Mobile phone security

  1. Auto-lock your phone.  They’re small, we carry them everywhere, and unfortunately mobile phones are lost or stolen all too often. If your phone falls into the wrong hands, a password is the first line of defense for your personal data. To keep your information private, create a strong password for your phone and set your screen to auto-lock within five minutes. Arrange phone settings so a password is required to wake up your phone after an inactive period. Use a password that’s different from your others (ATM, email accounts, online bill-paying accounts). Encrypt smart phones used for sensitive business communications, activate a timeout password and install an updated anti-malware program and on-device personal firewall.
  2. Keep your apps and device software up to date.  Hackers work diligently to discover new vulnerabilities in our apps or the software that operates our phones. Device manufacturers and app developers frequently update their software to fix newly exploited security gaps, but if you don’t download and install these updates your information is still at risk.
  3. Use discretion when downloading apps.  One of the most exciting things about getting a new Smartphone is downloading all the great apps that are available. Unfortunately, even the most innocent-looking app can contain software designed to steal personal data, make fraudulent charges or even hijack your phone. Only download apps from sites you trust, check the app’s rating and read reviews to make sure they’re widely used and respected before you download.
  4. Don’t open unfamiliar attachments, emails or text messages from unknown sources.  They’re likely to be harmful. Be judicious about the type of applications that you download. Many apps come with spyware or other malicious software. Consider using a more secure computer for sensitive tasks such as online banking.
  5. Stick to window-shopping on public WiFi.  Public WiFi networks have become ubiquitous, but security for these networks is scarce. Be careful what you do on public WiFi networks as there may be others watching network traffic. In particular stay away from making purchases and banking transactions—any communication that conveys a password, account number or credit card number—unless you are certain that you are on a secure connection.
  6. Protect your phone like you protect your PC.  Most people already use software to shield their PC from viruses and spyware. With so much personal data on our phones and mobile malware on the rise, our mobile devices now need the same attention. Protect yourself and your private data from malware, spyware and malicious apps by downloading a reputable security app.
  7. Password-protect your mobile device and voicemail with a PIN.  Make the password strong and hard to guess by using numbers, upper- and lower-case letters, and at least one symbol. Memorize your PIN. Don’t record it on anything you carry with you. Change your PIN periodically. Use “strong” PINs that are hard to guess. These will have numbers, upper- and lowercase letters, and at least one symbol. Never use a PIN (or password) with the last four digits of your Social Security number, your date of birth, your middle name or anything else that’s easily guessed or subject to ready access via other sources
  8. Keep records.  Make a physical list of everything on your Smartphone—all the accounts and documents (or types of documents) it can access.
  9. Don't Save Information.  Delete voice and text messages with financial or personal information.
  10. Data-wipe mobile devices.  Use programs to destroy a device’s data if the password is entered incorrectly a certain number of times—say
  11. Software.  Take advantage of software that locks the phone or erases the data remotely if the phone is lost or stolen.
  12. Financial Institution. Tell your financial institution immediately if you change your phone number or lose your mobile device.

Using Mobile Devices in Public

With people increasingly using tablets in public places, users are at risk of sharing more than they might want to with the people around them. If others can clearly see what you're doing with your device, it can put your privacy at risk.

Protect Your Smart Device

  1. Consider your surroundings and use your device discreetly at locations in which you feel unsafe.
  2. Never leave your device unattended in a public place. Don't leave it visible in an unattended car; lock it up in the glove compartment or trunk.
  3. Write down the device's make, model number, serial number and unique device identification number - either the International Mobile Equipment Identifier (IMEI), the Mobile Equipment Identifier (MEID) number or the Electronic Serial Number (ESN) - which you may find in your device settings or printed on a label affixed to your device underneath the battery. The police may need this information if the device is stolen or lost.
  4. Review your warranty or service agreement to find out what will happen if your phone is stolen or lost. If the policy is not satisfactory, you may wish to consider buying device insurance.

How to Protect the Data on Your Phone


Establish a password to restrict access. Should your device be stolen or lost, this will help protect you from both unwanted usage charges and from theft and misuse of your personal data.

