Cyber 101: Real-World Mobile Security

Today’s reader question: *“Is there any way to secure mobile devices that I can do myself?”*

This is one of those areas of security that does have a “good news” kind of answer. There are many things you can do to help secure your own mobile devices that don’t require large amounts of time, money, or your company’s direct intervention.  Let’s have a look at the top things you can do:

First, only download applications from sources you trust.  While that may seem like a no-brainer, remember that you shouldn’t consider the official app stores of your platform (Google Play, Apple’s App Store) as trusted in all circumstances.  While those platforms do try their best to keep malicious software off their storefronts, they’re not infallible, and sometimes things slip through. So, when I say “only sources you trust,” what I mean is that you should only download and install applications from vendors and companies that you do business with or use outside of the mobile world.  Always double-check to make sure you’re downloading the official applications as well – as too many bad actors have created and published applications that sound and/or look like the real ones in order to trick consumers.  If you’ve never heard of the publisher or developer (usually listed in the details page for the app in question), then don’t download it.

Next, always be on your guard when installing and running new programs, and when agreeing to privacy and end-user agreements both when you install and when the app is updated.  Recently, both Google and Facebook were caught using sketchy methods to snoop on mobile users – to the point where Apple actually disabled a critical component of both companies’ internal iPhone applications and removed their public applications from the App Store [[[The fallout from Facebook’s controversial research app – The Verge](https://www.theverge.com/2019/1/31/18206027/apple-facebook-research-app-enterprise-certificate-google)]].  In short, both companies offered some form of free security tool that included Virtual Private Networking (VPN) services.  The way the VPN worked, the two companies were able to view all data sent or received, since the VPN was controlled by them.  Here’s the catch, they were up front and told users that this would happen – and in Facebook’s case even offered to pay users to let them watch what they did and where they went online.  Users willingly accepted the end-user agreement and privacy terms and accepted the permission requests when the app was installed – or more probably didn’t realize that’s what they were agreeing to, but agreed to it anyway by clicking “Yes” and “OK”.  So, always question the terms and conditions and any privacy statements when you install applications; and be on the lookout for updates to terms and conditions and privacy when the app updates.  Also keep a close eye on permissions requests (“Application X wants to use your microphone and camera” or “Application Y wants to see your location when you’re not using the app” etc.).

That’s not to say you should avoid using a VPN – quite the contrary.  VPN applications from legitimate and secure providers like Encrypt.Me [[The Super Simple VPN You Can Trust | Encrypt.me](https://encrypt.me/)] and PersonalVPN  [[Home – personalVPN.com](https://www.personalvpn.com/)](as just two examples) are great security tools that you should be using any time you are on an unsecured WiFi network.  These services keep anyone else on the same WiFi network from seeing what you’re doing, and as long as the VPN provider has clear privacy and security terms and conditions that protect the privacy of your online habits, then they’re a vital security tool that anyone can use and benefit from.  Stay away from free VPN providers (remember, if you’re not paying money, then you’re paying with your personal information), but otherwise find a VPN provider within your budget that protects both your online activity and your privacy.

Finally, remember that mobile devices are – by nature and name – mobile.  Be aware of your environment whenever you’re using a mobile phone or tablet, and even your laptop.  It’s very easy for “shoulder surfers” to see what’s on your screen, including banking information or company data.  If you don’t need to view your email or sensitive info when you’re on a train or plane, or in a coffee shop or other public area, then don’t.  Here in NYC, I cannot tell you how many personal and corporate emails I’ve seen just because I’m on a subway train and someone is on their phone looking that their screen right in front of my face.  On airplanes, it’s worse, as current seating trends mean that your neighbor in the middle seat is basically in your lap.  Play games, listen to music, read books – but keep sensitive information sensitive.  Remember, if you don’t want literally everyone to see what you’re seeing, don’t bring it up on your screen in public.

The same goes for phone calls and other audio conversations (Skype, Slack, etc.).  I once sat in an airport gate area and listened to an entire conference call – including some rather sensitive competitive information – someone was having a couple of seats away, even though I really didn’t want to hear it.  Luckily for them, I work in “white-hat” security and therefore I’m bound to not share that info, but everyone else who heard them may not be under the same restrictions.  As there’s no way to block your voice from being heard by everyone in the immediate area (or further, if you’re a loud talker), postpone those calls until you’re someplace out of the public eye and ear.

Taking some basic security precautions when you find, install, update, and run applications on your smartphone and/or tablet is an easy set of steps to take.  They dramatically increase your privacy and security, and don’t cost you anything but a little time to research who makes the apps and what permissions they’re asking for.  Using a VPN from a reputable company that doesn’t want to spy on you and being aware of what information you “leak” on your screens and with your voice will keep info you’d prefer to keep private from ending up in public.   All together, these are simple and powerful steps you can take to take control of your privacy and security no matter where you use your mobile devices.

Your dose of Alphabet Soup:  TLA – Three Letter Acronym – yes, even those of us surrounded by them often admit we have too many of them.  The blanket term “TLA” refers to the alarming variety of acronyms used in various technical and non-technical fields, and can include terms that have more (or sometimes less) than only three letters.