Protecting your mobile devices

mobile devices.jpg

Apple CEO Tim Cook’s recent publication of the company’s refusal to cooperate with the FBI on a serial killer case has sparked some discussion about how important it is to keep our cell phones secure. Wanting personal security for your phone doesn’t have to mean you want to hide something from the government. It is totally acceptable to want privacy from corporations and from anyone who might snoop on your phone.

The easiest thing you can do for phone privacy is, of course, adding a passcode. You are always going to have to deal with the tradeoff between security and convenience. It isn’t really very fun to type in a long password or PIN before reading Instagram or Twitter notifications, but it will protect you from having your information stolen by onlookers or someone who picks up your phone.

Android offers a few different types of screen unlocks. The PIN and password are the two most obvious. Both let you choose the length, and thus the strength, of protection, up to sixteen characters for either. The pattern screen unlock is popular, but its security is questionable. It isn’t difficult to pick up someone’s pattern after seeing it used only a couple of times, so with these options, you can only expect to get protection from strangers who find your lost or dropped phone, not people you use your phone around often.

Newer versions of android implement Trust Agents, which are ways for apps to implement their own indicators of whether or not a user can be trusted. Currently, only official apps from Google or your carrier will be able to implement trust agent behavior. Trust agents can be configured to unlock your phone if you are in range of a particular bluetooth device or NFC tag, if you are in a particular location according to phone GPS, if they recognize your face with the front-facing camera, if they recognize your gait with the phone’s accelerometer, or if the phone recognizes your voice when you search with the “Ok, Google” hotword. Some Android devices also offer fingerprint screen unlock.

Apple devices have impressive security, as well. Aside from letting you use a PIN, newer iPhones can recognize your fingerprint to unlock your phone. Apple devices can be configured to wipe themselves if the user fails to enter the correct passcode ten times, which has proven to be strong even against law enforcement. Since Apple’s newest devices enable this limiting through hardware, a software update to the phone is incapable of bypassing this feature. Similarly, recent complaints to Apple about “Error 53” were founded in the phone’s distrust of the fingerprint scanner. Since each phone is bound to the fingerprint scanner it ships with, even Apple is unable to replace an iPhone’s fingerprint scanner. Though this is inconvenient for those with broken scanners, it is a win for physical security on the device.

There is more to phone security than just the lock screen, of course. Anyone who is serious about keeping phone data private is going to want to use full-disk encryption on their phone, which is supported by all the major operating systems in the mobile phone market.

Apple devices will perform full-disk encryption on any device with a passcode. If you have protected your phone with a passcode, there is no way for Apple or the government to gain access to your data, even if they have your physical device and can get at your hard drive to try reading it.

Android also supports full-disk encryption. With Android 5, hardware-backed encryption key storage is also possible. Encryption is possible in Android 5 even with Android’s pattern unlock or without a password, so consider if you have any reason not to have your data encrypted. You’ll be protecting yourself if you encrypt.

Make sure your mobile data doesn’t not get lost by saving it using a texting spy app.