  1. Install and maintain anti-theft software.

    Apps are available that will:
    - Locate the device from any computer;
    - Lock the device to restrict access;
    - Wipe sensitive data from the device, including contacts, text messages, photos, emails, browser histories
       and user accounts such as Facebook and Twitter;
    - Make the device emit a loud sound (“scream”) to help the police locate it.

  2. Make your lock screen display contact information, such as an e-mail address or alternative phone number, so that the phone may be returned to you if found. Avoid including sensitive information, such as your home address.  Be careful about what information you store. Social networking and other apps may allow unwanted access to your personal information.

What to Do if Your Wireless Device is Stolen


  1. If you are not certain whether your device has been stolen or if you have simply misplaced it, attempt to locate the device by calling it or by using the anti-theft software's GPS locator. Even if you may have only lost the device, you should remotely lock it to be safe.
  2. If you have installed anti-theft software on your device, use it to lock the phone, wipe sensitive information, and/or activate the alarm.
  3. Immediately report the theft or loss to your carrier. You will be responsible for any charges incurred prior to when you report the stolen or lost device. 
  4. If you provide your carrier with the IMEI, MEID or ESN number, your carrier may be able to disable your device and block access to the information it carries. Request written confirmation from your carrier that you reported the device as missing and that the device was disabled.
If the device was stolen, also immediately report the theft to the police, including the make and model, serial and IMEI, MEID or ESN number. Some carriers require proof that the device was stolen, and a police report would provide that documentation.

Safeguard Your Mobile Wallet Smartphone

  1. Consider your surroundings and use your Smartphone or mobile device discreetly.
  2. Do not use mobile wallet services to conduct financial transactions over an unsecured Wi-Fi network.
  3. Never leave your Smartphone unattended in a public place. Don't leave it visible in an unattended car; lock it up in the glove compartment or trunk.
  4. The police may need your Smartphone’s unique identifying information if it is stolen or lost. Write down the make, model number, serial number, and unique device identification number (either the International Mobile Equipment Identifier (IMEI) or the Mobile Equipment Identifier (MEID) number). Some phones display the IMEI/MEID number when you dial *#06#. The IMEI/MEID can also be found on a label located beneath the phone's battery or on the box that came with your phone.
  5. Review the service agreement for the financial account used in your mobile wallet to find out what will happen and who to contact if your Smartphone is stolen or lost, or if your mobile wallet application is hacked.
  6. Monitor the financial account used in your mobile wallet for any fraudulent charges.
  7. Choose a unique password for your mobile wallet. Should your Smartphone be lost or stolen, this may help protect you from both unwanted charges and from theft and misuse of your personal data.
  8. Install and maintain security software. Apps are available to:

    - Locate your Smartphone from any computer;
    - Lock your Smartphone to restrict access;
    - Wipe sensitive personal information and mobile wallet credentials from your Smartphone; and
    - Make your Smartphone emit a loud sound ("scream") to help you or the police locate it.

  9. Adjust your "locked screen" display to show your contact information so that your Smartphone may be returned to you if found.
  10. Be careful about what information you store. Social networking and other apps may pose a security risk and allow unwanted access to your personal information and mobile wallet data.

What to do if Your Mobile Wallet Smartphone is stolen

  1. If you are not certain whether your Smartphone or mobile device has been stolen or if you have simply misplaced it, attempt to locate the Smartphone by calling it or by using the security software's GPS locator. Even if you may have only lost the Smartphone, you should remotely lock it to be safe.
  2. If you have installed security software on your Smartphone, use it to lock the device, wipe sensitive personal information, and/or activate the alarm.
  3. Immediately report the theft or loss to your wireless carrier. You will typically be responsible for any charges incurred prior to when you report the stolen or lost Smartphone. If you provide your carrier with the IMEI or MEID number, your carrier may be able to disable your Smartphone, your mobile wallet services, and block access to your personal information and sensitive mobile wallet data. Request written confirmation from your carrier that you reported the Smartphone as missing and that the Smartphone was disabled.
  4. If your Smartphone or mobile device was stolen, also immediately report the theft to the police, including the make and model, serial and IMEI or MEID number. Some carriers require proof that the Smartphone was stolen, and a police report can provide that documentation.
  5. If you are unable to lock your stolen or lost Smartphone, change all of your passwords for mobile wallet services and banking accounts that you have accessed using your Smartphone service.

