The Metropolitan Police say 60% of devices stolen in London are still unprotected by a pin number. This makes them a far more attractive target for thieves, who can strip the device of personal data, and “destroy lives.”
Muggers get better prices for unlocked phones. The data inside (you might not realise it, but email inboxes often contain account details, or even passport scans) is rapidly sold online. More disturbingly, GPS data can tell thieves where you live - sometimes embedded in the “metadata” of photos of your family.
[Will Apple iPhone 6 be delayed?]
Most of us are just too lazy to use passwords, a basic, effective protection - but we may soon have no choice. The National Mobile Phone Crime Unit has been in negotiations with phone makers such as Samsung to “target harden” devices by making PIN codes compulsory. At present, they are always optional, and in most cases, switched off by default.
Thankfully, a few simple steps can help make phones secure: and ensure a thief gets nothing out of a snatched handset - especially not your private photos, emails and data.
Ensure your screen ‘times out’ quickly
Yes, it’s an annoyance, but if you set your screen to ‘timeout’ (i.e. lock) in 15 seconds rather than five minutes, it means thieves has less chance of ‘getting in’ to email accounts if they snatch it. Most smartphones have a default setting much higher than this (it’s two minutes on many Android models). Choose the shortest possible. On Android, pick Settings, Display, then 15 seconds. On an iPhone, go to General, Settings, Auto-Lock, and pick one minute (or two on iPad).
Don’t pick 1111 as your PIN
If you pick a simple PIN, thieves will guess it. It’s tempting to go for a simple PIN number (like 1111, or a pattern such as 4545) but a Cambridge University study found that such codes could be guessed easily, as they were so common. In the study of 200,000 codes, the researchers found thieves could guess a PIN one in 11 times. Pick something random, weird, and hard to guess: not your birthday, as that may be revealed on another document in your wallet.
Choose a password instead
Thieves find passwords much harder to get around than PINs. On some Android models, it is possible to see the code via the four marks left by fingers on screen. An alphanumeric password (letters and numbers) is your safest option. Follow the same rules you would on your PC - i.e. don’t choose something easily guessable such as ‘Password1’ or based on details thieves may be able to find out you online, from Facebook or other sites.
Check apps carefully
Apple’s App Store is generally safer than Google’s Play, but it’s always worth thinking like you’re shopping on eBay when downloading apps. Read reviews, see what else the developer has done, and check you are downloading the real one, not a sub-standard imitator.
Even apps that are not truly ‘malicious’ can plague your phone with intrusive adverts. The biggest risk of all is downloading apps from unofficial stores, where malicious apps such as spyware often masquerade as the real thing. For instance, popular keyboard app 'Swiftkey' was offered free online - but the ‘free’ version recorded every keystroke, recording email and bank passwords, and transmitting them to criminals.
Public Wi-fi is cheap, but not safe
Many phone networks offer access to public Wi-Fi hotspots as part of the deal - but public hotspots are risky places. Criminals can create their own hotspots with the same name, and your phone will connect without asking - allowing them to steal your data, or grab passwords for email or bank accounts. Many pub or coffee shop networks are also badly secured - and people on the same network could also steal information. Europol recommend that people avoid using public Wi-Fi hotspots at all due to these risks.
Don't ever store lists of passwords on a phone
Remembering the dozens of passwords we use online is hard, but NEVER write any down in a note on your phone. A thief will check for this immediately.
Don’t imagine you’re immune to ‘bad’ websites
Android users are more at risk from ‘bad’ apps than iPhone users are, and both are less at risk than PC users - but website and phishing scams work just as well on iPhone or iPad users as they do on desktop users. A recent campaign of phishing emails, appearing to be from Apple, offered information on iPhone 6, but required users to enter their ID and password. The stolen accounts were then used for fraud. It doesn’t matter what hardware you are using: once you have handed over your password, the thieves have won.
Don’t store important stuff on your phone
There are several ways to ensure that important documents, photos and files aren’t ‘lost’, even if a handset is. Store files on something less likely to be stolen - such as a PC. When you ‘Sync’, don’t leave everything on the phone, just what you need (i.e. keep the photos on your PC) and leave the phone blank for new ones. Using online storage services can also help ensure your phone isn’t carrying anything irreplaceable. Set your camera app to auto-upload photos to an online backup service such as Dropbox (or Apple’s iCloud) and store music online, using iCloud, Google Play, or Amazon MP3. Then you can safely remote-wipe the handset (using Find my iPhone on Apple or Find My Device on Android, or a security app) and the thief has nothing.
if you’re using your handset for work, encrypt it
If you have a phone you use for both work and leisure, your employer might thank you for encrypting the device - encoding it so that information cannot be extracted, even via PC, as long as it is password-locked. Encrypting a device will make it work more slowly, but makes it impossible for thieves to extract data such as emails and documents. On both iPhone and Android, it’s easy. On iPhone, go to Settings > General > Passcode then scroll down and set it so ‘Data protection is enabled’. On Android, choose Settings/Security/Encryption Choose Encrypt Device and Encrypt External SD Card. It takes a while, but your data is truly safe.
Don’t install a banking app from an email
Banking apps are an increasing target for criminals - if a gang can persuade you to install a ‘fake’, app it can bypass your bank’s security, and allow access to online accounts. Only EVER install an ‘update’ to your app from the official App Store or from Google Play - never from a link in an email or website, no matter how official it looks. If in doubt, call your bank.
Be careful with GPS
Many photo apps add GPS tags to images by default - which can pose a security risk. If there are pictures of children on a handset, and the images are tagged, this information could be used by paedophiles. Mapping and fitness apps can also pose risks as your stored routes could give away your address. Thieves could also use GPS information to find your home, which, combined with info from your handset, could allow them to apply for credit cards in your name and other financial fraud. On iPhone, you can control which apps can use GPS in the Settings > Privacy menu.
Stolen phone? Track it and wipe it
Security apps from companies such as Norton or Kaspersky offer advanced tracking services to guard against theft but both Android and iPhone have perfectly good defences built in. On iPhone, ensure Find My iPhone is installed and activated on the device, then you’ll be able to see its GPS trace, and erase it if you want. Google’s Android Device Manager page offers useful options to wipe data remotely if a phone is stolen.
Android user - read those Permissions
When you install an app on Android, it shows a list of Permissions - Facebook was recently in hot water for a Permission that its new Messenger can record video without asking. In that case, it was innocent - but Permissions are often a warning of bad apps and malware.
Read all of these, every time. It’s important. If, say, a screensaver needs to be able to send premium SMS messages, it’s a scam, almost certainly. Anything that requires access to information it shouldn’t need,, ie a clock that can read your Contacts, should trigger alarm bells. If in doubt, read reviews on Play.