October is Cybersecurity Awareness Month.
We asked Anthony Merry, senior director, Product Management at Sophos, for his top mobile privacy tips.
If you’ve updated your Apple phone or your Android to the latest version – iOS 14 and Android 11 respectively – you may have noticed that they come with enhanced privacy controls.
These new versions allow you to more easily check, and change, the personal information and phone features that individual apps can access.
So how about taking this opportunity to give your personal and work phones a mobile privacy health check?
Even if you’re running earlier OS versions – or don’t have a smartphone at all! – it’s still worth taking a few minutes to check the privacy settings in your digital life and ensure that they’re where you want them to be.
Before you start
If you have loads of apps installed, don’t worry: you can check some of the most important permissions for all of them in one go.
Alternatively, focus on the apps you use most. (If you do forget to check up on old apps, Android 11 will reset all “sensitive” permissions automatically if an app is not used for a few months.)
Watch out for apps that are asking for access to features or information that they very clearly don’t need – a calculator that’s insisting on using your camera and knowing your location, for instance.
If you have any apps like this, then you should be asking yourself, “Do I want this app on my phone at all?”
It could be an overtly malicious app, or overly-aggressive adware that’s out to collect as much information as possible for monetization through a data broker.
If in doubt, don’t bother trying to tune up its privacy settings – get rid of it!
The top five things to check
For iOS 14 you can manage all your privacy settings through Settings > Privacy.
On Android 11, the location of the Privacy section varies from device to device, so you may need to look around for the settings pages.
However, the Android Permission manager page lets you see all app permissions in one place.
Right. Android 11 Permission manager page.
1. Location services
This is one of the most important permissions to check and both iOS and Android offer a centralized one-click block option that covers all apps.
They have also made it easier to find out which apps already have permission to know where you are – you may be surprised how many apps ask for this permission by default.
On iOS 14 and Android 11, you can see which apps have access to location services in a single list.
The wording used varies slightly, but both give you three options for each app: always allow, never allow, and only while app is in use.
Right. Android 11 Location page.
With iOS 14 small arrows now appear alongside an app in the list or on the home screen when the app is in use to let you know if a location service is being or has been accessed by that app.
This is a helpful extra indicator to remind you of the permissions you’ve granted.
2. Tracking
By tracking we don’t mean monitoring your physical location, as in (1) above, but rather keeping track of what you do and where you go online while using your phone.
Tracking is a new feature available in iOS 14 (but not in Android 11) – it’s a centralized setting that allows you to bulk-block apps from requesting permission to track you online.
Tracking information is gold dust to advertisers who want to know which apps and websites you visit before and after you use their app so they can learn more about you and better target their advertising.
If you want to keep that information to yourself, turn tracking off (although be aware that apps may still try to track you even if you say no).
3. Camera
Access to your camera gives apps a deeply personal insight to your physical as well as digital world.
Images can also reveal additional information about you, for example when and where a picture was taken.
While iOS 14 adopts a binary allow/block approach, Android 11 is a little more granular with allow all the time and allow only while app is in use options as well as block all the time.
On updated Apple devices, a green spot on the home screen will alert you if an app is accessing your camera.
Right. Android 11 Camera page.
4. Microphone
Just like the camera feature, this is a critical check for both physical and digital privacy.
You don’t want third parties picking up sound and conversations without your knowledge and approval.
Check your apps and turn the microphone off wherever an app doesn’t need to access it.
Helpfully, Apple devices show an amber warning spot next to the battery indicator at the top of the home screen whenever an app is using the microphone.
5. Bluetooth
Bluetooth can be a huge convenience, but you might not want to have Bluetooth connectivity turned on for all apps all the time.
If you’re running iOS 14, it’s also worth checking the access settings for local networks.
If you have the Local Network feature enabled for an app it can connect to other devices on the LAN, such as other people’s laptops or a printer at the coffee shop, which might not be what you want.
To sum up
Protecting your mobile privacy is not about disconnecting everything – obviously, some apps need access to certain features, including location, camera or microphone, in order to function as intended.
A mapping app can’t show you how to walk back to your hotel from where you are now without knowing your location, for example; and you can’t use a messaging app to stream video footage without giving it access to the camera.
Mobile privacy is about understanding which apps have access to information or features they don’t need, and removing those permissions.
This will help you to protect your personal information better, and to defend yourself against cyberthreats that abuse legitimate-looking apps to gather intelligence about you.
Over time, you’ll probably forget which permissions you’ve given to what apps – or you may simply change your mind about how much you want an app to know about you – so it is worth doing a quick mobile privacy health check on a regular basis.
You could even set an alert on your phone to remind you!
