8 mobile apps that protect your phone's privacy, because no, you're not doing enough - CNET

8 mobile apps that protect your phone's privacy, because no, you're not doing enough - CNET

8 mobile apps that protect your phone's privacy, because no, you're not doing enough - CNET

Posted: 17 Oct 2019 12:00 AM PDT

phone-security

Looking for a little more privacy on your phone? Here's the quickest way to get it. 

Getty Images

You're using a PIN to lock your phone, and you're avoiding suspicious emails and apps, right? That's a good start to protecting your privacy on your smartphone. But if you're concerned about the rising tide of mobile phone hacks and massive data breaches in the news, there's more you can do to lock down your most personal piece of technology. 

From browsing under the radar to remotely turning your stolen phone into a brick, here are some of our favorite apps devoted to protecting your privacy on both iOS and Android. 

Private browsing

Whether you're using iOS or Android, the easiest privacy boost you can give yourself is with a virtual private network. VPNs let you hop on public Wi-Fi without worrying about password theft, and they snap the virtual blinds shut on nosy mobile carriers. My go-to recommendation is ExpressVPN, a well-garlanded service at a reasonable price. Aside from its solid track record on security, it consistently ranks among the fastest VPNs on the market and is available for both operating systems

Whichever VPN you choose, though, just make sure it's not a free one

If you're an Android user, the app you need for ultimate browsing security is Tor Browser and its companion, Orbot, the mobile traffic encryption tool. Orbot doesn't just encrypt your browser traffic, it encrypts all data from your internet-connected mobile apps. The closest you can get on iOS is Onion Browser. The only drawback is that it doesn't encrypt all internet-connected app data, just your browsing data. 

Keep in mind that using either Orbot on Android or the Onion Browser on iOS is going to cause some slowdowns in loading speeds. You'll sacrifice some anonymity, but for a speed boost you can always switch to the Brave browser. Its speed and steadfast tracker-blocking pushes it ahead of Firefox and Chrome.

Since you've already gone this far, why not switch from Google to Duck Duck Go? Unlike Google, this privacy-oriented search engine app blocks advertising trackers, forces encryption, and doesn't tail you across the internet looking for ways to serve you ads. It offers apps for both iOS and Android.

Messaging and passwords

To keep your texts secure, consider using the Signal app for either iOS or Android. For encrypted phone calls and text messaging, Signal offers the best combination of usability and security. Keep in mind that for the encryption to work, the people you message have to be using it as well, so spread the word for wider safety. And, yes, you can still send gifs.

The problem with loading up on all of these security apps is that you're going to need to create a lot of new passwords. And if there's one must-have app for privacy, it's a reliable password manager

With iOS 11, Apple introduced a password manager feature, which promised to bypass the pain of memorization. 

Another favorite for many is the 1Password app, available for both iOS and Android. It outpaces the competition and earns its price tag by offering additional features. An individual subscription runs $36 a year, comes with 1GB of storage and offers two-factor authentication. A travel mode lets you remove your 1Password sensitive data from your device when you travel, then restore it with one click when you return.  

Hit the kill switch 

But what if you want to protect your phone after it's already been lost or stolen? You'll need a kill switch -- a way to remotely destroy the contents of your phone and make it nearly useless to a would-be thief. 

Read more: This is how you get your lost or stolen Android phone back fast

The easiest option for Android users is to enable the Find My Device feature already available on your phone. This will allow you to remotely locate the phone if it's lost or stolen, lock it and display a message for any helpful Samaritans who'd like to return it to you. It will also allow you to completely wipe it of data. Here's how to enable Find My Device on your Android phone. 

1. Open the Settings app.

2. Tap Google, then tap Security

3. Turn on Remotely locate this device and Allow remote lock and erase.

Afterward, head over to the Google Play app: 

1. Go to the Settings page, where you'll see your Android phone listed. 

2. Under Visibility, tick the box next to Show in menus.

3. Click the Update button.  

Read more: If you lose your iPhone, immediately do these 3 things

The iOS crowd can use Find My iPhone, a feature associated with every iPhone ($660 at Amazon) that has an iCloud account. To enable Find My iPhone, do the following: 

1. Go to Settings.

2. Tap Apple ID, then tap the device you're using.

3. Enable Find My iPhone.

Afterward, you'll want to give Find My iPhone permission to access your location: 

1. Go back to Settings

2. Tap Privacy, then tap Location Services

3. From there you can let Find My iPhone access your location.

For more smartphone privacy tips, check out 7 security tips to keep people and apps from stealing your data, and don't let your smartphone track you on CNET. 

