Smartphone Security: How to Keep Your Handset Safe
Once upon a time, a phone was just a phone: It simply made and received calls. The only security you worried about was if someone had picked up in the other room to listen in.
Flash forward to 2011, and the line between phones and computers has all but vanished. In fact, your smartphone is likely more powerful and feature-rich than your desktop computer was just ten years ago.
With that increased utility, though, comes more vulnerability. Having a wealth of information--personal and otherwise--in your device makes your phone a target, and as the bad guys ramp up their efforts to infiltrate it, the good guys are gearing up their efforts to keep the bad guys out.
Does Smartphone Security Really Matter?
The short answer is yes, absolutely, more and more. The degree to which it matters, however, depends on the individual user, or the individual company.
Threats to your mobile security are not always easy to see. They range from the simple (such as when someone finds your phone and reads all of your e-mail) to the highly complex (such as Trojan horses, viruses, or third-party apps that share your personal information).
Here are some common security risks, with tips, tricks, and tools to combat them.
Don't Lose Your Phone
This may seem like a no-brainer, but don't put your phone down on a bar (especially if you work for Apple and have a prototype that no one is supposed to see). If you're in a public area, don't put it in a pocket or an open bag where it's visible and could be grabbed easily. Obvious suggestions, sure, but these kinds of on-the-street situations account for most cases of phone theft.
Your First Line of Defense
Set your phone to lock, or time out, after a certain period of inactivity, requiring a password to get back in. All of the major smartphone operating systems support this function.
You'll want your password to be something hard for you to forget and easy to type since you'll enter it frequently throughout the day, yet difficult for someone else to guess. Anything containing your name, information found on a driver's license, or a number as simple as "1234," for example, are not good passwords.
Here's how to find time-out settings on various smartphone OSs:
- Android: Previously, Android supported only pattern unlock (in which you draw a pattern to access the phone), but with version 2.2 of the OS, it now supports PINs and passwords. From the home screen, press Menu, Settings, Location & Security, and under Screen Unlock you'll find many options for setting passwords. To set the screen time-out, however, you must go back to the Settings menu and this time click Display. (Hint: If you decide to go with the pattern unlock, create a complex one that crosses over itself, or someone might deduce your pattern from the repeated smudge marks on your screen).
- BlackBerry: From the home screen click Options, Security Options, General Settings. There you'll see options to enable the password, set or change the password, and set the security time-out options.
- iOS: Earlier versions of iOS allow only for a four-digit PIN unlock code (which isn't ideal). Luckily iOS 4 introduced the option to set a longer password. Open the Settings app, and then select General, Passcode Lock. Just above Passcode Lock is the Auto-Lock option, which controls the time-out.
- Windows Phone 7: Open Settings, and then select Lock and Wallpaper. From there you can set or change the password, and also set the screen time-out.
Your Second Line of Defense
Remote wipe, plus the aforementioned password protection, is the bare minimum that most IT departments will require, although the specific steps you'll need to take very much depend on the level of security at your company.
Remote wipe means that if your phone is lost or stolen, you can remotely clear all of your data--including e-mail, contacts, texts, and documents--off of the handset, thus keeping that information out of the wrong hands.
You or your IT department can set this feature up for any of the major OSs, as well as use Microsoft Exchange to wipe the device (provided that you have an Exchange account). Those people without Exchange accounts or IT departments have other, simpler options.
- Android, BlackBerry, and Windows Phone 7: If your OS is among one of these, you're in luck, as you can find many fantastic third-party applications that allow you to remotely wipe your device. Lookout Mobile Security is just one example that not only enables you to wipe your device via the Web but also lets you track a lost device through GPS, back up your data over the air, and even scan for viruses. Its basic version is free, but to enable advanced features such as remote wipe you will have to pay for a Premium account ($3 a month or $30 a year). You'll encounter big players in the security-app game, too; for instance, NotifyMDM, Symantec, and Zenprise sell multiple-mobile-device management systems to companies.
- iOS: iPhone remote wipe is a bit trickier. If you have iOS 4.2 or higher, you can simply download the Find My Phone app from the App Store, and enable it in MobileMe in the Settings app. If you lose your phone, you can log in using MobileMe via Apple's Website to track it, display a message, or wipe it. If you have an older version of iOS, though, you'll need a paid MobileMe account, which costs a steep $99 a year. Plus, you'll have to enable the function by going to Settings, choosing Mail, Contacts, Calendars, and clicking Fetch New Data then Enable Push. Afterward, return to the 'Mail, Contacts, Calendar' screen and select your MobileMe account.
Note that all of the apps and services mentioned in this section, as well as other tools (such as Mobile Defense and Where's My Droid?), can help you find your phone via GPS. These apps have drawn attention lately, as their usage has led to the arrest of several thieves and carjackers.
Next page: How to keep malware out, plus which phone OS is the safest
Products mentioned in this article