Apps 101: Secure your mobile device

Apps 101: Secure your mobile device

One evening in late July 2012, high-profile New York Times tech columnist David Pogue was about to alight from his train home when he realised his iPhone was no longer in his pocket. He immediately tried locating the device using Apple’s ‘Find My iPhone’ service but had no luck; the device was already offline, convincing Pogue whoever had found it had already turned it off.

However, a few days later, Pogue received an email from Find My iPhone: his iPhone had been turned on, and the service’s map function showed it was currently located in a house in Seat Pleasant, Maryland (“a really bad neighbourhood,†as Pogue later put it).

He tweeted the image of the house to his 1.4 million Twitter followers, and the search went viral across social media and the tech blogosphere in real time. Eventually, with the help of the internet and local authorities, the missing iPhone was located – safe and sound, discarded in the property’s backyard – and returned to its grateful owner.

David Pogue’s missing iPhone and the police officers who recovered it.

Adopting a defensive mindset

Pogue’s misadventure highlighted not only the impressive technical functionality of remote location-tracking and control services but also the personal and financial risks associated with losing one’s digital gadgets.

With handheld device theft and online account security breaches seeming to be a growing problem, it’s perhaps no surprise that the just-released Office of the Australian Information Commissioner’s Community Attitudes to Privacy Survey Research Report 2013 found Australians are more worried about digital privacy and personal information concerns than ever before.

The fact of the matter is, these days the contents of your smartphone or tablet are quite likely to be more valuable than the contents of your wallet or purse. First up, there’s the physical cost of the device itself – which often run in the hundreds of dollars. Secondly, and ultimately more importantly, there’s your personal data at stake. People’s exposure will vary depending on how many apps and services they individually use, but if your phone or tablet is logged into email accounts, social networks or cloud apps like Dropbox, Google Drive or Evernote, you could unwittingly have laid bare a whole range of personal information (with the most damaging discoveries being written-down passwords to other services and potentially financial accounts).

For all of the above reasons, it’s imperative to ensure you take steps to lock down your device, so in the event that you misplace it (or it falls into the wrong hands), the damage is contained.

Apple’s Find My iPhone app and iCloud service enables users to remotely locate, lock, wipe and otherwise control their missing device.

You shall not pass

First and foremost, you should enable a passcode lock on your device. Amazingly, studies have shown about half of smartphone users don’t bother with this elementary layer of protection, but in most cases it will completely prevent anyone who finds (or steals) your phone or tablet from gaining access to its data.

In iOS 7, see ‘Settings > General > Passcode Lock’. In Android, check out the lock screen and security settings for your particular device. Pick a code or combination that’s easy for you to remember and hard for others to guess.

A newer form of device authentication is fingerprint scanning, which has received a lot of media attention recently thanks to the Touch ID feature of the new iPhone 5s. While hackers have developed ways of bypassing it already, in reality for most users it’s still likely to be a much safer authentication method than entering an easily-observable four-digit PIN.

And there’s good news for Android fans too, with recent reports of an industry push for a new ‘FIDO’ standard that may make fingerprint scanning an increasingly common feature on Android (and other) devices within the year.

Samsung’s Find My Mobile provides Android users with Samsung devices with remote control facilities.

Remote control

The second step to physical device security is enabling remote software that makes it possible to locate, lock, wipe and otherwise remotely control your smartphone or tablet from another device. For iOS users, there’s the aforementioned standalone Find My iPhone app and associated iCloud service, which has been improved with stronger security features in iOS 7.

While Google hasn’t yet built this functionality directly into Android, the company recently announced Android Device Manager will perform most of the same functions. Plus, manufacturer add-ons – a notable example being Samsung’s Find My Mobile – are included in many more recent devices. If your device doesn’t have one built in, there’s a wealth of anti-theft apps on Google Play that can help you out, from vendors such as Bitdefender, Norton, Lookout and others.

What about mobile malware?

Malware is such an established and constant threat when it comes to desktop computing that it’s easy to assume that mobile devices like smartphones and tablets are equally susceptible, but it’s not as simple as that – although security software vendors might like to have you believe otherwise. While mobile malware on iOS and Android can and does exist – and exploitable software vulnerabilities are continually being discovered – most users’ reliance on the App Store and Google Play as the sole source of their mobile apps (as opposed to side-loading apps or using alternative app stores) drastically reduces malware distribution when compared to PC software, with a recent US study of over 380 million mobile devices discovering less than 0.0009% showed evidence of infection (Google itself claims a slightly higher .001%, which is still extremely low). Still, don’t let your guard down when granting apps permissions to your device – and if in doubt, installing a mobile security app from one of the big-name vendors like Symantec or AVG certainly won’t hurt.

A question of safety

It’s an impressive technical capability to be able to track down your device when it goes missing, but if your smartphone, tablet or notebook has indeed been stolen, it might not be the best idea to go and try to recover it yourself. After all, you’ve got no idea what you’re walking into.

TechLife got in touch with the NSW Police Force and asked what it recommended people do if they lose their trackable gadgets. A spokesperson told us: “Police are aware of the capability for an individual to track their own smartphone. However, we discourage people from doing so, as we do not want individuals to risk their own safety – particularly if the phone has been stolen.

In NSW, people can report their phone as being lost or stolen via CrimeStoppers on 1800 333 000 or attend their local police station. When you are out and about – do not leave your phone and other valuables unattended – so as not to give criminals an opportunity. Individuals are also encouraged to record their phone’s serial and IMEI numbers and keep them in a safe place.â€