Five Huge Mistakes That Make Your Smartphone Less Secure
Initially, the smartphone was something of a novelty that was far too expensive for most people, but it has now turned into a massive part of our everyday life. We use it for communicating with other people, paying the bills, buying stuff, managing our finances, and last but not least, creating and storing some of our most treasured memories. Truth be told, this isn't the first device to make a similar transition. The personal computer before it also revolutionized many of our everyday tasks, but the smartphone did it in a much quicker and more definitive way, mostly because it's portable and easier to use. It all happened so quickly that many of us seem to have overlooked the fact that keeping our smartphones under control is very important.
Far too many mistakes are made when it comes to smartphone security, and the worst thing about it is, avoiding some of them is as simple as knowing what the dangers are and being aware of the potential consequences. Today, we'll take a look at some of the most common errors that can leave your smartphone and the data inside it vulnerable.
Not using the phone's locking mechanisms
Nowadays, it's hard to buy a smartphone that doesn't have a fingerprint reader. If you find one, it will most likely be a recent model iPhone which comes with Face ID – the face recognition technology that Apple seems particularly proud of.
Even if biometric authentication is not available, smartphones give you other ways of preventing unauthorized access. And yet, people seem unwilling to use these mechanisms. Why?
The answer is painfully obvious – they are just lazy. They can't be bothered to enter a password, punch in a PIN or draw a pattern every time they want to check out their Facebook news feed, and even though smartphone vendors now provide much quicker and more convenient biometric-based authentication mechanisms, users still appear somewhat unimpressed.
And this is a worry because part of the reason why smartphones became so popular is the fact that they provide all that power in a package that is small enough to fit in our pockets. Unfortunately, the same portability makes it incredibly easy to lose. If you don't lock it while it's not in use, you risk bidding goodbye to much more than the phone.
Poor password management
For whatever reason, Kanye West doesn't want to use the biometric authentication system on his phone. This was revealed last year during a visit to the White House when cameras caught him unlocking his iPhone with a PIN. The same cameras showed that his PIN is "000000".
Let's imagine for a moment that Mr. West's phone ends up in the hands of a person who is more than willing to share whatever they find with the media. All that stands between them and Kanye West's personal photos, contacts, communication, and a host of other extremely sensitive data is a succession of six zeros. This, you have to agree, is not the way to treat your information, regardless of whether you're a celebrity or not.
It's not just the PINs on the device itself, either. In most cases, you can't take advantage of all of your smartphone's features without connecting it to your Google and/or Apple accounts and sharing quite a lot of data with them. These accounts have become treasure troves of personal details, and they are accessible remotely which means that setting strong, unique passwords and turning on two-factor authentication is an essential step towards securing them.
Installing applications from third-party app stores
The design of the Android and iOS ecosystems should, in theory, make installing shady applications harder. There are official app stores, and all the software that appears on them is supposed to be reviewed by Apple or Google. In reality, things don't quite work like this.
Every now and again, researchers find malicious Android apps that have made their way to Google Play, and although this sort of thing is much rarer with iOS, it is not completely unheard of. Despite the incidents, the official app stores remain the most reliable sources for mobile software.
By default, modern smartphones don't allow the installations of applications from third-party websites, but if you fiddle with the settings, you can make it work, and plenty of people have done just that. These applications have not been reviewed in any way, however, which means that they can be (and often are) dangerous. Sources outside the official app stores usually market either cracked versions of real apps or apps that supposedly come with some revolutionary functionality which makes them all the more appealing – exactly what the cybercriminals want. Staying well away from this type of websites is your best bet.
Ignoring security updates
Our smartphones are completely useless without their operating system and the applications we install on them. In other words, software is what makes them work. One of the downsides of software is that it's written by human beings, and human beings make mistakes. Sometimes, these mistakes might result in an unstable performance or buggy functionality. Often, however, errors in the code of applications and operating systems leave gaping security holes that can be exploited by hackers. Obviously, there are armies of researchers on a mission to hunt down these security holes and help companies plug them, and for the most part, they're doing a rather good job. We don't hear about too many cyberattacks that involve the so-called zero-day vulnerabilities – security bugs that are exploited before the software vendor has had the time to learn about and mitigate them.
In most cases, the researchers and the developers have already done their job – they have worked together to produce a patch which has been incorporated into the product's latest version. The ones that are in error are the users themselves who have decided not to bother with the update.
Users shouldn't always get all the blame, though. The huge number of Android device manufacturers means that people are somewhat spoiled for choice, but it also prevents many of them from getting the latest version of Google's mobile operating system. Google and hardware vendors are looking for ways out of this situation, but for now, a solution seems elusive. Nevertheless, updates and security patches for both apps and operating systems are released, and there's no excuse for ignoring them.
Hooking up to unencrypted Wi-Fi networks
Connecting to the free Wi-Fi network in an airport or a café seems like one of the most innocent things you can do, but the reality is, it's not. The lack of a password means that the communication between your phone and the router is not encrypted. It also means that anyone can join the network and listen in on the said communication. If HTTPS is not enforced by the online service you're using, all the data you send and receive can be intercepted and tampered with. The person sitting on the next table could be eavesdropping on your chats or stealing your login credentials, and they could be quietly redirecting you to malicious webpages and unwanted content. If you must connect to an open Wi-Fi network, make sure you do it through a reputable VPN service that encrypts the information coming out of your smartphone.
As you can see, although using a smartphone is something we've become quite used to, there are still many things that can (and often do) go wrong. Taking the security of this small portable device seriously is very important, and one of the first steps to do this is to avoid the mistakes you see above.