Mobile Apps

If you have a smart phone or other mobile device, you probably use apps – to play games, get turn-by-turn directions, access news, books, weather, and more. Easy to download and often free, mobile apps can be so much fun and so convenient that you might download them without thinking about some key considerations: how they’re paid for, what information they may gather from your device, or who gets that information.

Mobile App Basics

What’s a mobile app?  A mobile app is a software program you can download and access directly using your phone or another mobile device, like a tablet or music player.

What do I need to download and use an app?

You need a smart phone or another mobile device with internet access. Not all apps work on all mobile devices. Once you buy a device, you’re committed to using the operating system and the type of apps that go with it. The Android, Apple, Microsoft and BlackBerry mobile operating systems have app stores online where you can look for, download, and install apps. Some online retailers also offer app stores. You’ll have to use an app store that works with your device’s operating system. 

Why are some apps free?

  • Some apps are distributed for free through app stores; the developers make money in a few ways:
  • Some sell advertising space within the app. The app developers can earn money from the ads, so they distribute the app for free to reach as many users as possible.
  • Some apps offer their basic versions for free. Their developers hope you’ll like the app enough to upgrade to a paid version with more features.
  • Some apps allow you to buy more features within the app itself. Usually, you are billed for these in-app purchases through the app store. Many devices have settings that allow you to block in-app purchases.
  • Some apps are offered free to interest you in a company’s other products. These apps are a form of advertising. 

Questions About Your Privacy

What types of data can apps access?

When you sign up with an app store or download individual apps, you may be asked for permission to let them access information on your device. Some apps may be able to access:

  • your phone and email contacts
  • call logs
  • internet data
  • calendar data
  • data about the device’s location
  • the device’s unique IDs
  • information about how you use the app itself

Some apps access only the data they need to function; others access data that’s not related to the purpose of the app.

If you’re providing information when you’re using the device, someone may be collecting it – whether it’s the app developer, the app store, an advertiser, or an ad network. And if they’re collecting your data, they may share it with other companies.

How can I tell what information an app will access or share?  It’s not always easy to know what data a specific app will access, or how it will be used. Before you download an app, consider what you know about who created it and what it does. The app stores may include information about the company that developed the app, if the developer provides it. If the developer doesn’t provide contact information – like a website or an email address – the app may be less than trustworthy.

If you’re using an Android operating system, you will have an opportunity to read the “permissions” just before you install an app. Read them. It’s useful information that tells you what information the app will access on your device. Ask yourself whether the permissions make sense given the purpose of the app; for example, there’s no reason for an e-book or “wallpaper” app to read your text messages.

Why do some apps collect location data?  Some apps use specific location data to give you maps, coupons for nearby stores, or information about who you might know nearby. Some provide location data to ad networks, which may combine it with other information in their databases to target ads based on your interests and your location.

Once an app has your permission to access your location data, it can do so until you change the settings on your phone. If you don’t want to share your location with advertising networks, you can turn off location services in your phone’s settings. But if you do that, apps won’t be able to give you information based on your location unless you enter it yourself.  Your phone uses general data about its location so your phone carrier can efficiently route calls. Even if you turn off location services in your phone’s settings, it may not be possible to completely stop it from broadcasting your location data.

Questions About Advertising.  Why does the app I downloaded have ads in it?  Developers want to provide their apps as inexpensively as possible so lots of people will use them. If they sell advertising space in the app, they can offer the app for a lower cost than if it didn’t have ads. Some developers sell space in their apps to ad networks that, in turn, sell the space to advertisers.

Why do I see the ads I do? Advertisers believe you’re more likely to click on an ad targeted to your specific interests. So ad networks gather the information apps collect, including your location data, and may combine it with the kind of information you provide when you register for a service or buy something online. The combined information allows the mobile ad network to send you targeted ads – ads that may be relevant to someone with your preferences and in your location.

