
Simple Hardening Techniques for Smartphones
Mobile phone hacks bedevil the most advanced technologies. Do we pay the same attention to them as compared to the safety measures of laptop? Mere awareness about privacy intrusions and potential threats to smartphones will not suffice. Let us look at some simple hardening measures.
1) Encryption
Passwords are no more a guarantee for the safety of mobile phones. Brute-force attacks can crack the most complex passwords. Modern authentication measures like face recognition, fingerprint scan of the users are also not fool-proof. Encryption is a powerful tool to protect your phone from mobile hackers. Analyzing data with unreadable format is a challenge if the smart phone is encrypted. Encryption option is available in the settings menu of all smart phones.
2) Background data
Internet access should be allowed only when a mobile application is functioning. The application will make use of internet to access your data, in the event of uninterrupted connectivity. The hacker will then be able to access the application, even when the application is not functioning. Internet should be disconnected after using an application. Background internet access should be disabled in the settings option. However, few applications may require background internet, for such applications create exceptions in your phone settings.
3) Controls
Permissions required for the functioning of a mobile application should be granted after the application is downloaded. Granting irrelevant permissions to the application makes your smartphone an easy target for hackers. For instance, a calendar application does not need access to internet or storage. Similarly, a music player application should have access to storage and not internet. Hence, you should understand the specific permission/permissions required for the functioning of an application. Refer the options in ‘Developer’ menu, while downloading the application at store. This not only makes sure that only the required permissions are granted while downloading an application but also declines unnecessary permissions requested by the application.
4) Untrusted source
Pirated versions of existing applications in the market which bear almost a similar name to the original ones are gullible to hacking. Mods (decoys) are created by hackers to lure mobile users with easy rewards for games. It is best to avoid using them. Switch on the untrusted source option in settings so that the phone prompts you before using untrusted applications. The question ‘Allow installation of apps from untrusted sources,” will pop up before you download an untrusted application, if this enabled.
Other best practices include updating security patches and disabling geo-tagging unless specifically required by the mobile application. It is also advisable to enable SIM-lock feature - a second layer of authentication for your PIN card access and disable auto-discover in Bluetooth. This ensures that SIM contacts are not accessible even if the mobile phone is hacked.
What are your tips and ideas to enhance security features of mobile applications? Let us know your views at communications@rebit.org.in