8 mobile apps that protect your phone's privacy, because no, you're not doing enough - CNET

8 mobile apps that protect your phone's privacy, because no, you're not doing enough - CNET


8 mobile apps that protect your phone's privacy, because no, you're not doing enough - CNET

Posted: 17 Oct 2019 12:00 AM PDT

phone-security

Looking for a little more privacy on your phone? Here's the quickest way to get it. 

Getty Images

You're using a PIN to lock your phone, and you're avoiding suspicious emails and apps, right? That's a good start to protecting your privacy on your smartphone. But if you're concerned about the rising tide of mobile phone hacks and massive data breaches in the news, there's more you can do to lock down your most personal piece of technology. 

From browsing under the radar to remotely turning your stolen phone into a brick, here are some of our favorite apps devoted to protecting your privacy on both iOS and Android. 

Private browsing

Whether you're using iOS or Android, the easiest privacy boost you can give yourself is with a virtual private network. VPNs let you hop on public Wi-Fi without worrying about password theft, and they snap the virtual blinds shut on nosy mobile carriers. My go-to recommendation is ExpressVPN, a well-garlanded service at a reasonable price. Aside from its solid track record on security, it consistently ranks among the fastest VPNs on the market and is available for both operating systems

Whichever VPN you choose, though, just make sure it's not a free one

If you're an Android user, the app you need for ultimate browsing security is Tor Browser and its companion, Orbot, the mobile traffic encryption tool. Orbot doesn't just encrypt your browser traffic, it encrypts all data from your internet-connected mobile apps. The closest you can get on iOS is Onion Browser. The only drawback is that it doesn't encrypt all internet-connected app data, just your browsing data. 

Keep in mind that using either Orbot on Android or the Onion Browser on iOS is going to cause some slowdowns in loading speeds. You'll sacrifice some anonymity, but for a speed boost you can always switch to the Brave browser. Its speed and steadfast tracker-blocking pushes it ahead of Firefox and Chrome.

Since you've already gone this far, why not switch from Google to Duck Duck Go? Unlike Google, this privacy-oriented search engine app blocks advertising trackers, forces encryption, and doesn't tail you across the internet looking for ways to serve you ads. It offers apps for both iOS and Android.

Messaging and passwords

To keep your texts secure, consider using the Signal app for either iOS or Android. For encrypted phone calls and text messaging, Signal offers the best combination of usability and security. Keep in mind that for the encryption to work, the people you message have to be using it as well, so spread the word for wider safety. And, yes, you can still send gifs.

The problem with loading up on all of these security apps is that you're going to need to create a lot of new passwords. And if there's one must-have app for privacy, it's a reliable password manager

With iOS 11, Apple introduced a password manager feature, which promised to bypass the pain of memorization. 

Another favorite for many is the 1Password app, available for both iOS and Android. It outpaces the competition and earns its price tag by offering additional features. An individual subscription runs $36 a year, comes with 1GB of storage and offers two-factor authentication. A travel mode lets you remove your 1Password sensitive data from your device when you travel, then restore it with one click when you return.  

Hit the kill switch 

But what if you want to protect your phone after it's already been lost or stolen? You'll need a kill switch -- a way to remotely destroy the contents of your phone and make it nearly useless to a would-be thief. 

Read more: This is how you get your lost or stolen Android phone back fast

The easiest option for Android users is to enable the Find My Device feature already available on your phone. This will allow you to remotely locate the phone if it's lost or stolen, lock it and display a message for any helpful Samaritans who'd like to return it to you. It will also allow you to completely wipe it of data. Here's how to enable Find My Device on your Android phone. 

1. Open the Settings app.

2. Tap Google, then tap Security

3. Turn on Remotely locate this device and Allow remote lock and erase.

Afterward, head over to the Google Play app: 

1. Go to the Settings page, where you'll see your Android phone listed. 

2. Under Visibility, tick the box next to Show in menus.

3. Click the Update button.  

Read more: If you lose your iPhone, immediately do these 3 things

The iOS crowd can use Find My iPhone, a feature associated with every iPhone ($660 at Amazon) that has an iCloud account. To enable Find My iPhone, do the following: 

1. Go to Settings.

2. Tap Apple ID, then tap the device you're using.

3. Enable Find My iPhone.

Afterward, you'll want to give Find My iPhone permission to access your location: 

1. Go back to Settings

2. Tap Privacy, then tap Location Services

3. From there you can let Find My iPhone access your location.

For more smartphone privacy tips, check out 7 security tips to keep people and apps from stealing your data, and don't let your smartphone track you on CNET. 

Now playing: Watch this: Android 10 privacy settings: Everything to know

1:55

Got An Apple Watch 5? How To Secure It In Three Simple Steps - Forbes

Posted: 24 Dec 2019 02:10 AM PST

Following the publication of a U.S. patent that mentioned a fingerprint sensor for the Apple Watch, rumors have been rife that Touch ID will be coming to the wearable soon. If you've just received a gift of an Apple Watch 5, then rumors won't help you secure it (or an Apple Watch 3 or 4 for that matter) from those who would use it to unlock other devices, perform Apple Pay transactions or access data. These tips, however, will.

Do you need to secure your Apple Watch?