Now playing: Watch this: Android 10 privacy settings: Everything to know

1:55

Got An Apple Watch 5? How To Secure It In Three Simple Steps - Forbes

Posted: 24 Dec 2019 02:10 AM PST

Following the publication of a U.S. patent that mentioned a fingerprint sensor for the Apple Watch, rumors have been rife that Touch ID will be coming to the wearable soon. If you've just received a gift of an Apple Watch 5, then rumors won't help you secure it (or an Apple Watch 3 or 4 for that matter) from those who would use it to unlock other devices, perform Apple Pay transactions or access data. These tips, however, will.

Do you need to secure your Apple Watch?

Although one recent study has suggested that Apple is less trustworthy than Google when it comes to data encryption, that is something of an outlier. Apple has a pretty decent security record when it comes to the iPhone and its iOS operating system when compared to relatively insecure Android devices. Not that the iPhone is immune from device-specific malware as the iPhone only Krampus campaign demonstrates. The Apple Watch, however, doesn't run on iOS; it uses the iOS-derived WatchOS instead.

So, is WatchOS free from any security issues? Well, if you check the security vulnerability database at CVE Details, you will see plenty of problems that could specifically impact WatchOS. There are 473 vulnerabilities listed in total, ranging from the low severity to the critical. But don't panic; if you sort the results by "number of exploits," you'll notice there have been precisely zero for any of them. And Apple regularly updates WatchOS as it does iOS and operates a bug bounty program to reward those security researchers who uncover vulnerabilities, with a top bounty of $1.5 million (£1.15 million) on offer. So you don't need to worry about securing it, right?

Wrong.

The security issues you do need to be concerned about now you are the owner of a shiny new Apple Watch Series 5 are, frankly, much the same as you face with any other mobile device. The wearable is, in practical terms, an extension of your iPhone. This means that you need to be aware of how it interacts with your iPhone and the access it provides to the smartphone itself, the data upon it and the services it facilitates.

Apple Watch security tip number one: Set a long passcode

The default four-digit PIN, what Apple refers to as a "Simple Passcode," is not secure enough. Especially as most people will likely use the same PIN for their Apple Watch as they do for their credit cards, debit cards, smartphone, SIM card, and anything else that requires a four-digit code. Password reuse is a terrible thing, and the same applies to PIN codes which are just pretty bad passwords after all. To strengthen your Apple Watch PIN, go to the Watch app on your iPhone and click on "Passcode" then disable the "Simple Passcode" option. After confirming your existing PIN, you will be able to set a new 10-digit code. The longer the PIN the more secure, in theory. However, the usability factor kicks in if you are using a random 10-digit code that you can't easily remember. It's not recommended to use memorable dates either; a threat actor will likely be able to guess these from social media information. That said, a six-digit PIN is far more secure than the default and just as easy to remember. Or how about keeping the four-digit PIN you know off by heart and repeating it, in reverse, to create an eight-digit code? So 1234 (please don't use that) would become 12344321. If you enable the "Erase Data" option, then another security feature kicks in: self-destruct. OK, it's not quite that extreme, but not far off. After six incorrect PIN code attempts, the Apple Watch will initiate a 60-second delay between further attempts. Get it wrong ten times and all data will be erased from the device.

Apple Watch security tip number two: Get smart with more locking options

Either on your Apple Watch or iPhone, it's less fiddly for those of us with fat finger syndrome to use the iPhone, make sure that the "Wrist Detection" option is toggled on. This has the effect of automatically locking your Apple Watch when you take it off, necessitating entry of that now longer PIN before unlocking. There's also an option to "Unlock with iPhone," which works in combination with the wrist detection to automatically unlock your Apple Watch without needing the PIN code. As long, that is, the iPhone is close enough to the watch, which you must be wearing. It's another good usability option with no substantial negative impact on security for 99.9% of people 99.9% of the time. As I said before, good security must be easy to use or people find ways to get around it. Which usually means they disable it altogether.

Apple Watch security tip number three: Lost Mode and Activation Lock

Every iPhone owner is familiar, I'm guessing, with the Find My iPhone iCloud feature or app, or "Find My" for iOS 13 users. If not, then get acquainted as it's an essential part of your iPhone security posture. And that of your Apple Watch.

