without it. You can enable it by:


Go into your settings > User name > iCloud > Scroll down to Find My iPhone > Turn it on and activate it to send your recent location > Since you are asked to log in, use your Apple ID here.

Get rid of specific widgets on your lock screen

Widgets are a shortcut to Wi-Fi, wallet, Bluetooth, and camera features. Since it is part of the iPhone lock screen, hackers can swipe up your personal information. To disable, you can: Toggle on to settings > control centre or Toggle off widgets you do not want on your lock screen.

Make yourself habitual of VPN while using public Wi-Fi

It allows you to serve the internet safely while using coffee shop Wi-Fi or airport Wi-Fi.

Privacy settings bi-weekly or periodic monitoring

Audit your iPhone where you would want to delete unwanted applications that consume more space. Most notably, you can find an email regarding changes in privacy policies. Keep a close eye on it. You are just two clicks away from privacy – go to settings > tap privacy. You can revise the permitted applications and revoke them where unnecessary.

Unique passwords

Make unique alpha-numeric passcodes. A password-generating tool can help. Instead of auto-filling it (by saving the information), you can write down the unique password on paper for future use. You can set the passcode by Going to settings and Touch ID & Passcode > Enter passcode> You can select a custom numeric code or generate it online and type here (while writing it down on a piece of paper).

Opt SMS 2FA

It adds a second layer to your privacy and security. You can choose a PIN, password, or pattern or opt for fingerprint or biometric authentication. Thirdly, you can opt for a credit card, phone, or USB token as additional identity verification. You can follow the prompts after: Sliding to settings > Press on your name and go to Password & Security > Scroll down to find 2FA and turn it on.

Choose Auto-Lock

You can limit the screen activity time by opting for auto-lock, clicking on settings > Scroll down to general button > Select Auto-Lock.

iOS 12 feature: Password Audit

As the name suggests, it asks you to frequently change your pre-used passwords. Selecting an alpha-numeric or unique password for each account is hefty work. The rule is least followed. It helps to manage your password more easily. Plus, the stored passwords will be audited to spot any repeated patterns. The report will let you know. You can opt to audit or change your reused passwords: Settings > Passwords & Accounts > Look up for Website & App Passwords > Click it to enter your passcode> A red "warning" triangle will let you know if a duplicate password > You can then revise it using password generating tool.

Backup encryption is needed

We back up our business chats regularly and pay less attention to encryption. If you encrypt your valuable backup data, it will reduce the vulnerability to hacking. The best encryption is to connect it with iTunes, which can encrypt your backups. This also allows you to maintain a separate password for this encryption.

Connect your device to open iTunes > The Back-up section contains the "Encrypt iPhone Backup" option. Click it to create a separate password.

Do not share the location

iOS 13 allows you to limit image location metadata. To enable it when you share your image, click on the option where you can see the location option, toggle it off or deselect it.

Turn off Siri

As talkative as Siri is, she can pass on your data to hackers without your permission, she asks for verification to access sensitive information, but hackers are more intelligent and can fool around with Siri. Settings Touch ID & Passcode > Turn off the allow access when locked option.

Auto-fill should be off.

This is the easiest way for hackers to get access to your information. To disable it, visit your settings > Safari > Autofill > disable each permission.

Conclusion

This guide was to educate you on the approaches of being highly private and having a secure phone when you are a journalist or associated with such a profession where leaks are common and can cost you your life. The above links were not just shared for some traffic generation or affiliation; they are here because they are accurate and give you an extensive overview of what to expect and how to compete with it.

Today SIM hacks are widespread even among famous ones like Jeff Bezos or the celebs like Amanda Cerny or King Bach. Efani provides mobile security services and secures your phone number and phone. 

Want Guaranteed Protection Against SIM Swap? Reach Out to Us.