Although one recent study has suggested that Apple is less trustworthy than Google when it comes to data encryption, that is something of an outlier. Apple has a pretty decent security record when it comes to the iPhone and its iOS operating system when compared to relatively insecure Android devices. Not that the iPhone is immune from device-specific malware as the iPhone only Krampus campaign demonstrates. The Apple Watch, however, doesn't run on iOS; it uses the iOS-derived WatchOS instead.

So, is WatchOS free from any security issues? Well, if you check the security vulnerability database at CVE Details, you will see plenty of problems that could specifically impact WatchOS. There are 473 vulnerabilities listed in total, ranging from the low severity to the critical. But don't panic; if you sort the results by "number of exploits," you'll notice there have been precisely zero for any of them. And Apple regularly updates WatchOS as it does iOS and operates a bug bounty program to reward those security researchers who uncover vulnerabilities, with a top bounty of $1.5 million (£1.15 million) on offer. So you don't need to worry about securing it, right?

Wrong.

The security issues you do need to be concerned about now you are the owner of a shiny new Apple Watch Series 5 are, frankly, much the same as you face with any other mobile device. The wearable is, in practical terms, an extension of your iPhone. This means that you need to be aware of how it interacts with your iPhone and the access it provides to the smartphone itself, the data upon it and the services it facilitates.

Apple Watch security tip number one: Set a long passcode

The default four-digit PIN, what Apple refers to as a "Simple Passcode," is not secure enough. Especially as most people will likely use the same PIN for their Apple Watch as they do for their credit cards, debit cards, smartphone, SIM card, and anything else that requires a four-digit code. Password reuse is a terrible thing, and the same applies to PIN codes which are just pretty bad passwords after all. To strengthen your Apple Watch PIN, go to the Watch app on your iPhone and click on "Passcode" then disable the "Simple Passcode" option. After confirming your existing PIN, you will be able to set a new 10-digit code. The longer the PIN the more secure, in theory. However, the usability factor kicks in if you are using a random 10-digit code that you can't easily remember. It's not recommended to use memorable dates either; a threat actor will likely be able to guess these from social media information. That said, a six-digit PIN is far more secure than the default and just as easy to remember. Or how about keeping the four-digit PIN you know off by heart and repeating it, in reverse, to create an eight-digit code? So 1234 (please don't use that) would become 12344321. If you enable the "Erase Data" option, then another security feature kicks in: self-destruct. OK, it's not quite that extreme, but not far off. After six incorrect PIN code attempts, the Apple Watch will initiate a 60-second delay between further attempts. Get it wrong ten times and all data will be erased from the device.

Apple Watch security tip number two: Get smart with more locking options

Either on your Apple Watch or iPhone, it's less fiddly for those of us with fat finger syndrome to use the iPhone, make sure that the "Wrist Detection" option is toggled on. This has the effect of automatically locking your Apple Watch when you take it off, necessitating entry of that now longer PIN before unlocking. There's also an option to "Unlock with iPhone," which works in combination with the wrist detection to automatically unlock your Apple Watch without needing the PIN code. As long, that is, the iPhone is close enough to the watch, which you must be wearing. It's another good usability option with no substantial negative impact on security for 99.9% of people 99.9% of the time. As I said before, good security must be easy to use or people find ways to get around it. Which usually means they disable it altogether.

Apple Watch security tip number three: Lost Mode and Activation Lock

Every iPhone owner is familiar, I'm guessing, with the Find My iPhone iCloud feature or app, or "Find My" for iOS 13 users. If not, then get acquainted as it's an essential part of your iPhone security posture. And that of your Apple Watch.

As well as being useful in finding your watch if you can't remember where you left it last, Find My has some additional security-related functionality up its virtual sleeve. Things like being able to remotely wipe your data from your Apple Watch if it is permanently lost or stolen and activating "Lost Mode." The latter will display a short custom message and number to call if someone finds your Apple Watch. More importantly, it will also disable Apple Pay which ticks a significant security concern box for most people who have lost their wearable.

You should also check that the Activation Lock function is enabled in Find My, and if it can see your watch, then it is. What does this do? How does making your Apple Watch worthless to any thief sound to you? Unless that thief knows your Apple ID and password, Activation Lock prevents them or anyone else from being able to wipe your data from the device. The result, an unsaleable Apple Watch.

For more Apple security advice, read How To Secure Your iPhone: 12 Experts Reveal 26 Essential Security Tips.

App stores could give bad actors a one-way ticket to your mobile - ITProPortal

Posted: 27 Dec 2019 03:30 AM PST

It's no shocking statement that mobile phones are completely integrated into our everyday lives, both personally and professionally. The larger issue lies in the evaluation of the applications we rely on daily. Consumer evaluation of apps affects not only our personal data but often the companies who employ us.

There has been a constant stream of jaw-dropping news stories lately highlighting the potential security risks we have in our pockets, but how are these bad actors infiltrating our mobile devices and what tactics are they using? In 2018 alone, it was reported that 194 billion apps were downloaded by consumers - showing the virality an infected application could have if made available to the public. In this article, we will uncover how app stores give a one-way, all-access ticket to mobile devices, which the public tends to download without the proper vetting.

The unknown marketplace

Comments

Popular Posts

Signal, WhatsApp and Telegram: All the major security differences between messaging apps - CNET

Harry Dunn's parents to meet Anne Sacoolas as immunity row continues - The Guardian

VPN browser extensions: Why you shouldn't use then - Tech Advisor