All the instant benefits of a smartphone come at a price, ranging from invasion of privacy and unwanted advertising to criminal hacking of accounts or data. While we canât plug the leaks completely, we can make the lives of those who want to profile us or access our data and/or money, that much harder. Enough to make unknown outsiders looking for soft targets seek their jollies elsewhere, simply because itâs easier. This author spoke to some cybersecurity experts and top business executives about how to render your phone relatively safe. Hackers and unwanted guests most often rely on one thing; your willing or unwitting co-operation, the latter being where this article holds the most valence. Use apps with encrypted messaging such as WhatsApp or Signal, instead of straight messaging. Install an ad-blocking application. Donât let outsiders track your location unless itâs directly pertinent to the purpose of the app – as in finding nearby restaurants. Delete apps you donât use – they could be acting as âsleepers,â silently passing on data to their creators and/or hackers. The list is long, but hugely worthwhile. You can take more control of your phone, rendering yourself far safer. – Chris BatemanÂ
Tips for keeping your mobile phone (relatively) safe
By Catherine Stupp
(The Wall Street Journal) – Can you stop your phone from leaking personal data about you?
___STEADY_PAYWALL___
Increasingly, the answer appears to be no.
A recent wave of corporate-data leaks and scandals related to sharing of personal information has led to lawsuits, fines and regulatory probes in the US and Europe. Yet many cellphones and mobile apps continue to gather user data, such as peopleâs locations and shopping preferences, in order to share the information with other companies, including advertisers.
We asked several privacy-conscious and technologically savvy people what they do to protect their personal information while using smartphones. And the responses werenât encouraging: They mostly agreed that smartphone users are at the mercy of phone manufacturers and app developersâ data practices.
Georgia Weidman, founder and chief technology officer of Shevirah Inc., a cybersecurity company focused on mobile devices, says she doesnât keep photos on her phones that she wouldnât want to end up on the internet, in case a hacker accesses her phone or an app accesses the data. When even new devices can have hundreds of apps on them, Ms. Weidman says, itâs also possible she may âmake a misstep somewhere.â
Other rules she sets for herself: She has different phones for work and personal use, which helps to keep different kinds of data separate. She limits to her personal device use of apps such as social-media platforms that she thinks may âspyâ on her data, and she doesnât keep sensitive information about corporate clients on any of her phones.
âItâs nice that Facebook and WhatsApp know what you like, but you give up a lot of privacy. Itâs hardly worth it,â says Ms. Weidman, who explains that she uses these platforms in combination with an app that blocks ad tracking.
Christopher Weatherhead, technology lead at nonprofit Privacy International, recommends using encrypted-messaging apps, such as Facebookâs WhatsApp or Signal, instead of traditional text messages. While some apps âare more secure and have better privacy policies than something like WhatsApp,â he says, âWhatsApp is night and day superior for personal privacy and securityâ compared with plain text messaging.
Not everyone will go to the lengths that privacy experts do to protect their communications. But they agree there are some precautions anyone can take to guard their privacy. Here are some other steps they recommend to limit the amount of personal data that your phone collects and shares about you:
Donât let apps access information they donât need
When you download mobile apps, they may ask permission to track your location and other data. In some cases, apps need that information to do what they promise, like recommend restaurants nearby. But some may ask to access phone features even though they donât require that information. They may share data with other companies that users may not be aware of. Many popular smartphone apps share usersâ locations, health details and other data with social-media companies, a Wall Street Journal investigation revealed. Other apps share personal data with advertisers.
âIf itâs an app that lets you play cards, it probably doesnât need access to the inner workings of your phone, your contact list, the internet and your GPS,â Ms. Weidman says. She recommends watching what apps youâre granting access to your camera, microphone, contacts list, location data and other information.
Phone settings list options to shut off appsâ access to location and other information. Ms. Weidman recommends people review those permissions and refuse to download apps that request access to anything they donât need.