Malware and Security Concerns.  Should I update my apps?  Your phone may indicate when updates are available for your apps. It’s a good idea to update the apps you’ve installed on your device and the device’s operating system when new versions are available. Updates often have security patches that protect your information and your device from the latest malware.

Could an app infect my phone with malware?  Some hackers have created apps that can infect phones and mobile devices with malware. If your phone sends email or text messages that you didn’t write, or installs apps that you didn’t download, you could be looking at signs of malware.  If you think you have malware on your device, you have a few options: you can contact customer support for the company that made your device; you can contact your mobile phone carrier for help; or you can install a security app to scan and remove apps if it detects malware. Security apps for phones are relatively new; there are only a few on the market, including some with free versions.

Mobile App User Reviews.  Can I trust all the user reviews I read about an app?  Most app stores include user reviews that can help you decide whether to download. But some app developers and their marketers have posed as consumers to post positive comments about their own products. In fact, the Federal Trade Commission recently sued a company for posting fake comments about the apps it was paid to promote.

Apple iPhone Safety

To prevent losses associated with fraudulent apps, we suggest all iOS users read the reviews and check ratings before buying an application. Do not believe in magical features that do not exist in your phone, no app is able to do things that Apple does not allow.

If you were the victim of such apps, you can try asking Apple to refund your money, by following these steps:

  1. Open iTunes and select the iTunes Store link in the left-hand column;
  2. Near the top right corner, click the arrow next to your username (email address) and then select Account;
  3. About halfway down the screen, click the Purchase History button;
  4. In the bottom portion of the screen, you will see your App Store purchase history – click the Report a Problem button;
  5. Locate the iTunes invoice with the application you would like a refund for, and click the Report a Problem link
  6. Fill out the form that follows and be sure to be as detailed as possible – when finished, click Next
  7. If your reason for requesting a refund is valid, Apple should respond within a few days and process your refund within a week.

Android App Safety

When an app is installed, the system will always display the permissions requested. The user can use this at a glance to evaluate an app’s intentions. If a relatively simple app, like a wrapper for a website, asks for permission to send and receive SMS messages, that is a serious red flag. In fact, a large number of these so-called “SMS Trojans” are in circulation around the seedier parts of the web. When installed, they text premium rate numbers to rack up charges. The same concern exists for apps that include phone calling permissions; they could call premium rate numbers without the user’s knowledge.

Android permissions

  • Another important permission to be on the lookout for is access to the contact list, and Google accounts. If an app has no business looking at this data, there is a chance that it’s just malware designed to harvest user data for spamming or phishing scams. The only time one might expect to see this permission is in apps that autocomplete contact names, or handle legitimate messaging actions.
  • Of less concern financially, but still a sign of shady behavior, is the location permission. This can come in either Fine (GPS) or Coarse (Network) varieties. An app that doesn’t need this data for its essential function could be using it for something as innocuous as location-aware ads, but there is a darker possibility as well. Questionable app could harvest a user’s exact location, store it over time, and sell that to advertisers.
  • The best way to stay safe on Android is to just stick to established apps from the official Android Market or the Amazon Appstore. While bad apps do occasionally show up in the Market, Google removes them swiftly and can remotely kill the apps on phones.
  • Most of the truly dangerous threats have been detected on forums and third-party websites masquerading as well-known apps.Basically, don’t install a version of “Cut the Rope” obtained from a Chinese pirated software forum. By leaving the Unknown Sources option disabled in the Android settings, apps cannot even be sideloaded from other sources, which blocks this vector completely.
  • It just takes a little forethought to avoid the most serious Android malware threats out there. Sticking to the official application repositories is a good policy, as is checking out the permissions for an app. Users might even prefer to leave the Unknown Sources option disabled. There is now good evidence that free Android antivirus apps just don’t work, and could even cause users to believe they are protected, and thus take more risks. Paid antivirus apps work better, detecting more threats, but still fall short of the mark. In the end, it is still very much up to the user to be on the lookout for suspicious behavior in order to stay safe.