Secure Phone

How to secure phone and iPhone security

Topic of Android/iPhone security is always important for all of us, but it especially important for photo journalists and people which visit dangerous places and countries ruled by dictators.
So what can we do if we cannot buy 10 000$ phone and pay hefty monthly contract so all our communication is going only via VPN to encrypted servers?
Here are some advises how to move your security to next level.
Best security is nobody can hack your applications to listen to your conversations, read your messages or see your photos.
This may sound difficult but it is actually very easy:

Use two separate phones:

  •     One only for calls, text messages and photos. Without installing ANY applications on it.
  •     Other phone for Facebook and all apps which we are using daily.

If  you don’t want to carry separate photos continue reading below.

I would strongly recommend you to choose iPhone security instead of Android, as there times more hacks and bugs on Android. And fixes for them are usually taking much more time to get released. And if you get older phone you may never get them.

Iphones have filesystem encryption by default. Something which Android phones are lacking. Unfortunately there is no encryption for iCloud backups. So if someone get hold of your iCloud account or government is after you they will very easily get all your passwords, keys, contacts, emails from iClould backups.

Some advises for increasing your mobile phone security level:

  1. Install VPN application and use it for all connections to internet. As always free is never truly free so some of free VPN services are selling user data around. If you want totally secure VPN you will have to pay few dollars per month.
  2. Use password manager with dual authentication like LastPass and use unique password for each website and application. When generating new passwords ensure that they are 16+ symbols including digits and special symbols.
  3. Change all old passwords which you have used until now. It may take some time but it will be worth it.
  4. Turn off WiFi when leaving home as it is relatively easy for dedicated enemies to make you cyber trap with fake website, fake application or fake update for mobile app, and push it to you when you use not secured WiFi Networks.
  5. Check for fake apps. Click on App in App Store, check Developer name, Age /shouldn’t be less 1 year old/ and ratings numbers. If there is anything suspicious don’t install it. Best way is to go to vendor website and follow lik to App from there instead of searching in App store. Read app reviews especially negative ones.
  6. Add PIN code /not four zeroes!/ so SIM card cannot be easily cloned if someone get physical access to your phone
  7. Don’t use public chargers and USB ports in coffee shops, airports, trains, train station and so on. As it is very often used attack vector virus to be inserted via USB drive covert at charger. Also use only your own USB charger and don’t loan one from colleagues. Best to have good signature on your charger so it cannot be easily replaced without your knowledge.
  8. Disable usage of USB when screen of your mobile device is locked. Turn on USB restricted mode with Settings -> Touch ID & Passcode -> “USB Accessories are not permitted on the lock screen”
  9. Set up settings for auto erase of phone content after 10 wrong password attempts. But of course be careful not to give your phone to small kid/baby which can press 10 times code and lead to loss of all your data.
  10. Regularly do OS update and update all applications. It is best to set this to automatic updates, as otherwise you might have unsecured app for weeks until you decide to update it.
  11. Set up complex password instead 4-6 digit code for unlocking your phone. Go to Settings -> Touch ID & Passcode and enter your newer complex passcode
  12. Set up double authentication for both your iCloud and Apple IDs.
  13. Disable all cookies saving in mobile phone browser. This may seems a bit draconian, but it is one of most important things. As it is extremely easy for websites to follow you around based on cookies.
  14. Disable access to microphone and contacts apart from phone app. And check regularly if anything have changed.
  15. Some people would also recommend against usage of SMS as second authentication method. As someone can temporary take your SIM card and receive needed message. But this should be concern only if you leave your mobile phone away you.
  16. If you loose your phone wipe it clean remotely. Also wipe completely your phone before selling it and remove it from your iCloud account
  17. Don’t jailbreak your phone and don’t install applications from outside app store. Any application downloaded from outside is inviting viruses, hackers and breaching your security.
  18. Never apply network settings or phone configurations received by message or over email.
  19. Keep only apps which you use and delete rest.
  20. Disable bluetooth. Maybe you are not aware but London Underground is tracking all passengers by bluetooth and WiFi addresses of their phones. https://www.wired.co.uk/article/london-underground-wifi-tracking
  21. Enable Fingerprint scans and face recognition. Password can be seen by cameras or over your shoulder but fooling biometric data scan is very very difficult. This can be done via Settings -> Face ID & Passcode
  22. Use privacy screen protector for mobile so other people cannot see screen of your phone. This is standard across many big corporations for notebooks, and easy and cheap measure which you can take with your mobile phone
  23. Don’t use Facebook messenger or WhatsApp for your communications. Facebook is always reading, analysing and saving your communication there.
  24. Better use open source encrypted end to end service like Signal
  25. Disable Siri, Alexa or Google voice assistant your mobile phone. You don’t want your microphone to listen and record you.
  26. Set Safari default search engine to be DuckDuckGo. This might look problematic at first, but there are search engines like DuckDuckGo which are not tracking your searches and selling your data. Google is paying Apple billions per year to keep being default Search Engine.
  27. Choose your email provider wisely. In Gmail all your emails are scanned and analysed by company. And you agree to this when you sign for service.
  28. Disable load remote images in email settings. Many senders are tracking active users if image is loaded. Sometimes it can be only 1×1 pixel size
  29.  Activate “Find my iPhone” service. 
  30. Avoid opening unknown links from emails or messages. iPhone security is most often breached by following unknown links.
  31. Avoid opening unknown documents from websites or emails. Keep in mind that every document send via Facebook Messenger is kept there forever!
  32. Disable location data in images. One can easily track where you were and where you are living with tracking location data of your publicly uploaded images
  33. Don’t use Apple auto-fill feature in Safari or Keychain stores website logins. For Safari: Go to “Settings” –> “Safari” –> “General” section –> “Passwords & AutoFill”
  34. Never ever save your credit and debit card information anywhere. Not in browser, text file or keystore. Only secure location is your physical wallet.
  35. Disable Facebook tracking across other companies apps and websites
  36. Disable sharing of data for Vendor Analysis. This shouldn’t be allowed for Apple, Google, Facebook or anyone else.
  37. Disable lock screen notifications. Everyone will be able to check them when you went to other room or toilet leaving your phone vulnerable on desk
  38. Turn off automatic Sync to iCloud. Many celebrities were hacked because they stupidly saved all photos in iCloud instead keeping their spicy snaps locked at home. iPhone security is good overall but we shouldn’t trust it too much.
  39. Reduce screen timeout time to minimum. This will prevent someone snapping your phone when you are not keeping eye on it. I know people in London which got their phone stolen while unlocked, so they lost a lot – photos, emails, messages. Everything was accessed by criminals. So change this via Settings -> General button -> Auto-Lock. Most secure option is Require password code immediately. With this everyone who pick up your phone will be asked for password.
  40. Avoid third party keyboard apps. Many of them are snooping your data and passwords
  41. Set messages to auto-delete. You may have send password, code or valuable information over message, but you can easily forget after few weeks. And by default this information is kept forever. So set autodelete by Settings -> Messages ->Keep Messages
  42. Install Application which identify spam callers. Good one is TrueCaller. Even more draconian way is to silence unknown callers which can be done via Settings > Phone > Silence Unknown Callers
  43. If you are scared that police can take your phone and force unlock it with your face you can enable following. Settings ->Emergency SOS -> “Call with Side Button”. In this way when you press five times side button and this will disable biometric unlock. Only way for unlocking phone will be with your passcode.
  44. Check iPhone security privacy settings regularly by going to Settings -> Privacy