A checklist of security basics to make your mobile experience safer.
Like every geek, I have been asked to set up security basics on computers for family and friends. But these days, I get asked more about mobiles and websites than computer by friends who want to be safe online and minimize loss when they misplace their phones or other devices. Over a couple of years, I have made a check-list that I share with them, which may be of use to you too.
These are simple steps that you can follow to keep yourself safe from everyday attacks on mobile and web. If your threats are bigger, talk to someone who is an expert in security. With that disclaimer, let’s look at some of the common tools and practices that we all can follow.
Most of us are familiar with phone passcodes, but sometimes they are too short and can easily be guessed. Just make sure your PIN is at least six digits long.
Setting up a SIM PIN is just as important. Most online services, including some banking services, confirm accounts using SMS or USSD. If you ever lose your phone, some one can take over your accounts by using the SIM. SIM PIN restricts someone from accessing your SMS OTPs and USSD (Unstructured Supplementary Service Data) by plugging the SIM into another phone. Prevent that with a SIM PIN.
If you go to your Phone – Settings – Security – SIM card lock, you can change the SIM PIN. The default PIN for the SIMs would depend on the provider. The most common ones are below. If they don’t work then try calling customer service.
Provider SIM PIN
Tata Docomo 1234
Please note that you will have to enter the SIM PIN each time you restart the phone or the SIM gets activated. If you enter the wrong PIN thrice, the SIM gets locked and you will get an alert asking for the PUK (Personal Unlocking Key) code. The PUK code is provided by the mobile service provider. You can call them and get the PUK code to unlock your SIM.
Most modern smart phones (iOS and Android) have the option for full disk encryption. Enable it. On Android go to Settings – Security – Encrypt Device
My advice is not to use public Wi-Fi as much as possible. But there will be situations when you have to use public Wi-fi. Then it’s important to use a VPN (Virtual Private Network) to secure your communications. There are hundreds of providers to choose from. Do a thorough review before getting a subscription (I use PrivateInternetAccess).
Stay up to date with the firmware. Check for updates every once in a while and install them as soon as they are available. For apps that you use regularly, set up auto updation so that you can get updates as soon as possible.
Uninstall the apps that you don’t use. If you can’t uninstall, disable them or remove all the permissions.
Be vigilant on the permissions that apps require, especially if the apps request permissions that common sense says may not be required to work.
If you want to see what permissions apps are using, go to Settings – Apps – Specific App – Permissions. You can remove the permissions retroactively, too. Most apps may stop working but some good apps will degrade gracefully.
Browsing the web is a huge part of the mobile experience. The Chrome mobile browser is good but lacks a lot of features the Chrome Desktop browser has. For example, ad-blockers. The best replacement is Firefox mobile. It’s a great browser and also comes with standard add-ons. Some of the add-ons I use with Firefox mobile include uBlock Origin, an efficient ad-blocker that works just like the desktop version and is easy on bandwidth, and HttpsEverywhere that keeps your browsing session secure by shifting to HTTPS when available.
Some of the add-ons I use with Firefox mobile are uBlock Origin, an efficient ad-blocker that works just like the desktop version and is easy on bandwidth, and HttpsEverywhere, which keeps your browsing session secure by shifting to HTTPS
Password managers help you manage and use longer and difficult passwords without having to memorize them. There are many options to choose from. It’s better to choose one that works both on desktop and Mobile. LastPass, KeePass, and PasswordSafe are good options.
Password managers can also be used as note-takers for sensitive information. Use password managers to save information like addresses, bank or credit card details etc.
Two-Factor Authentication, also known as 2FA, is an extra layer of security that requires not only the username and password but also something that only a user has with him/her. In most cases, it would be the phone.
Install Google Authenticator on phone to start using 2FA with GMail and Facebook. Check the website TwoFactorAuth to get the list of all the services that support 2FA.
Messaging services are the biggest communication tools on mobile. From SMS to WhatsApp to Facebook Messenger, there are a zillion options. Most of these claim to have end-to-end encryption but my suggestion, still, would be to check out something like the Signal app. It is available on both Android and iOS and is a good replacement for WhatsApp.