Apps may even continue to collect data after a person stops using them. To cut down on the amount of data a phone shares, people can delete apps they no longer use, says Mr. Weatherhead.
Research new apps before downloading them
Consumers might want to search the name of an app online before downloading it, because the developerâs data practices may already be well known, says Maureen Ohlhausen, a partner at law firm Baker Botts LLP and a former chairman of the Federal Trade Commission.
A quick internet search may turn up consumer complaints, lawsuits and regulatory investigations into an appâs potential privacy violations. Privacy concerns surfaced quickly this summer as more users downloaded FaceApp, which lets people upload photos of faces and change them to look older or younger.
Donât let advertisers track your browsing
Ms. Weidman says she uses mobile browser plug-ins to stop advertisers from tracking her web activity and from presenting her with targeted ads on social media. Plug-ins to block ad tracking are available in app stores. In addition, she uses private sessions on web browsers to prevent them from keeping a history of her searches. Depending on the browser, private sessions are often described as âincognitoâ or âprivateâ windows in the toolbar.
Change the data your phone shares with advertisers
One way to limit the personal data that smartphones collect and send to advertising companies is for users to regularly reset or turn off their advertising IDs, which identify mobile-phone users, in their phonesâ settings menu. If a phone user changes their advertising ID, ad profilers cannot connect data they collected before and after it was reset with the same person, This reduces the amount of detailed personal information that advertisers see from that device, Mr. Weatherhead says.
While it might seem harmless if advertising companies obtain personal information about mobile-phone users, many people may not realize that advertisers might share that data with insurance companies and other business partners, Mr. Weatherhead says.
Update software on your phone
Data leaks and cyberattacks are less likely if people use up-to-date software. Often, hackers will siphon data off devices by exploiting a problem in an app or a phoneâs operating system even after companies release a new, fixed version that a victim hasnât downloaded.
âLots of criminal attacks go in through vulnerabilities that are fixed and that you havenât bothered patching,â says cybersecurity expert Bruce Schneier, an adjunct lecturer at Harvardâs Kennedy School of Government and a fellow at the Berkman Klein Centre for Internet and Society.
Watch for phone scams
Cellphones are becoming a more attractive target for hackers. Scammers send texts with links containing malware that could compromise personal data, Ms. Weidman says.
Hackers also call cellphones and use ploys to trick people. Donât react immediately to suspicious texts and phone calls that claim to be fraud alerts, says Ms. Ohlhausen. For instance, she says she recently received a phone call saying there was an alert related to activity on one of her financial apps; she asked to call the company back after checking it out herself.
âThey try to throw you off and get you to react immediately,â she says. âJust be skeptical, take a breath.â
Dangers on the road
Mr. Weatherhead switched to an iPhone from Android after Apple Inc. refused to help the Federal Bureau of Investigation access encrypted data on the phone of a terrorist after a shooting in 2015. Mr. Weatherhead frequently travels abroad for his job and says authorities in some countries may want to access information about his work with privacy advocates.
âI want to know the data is staying on the phone,â he says.
Ms. Ohlhausen often decides to access the internet using mobile data instead of connecting her phone to public Wi-Fi networks because the connection may be less vulnerable to hackers. âSomeone could be snooping on your traffic when youâre on a public network,â she says. Some people may want to use virtual private networks to protect their connection from intruders when using public Wi-Fi, she says.
Mr. Schneier says he accepts that a certain amount of risk comes with using the apps he wants. Two-factor authentication adds an extra layer of security to apps and makes it harder for hackers to access data, he says.
âPasswords are easy to steal, passwords are easy to guess,â he says. âUse two-factor authentication. Itâs kind of a no-brainer.â
âMost of your security and privacy is not in your hands,â Mr. Schneier says. âYou donât have the ability to reverse-engineer it. You just donât know.â
– Ms. Stupp is a reporter for The Wall Street Journal in New York. She can be reached at [email protected].