Securing Mobile: Introduction
Smartphones are the cutting edge of surveillance technology. For most people, their miniature super computers go with them everywhere, tracking your movements, communications, content intake, interests (via the apps downloaded and sites visited), and in many cases they even track health information like steps taken and sleep habits like morning alarms, even if you not specifically configured to do so.
Imagine for a moment if your phone got lost. Imagine a stranger picking up your phone and checking it. Maybe they’re a good person trying to get it back its owner, but maybe they’re not. They can see your banking app and maybe even access your account just by opening it. They can read all your texts and scroll through your images. They can even check your web history or map history. Losing your phone is more than an inconvenience or expense, it’s a massive personal risk. The biggest step you can take to minimize this surveillance and maximize your security is to become less dependent on your phone. For example, if you’re going to the grocery store like usual, you already know where it is. Leave the phone at home and taken a shopping list written manually on a slip of paper.
Try as we might, sometimes we have no choice but to carry or use our phones. You may need it to navigate to a new place or be reachable while on the job. The next best step is to minimize the data collected by your phone in the first place. In this sub-chapter, I’m going to share settings, apps, and general recommended behaviors for both iOS and Android that can be changed to maximize your privacy settings.
Android or iOS?
This debate raged since the beginning of smartphones. The truth is that these days, there is very little difference in the security of either device. (Source) However, there are still a few differences between the devices worth considering.
Androids are popular because they are inexpensive and offer much more customization than iOS. Androids allow for third-party app stores like F-Droid and “sideloading” apps directly without an app store, which can increase your privacy but also opens the possibility of installing a malicious app if you’re not careful. Additionally, Google’s process for vetting apps in the official Play Store is not very comprehensive compared to Apple’s App Store, meaning that malicious apps in the official Play Store are relatively common. Androids do suffer from generally having a shorter support lifecycle - usually 2-3 years tops - and sometimes struggle with pushing out updates in a timely manner. This is due to the fact that Androids are made by a variety of manufacturers who must modify each new version to be compatible with their devices, thus extending the time between the upstream release and when it arrives in the hands of the end user. (Source, source) If you choose to go the Android route, I strongly recommend the Google Pixel. They receive the longest support of any Android device (5 years for some models), have the best hardware security, get updates quicker than other manufacturers, and you won’t get “bloatware” apps installed or be submitting data to additional third parties like you would normally be involved if you got a device from a manufacturer like Samsung, Xiaomi, etc.
iPhones are popular with the people who want a device that “just works.” Unlike Android, pushing out updates is incredibly fast because all devices are manufactured directly by Apple with very little variation between the hardware. Additionally, the Apple App store has a stricter approval system for apps than Google Play, meaning that it’s harder to place malicious apps in the App Store than the Google Play Store. (Source). Malicious apps do sometimes still get through, but it’s less common. Apple devices also tend to be supported for many years, sometimes 5 or 6 or more.
Regarding data collection, I believe that Apple collects just as much information about you as Google does. The difference is that Apple does not rely on advertising as heavily as Google. While Apple does sell some ad space, the information primarily remains in-house for product improvement purposes. This is a very slight edge over Google, though with the changes recommended in the coming pages you can significantly reduce the data collected in both cases, making the choice largely personal preference in the end. Regardless of the device you choose, I highly discourage you from ever jailbreaking or rooting your phone. Compromising a phone like that disables many of the security features, prevents you from getting security updates, and generally makes you significantly more susceptible to malware.