As well as being useful in finding your watch if you can't remember where you left it last, Find My has some additional security-related functionality up its virtual sleeve. Things like being able to remotely wipe your data from your Apple Watch if it is permanently lost or stolen and activating "Lost Mode." The latter will display a short custom message and number to call if someone finds your Apple Watch. More importantly, it will also disable Apple Pay which ticks a significant security concern box for most people who have lost their wearable.

You should also check that the Activation Lock function is enabled in Find My, and if it can see your watch, then it is. What does this do? How does making your Apple Watch worthless to any thief sound to you? Unless that thief knows your Apple ID and password, Activation Lock prevents them or anyone else from being able to wipe your data from the device. The result, an unsaleable Apple Watch.

For more Apple security advice, read How To Secure Your iPhone: 12 Experts Reveal 26 Essential Security Tips.

App stores could give bad actors a one-way ticket to your mobile - ITProPortal

Posted: 27 Dec 2019 03:30 AM PST

It's no shocking statement that mobile phones are completely integrated into our everyday lives, both personally and professionally. The larger issue lies in the evaluation of the applications we rely on daily. Consumer evaluation of apps affects not only our personal data but often the companies who employ us.

There has been a constant stream of jaw-dropping news stories lately highlighting the potential security risks we have in our pockets, but how are these bad actors infiltrating our mobile devices and what tactics are they using? In 2018 alone, it was reported that 194 billion apps were downloaded by consumers - showing the virality an infected application could have if made available to the public. In this article, we will uncover how app stores give a one-way, all-access ticket to mobile devices, which the public tends to download without the proper vetting.

The unknown marketplace
-

Comments

Post a Comment

Popular Posts

Signal, WhatsApp and Telegram: All the major security differences between messaging apps - CNET

Image
Signal, WhatsApp and Telegram: All the major security differences between messaging apps - CNET Signal, WhatsApp and Telegram: All the major security differences between messaging apps - CNET Posted: 19 Feb 2021 04:00 AM PST Brent Lewin/Bloomberg/Getty Images If your choice of encrypted messaging app is a toss-up between Signal , Telegram and WhatsApp , do not waste your time with anything but Signal. This isn't about which has cuter features, more bells and whistles or is most convenient to use -- this is about pure privacy . If that's what you're after, nothing beats Signal. By now you probably already know what happened. On Jan. 7, in a tweet heard 'round the world, tech mogul Elon Musk continued his feud with Facebook by advocating people drop its WhatsApp messenger and use Signal instead. Twitter CEO Jack Dorsey retweeted his call. Around the same time, right-wing social network Parler went dark following the Capito
Read more

VPN browser extensions: Why you shouldn't use then - Tech Advisor

VPN browser extensions: Why you shouldn't use then - Tech Advisor VPN browser extensions: Why you shouldn't use then - Tech Advisor Google Fi calls between Android subscribers will soon be end-to-end encrypted - 9to5Google How to encrypt your computer (and why you should) - Mashable How to encrypt and decrypt a folder on Android with SSE Universal Encryption - TechRepublic 4 ways to send encrypted messages on Android - TechRepublic WhatsApp “end-to-end encrypted” messages aren’t that private after all - Ars Technica ciphertext feedback (CFB) - TechTarget What Is the Windows Encrypting File System (EFS) and How Do You Enable or Disable It? - MUO - MakeUseOf Encrypting your online life is important - Telangana Today Keeper Password Manager Review – Forbes Advisor - Forbes [Update: Screenshot] Google Messages preparing end-to-end encryption for RCS messages - 9to5Google The iOS 15 priva
Read more

Police Target Criminal Users of Sky ECC Cryptophone Service - BankInfoSecurity.com

Image
Police Target Criminal Users of Sky ECC Cryptophone Service - BankInfoSecurity.com Police Target Criminal Users of Sky ECC Cryptophone Service - BankInfoSecurity.com Posted: 11 Mar 2021 12:00 AM PST Cybercrime , Encryption & Key Management , Endpoint Security Investigators Report Recently 'Unlocking' 170,000 Users' 3 Million Daily Messages Mathew J. Schwartz ( euroinfosec ) • March 11, 2021     Source: Sky ECC website Police say they have disrupted Sky ECC, a global encrypted communications network allegedly used by numerous criminals to plan their operations. See Also: Live Webinar | The Role of Passwords in the Hybrid Workforce Law enforcement authorities say Sky's cryptophone service, which includes both infrastructure and apps, is run from the United States and Canada, using infrastructure and private servers based in Europe as well as the service's own SIM cards. Sky ECC devices are available via vari
Read more