Smartphone Security Checklist
1. Lock your phone with a password. Keep it private. Change it immediately whenever you think someone else knows it.
2. Never loan your phone to someone else.
3. Never let someone install a free ring tone, wallpaper, a “cool app” or an e-mail attachment they just sent you.
4. Do not download an app, wallpaper, ring tones, etc., offered in an unsolicited text message or e-mail. (If you want this doodad, obtain it from the website after verifying that the provider is legitimate.)
5. Use the most restrictive of your phone’s settings for apps and Internet access.
6. Never let your phone out of your possession, ever.
7. Do not jailbreak your phone. (Note: According to http://en.wikipedia.org/wiki/IOS_jailbreaking, “jailbreaking” is a process that allows iPad, iPhone, and iPod Touch users to run third-party, unsigned code on their devices by unlocking the operating system and allowing the user root access.)
8. Do not use your old SIM card in your new phone. Conversely, do not put a new SIM card into your old phone. (Some spyware has the capability of detecting a SIM card swap and will immediately report your new phone number to the spy.)
9. Limit the number of apps you download to the essentials. (Spyware has been known to masquerade as a “fun app.” Downloading a spyware app is an easy mistake to make—more so on some mobile operating systems than others, due to varying degrees of oversight by the system developers. Not all apps are well-screened by the app stores for spyware.)
10. Inexpensive cell phones without extra connectivity do not have the capacity to hold spyware.
11. Keep your phone turned off as much as possible, if practical.
12. Change phones, SIM cards, and carriers once in a while.
Smartphone Security Tips – Deterring Future Spyware Infections
- Do not jailbreak your phone’s operating system software. This is your first line of defense against spyware attacks.
- Do not let your new phone out of your possession. It takes a snoop only minutes to activate spyware on your phone or pull your SIM card to read the information stored on it (contacts, etc.).
- Do not put a new SIM card into your old phone. This will not solve the problem. Some spyware has the capability to detect new SIM cards and will report the new phone number to the spy immediately, thus continuing your privacy problems.
- Do not sync a new device with the old device’s contacts/apps backup file. Syncing could bring your problem back to life. You may have backed up the spyware. Delete the backup. Start fresh.
- Use your mobile device’s password feature.
- Set your device to lock after the shortest time of inactivity period.
- Use your SIM card’s password PIN feature to prevent unauthorized access to stored information.
- Here is how this security feature works: If your PIN is entered incorrectly three times, the SIM card is blocked. You can then unblock it only by entering a personal unblocking code (PUC) provided by the service operator. If the PUC is entered incorrectly ten times, your SIM card will be permanently blocked and you will have to buy a new SIM card.
- Do not store any confidential information on your mobile device that you cannot afford to lose. Assume there is a possibility your phone will be stolen, lost, hacked, or infected with spyware.
- Never use any wireless device to access your bank and credit card accounts. This includes your wireless laptop and iPad devices as well.
- Keep current on your software updates. They frequently include security-related improvements.
- Download e-mail attachments only if you trust the source. Your basic policy should be “Unknown? Leave it alone.” Free ring tones, songs, and games fall into this category. Even if your source is a trusted friend, he or she may unknowingly be passing along spyware or other forms of malware. Ask yourself, “Do I really need this?”
- Never install pirated software on your cell phone.
- Monitor the Usage log built into your device. Write down the usage at the beginning and end of the day. Keep an eye out for unexplained spikes in usage (both text and voice). This chore is made easier with a utility usage app that logs and charts usage for you. The SpyWarn™ Android app can help with this.
- Turn off your mobile devices when you are not using them. It sounds simple, but surprisingly, most people leave their devices on. If you can remove the battery, do that as well.
- Consider purchasing a second phone that no one else knows about. Keep it hidden, and use it only for your most important calls. Remember to turn off the caller ID function.
- If your phone supports dual calling, turn it off until you are positive your phone is not infected with spyware. This is the feature which allows a spy to eavesdrop on your phone calls in real-time.
- If your phone supports GPS, turn it off until you are positive your phone is not infected with spyware. This is the feature which allows a spy to track your location.
- Keep Wi-Fi and Bluetooth turned off until you need them.
Smartphone Security Tips – Pre-bugged Spy Phones
- Never accept a phone given as a gift. Be suspicious of employer provided phones.
- Make sure your phone isn’t swapped with a pre-infected spyphone. Mark your current phone so that you can identify it as yours. A subtle scratch mark or an invisible UV paint mark should do it. We provide our clients with SpyWarn Security Seals™ is also an excellent indicator by itself.
- Be suspicious if people tell you your phone was busy when you know you were not using it. Note: Some spyphone models won’t be busy when in spy mode due to dual phone numbers on their SIM cards. Your phone’s radio transmission will still be detectable, however. The SpyWarn Thermal Sensor™ and/or the SpyWarn 2.0™ Android app help detect unauthorized transmissions.
- Note unusually short battery life. This, plus the phone feeling warmer than usual, may indicate that the phone was being used in eavesdropping mode (assuming your battery is in good health otherwise).
Kevin D. Murray CPP, CISM, CFE is a business counterespionage consultant and TSCM specialist with over four decades of experience.
Murray Associates is an independent security consulting firm, providing eavesdropping detection and counterespionage services to business, government and at-risk individuals.
Headquartered in the New York metropolitan area, a Murray Associates team can assist you quickly, anywhere in the United States, and internationally.