Kevin
Very interesting and timely advice … thanks to all who compiled and published it …
One fundamental privacy check / implementation issue that cropped up for me immediately was the fact that my Android smartphone (a TELUS / Samsung GALAXY S7 edge, at Android version 8.0.0) doesn’t seem to be eligible for version upgrades (none pending, per ‘Settings’ > ‘About phone’ > ‘Software information’), to, say, version 11, as discussed, primarily, above.
I suspect this to be a hardware limitation … if I am wrong on that score, someone please correct me.
If I am right, I have found, generally, that unless I am following advice and examples specific to my hardware platform / Android version, I tend to waste a fair amount of time going down a lot of dead ends … the Help / Search feature on a Samsung Android device (like mine anyways) doesn’t find much useful info too often when casting about for feature / setting GUI entry points.
And, I have found the terminology (which seems to change between various h/w & s/w iterations) used is critical in zeroing in on any given setting correctly.
Paul Ducklin
Long-term support for older Android versions varies remarkably – and often rather pitifully – from vendor to vendor, version to version, carrier to carrier and manufacturer to manufacturer. It’s frequently not just a case of “why can’t I update my perfectly servicable phone to a newer Android” but “why can’t I get any sort of update at all for bugs that are known to have beem in the OS for weeks/months/years”.
(I have an iPhone 6+. OK, so it’s now almost 6 years old but it is still in as-new condition, not even a scratch, has apparently undiminished battery life, runs every app I need – including Outlook, Zoom, Edge, Skype, the Met Office app and the awesome Free42 HP42 calculator clone app – and on which I still have never run out of storage space. I’m now stuck back on iOS from 2 versions ago. At least I still get security updates… but who knows when that might change? And with an iPhone there is basically no way to repurpose it, even just to turn it into a plain old voice call plus SMS machine.)
Apparently the “right” way to solve this is to recycle your old phone responsibly and buy a brand new one.
Pranav Lal
I am also plagued by the update problem on Android. I have a Nokia 9 pure view and it is still on Android 10. It is still getting security updates. I wish there was a conclusive answer to which platform is more secure but there is not and can never be because security among other things is a function of your threat model. I am hoping not to have to change my phone. Nokia, are you listening?
Paul Ducklin
Apple, for better or worse, makes and sells its own small range of mobile devices, and doesn’t license iOS to any other vendor. So when a new iOS comes out, Apple already knows exactly which devices it will run on and the updates are available to all of them at once. Thus Apple publishes the update for all supported devices on the same day.
But Google licenses the proprietary (non-open source) version of Android to hundreds or thousands of different phone makers, so any new version of Android tends to trickle down through the ecosystem very slowly. Google’s most recent devices generally get it right away; other vendors follow as they can.
According to reports, Nokia recently tweeted (and then deleted) a message in which the company’s release dates for Android 11 were leaked… the Nokia 9 Pure View was last on that list with “Q2 2021”, which is marketing speak for “any date up to 30 June 2021,” some 3/4 of the way to the likely release date of Anroid 12.
But at least you are getting security updates for the Android 10 version you are stuck with for now.
Bob
What you say about Google pretty much applies to Microsoft, too, yet everybody gets at least security fixes at the same time, although they have spread out feature updates to some extent. At least Microsoft doesn’t have to contend with carriers, but then, Apple seems to have solved that problem, too.
Oscar de la Jolly
The solution is obvious. Move to Apple. Their phones received the most reliable service life in terms of OS and Security updates.
Paul Ducklin
The flip side there is that when Apple stops supporting your device you have no choice but to send it for recycling (or to keep on using it with all its security vulnerabilities exposed forever).
You can’t repurpose it with another operating system or distro of your own choice in the same way that you can “revive” many old laptops that can’t manage Windows 10 by installing, say, a stripped down Linux. Or in the same way you can “revive” some (though admittedly not all) old Androids by taking off Google Android and using a different distro instead. You can’t even install homebrew patches for known security holes.
On a firmware and software level, Apple’s permanently locked-down hardware gives you no long term “right to repair”.
C
How is that different from Android? I have a Samsung Galaxy S5, for instance. Beautiful display. Won’t run a remotely current version of Android and while there may be non-Google, probably rooted versions of the OS I could put on it, that isn’t the least bit obvious to most people and still isn’t officially supported in any way.
Paul Ducklin
The difference is that with many (though admittedly not all) Android devices, you *can* unlock the firmware, reflash it and install some other software of your choice. Whether you are able to, or wish to, or feel comfortable doing it, or trust the unofficial firmware build you end up using… all those things are issues, but at least you *can*, meaning that it is actially possible if you like.
On Apple’s devices, you *can’t*. It’s not so much that it’s a science project, but that it’s an impossiproject, as near as matters.
OTOH, I have a Galaxy 3 currently running a non-Google Android 11 and current (non-Google apps, so no Play Store). In fact, it’s the phone I use in my weekly Naked Security Live videos. It’s perfectly adequate for that purpose, and for basic browsing with DuckDuckGo. Yes, it required a few hours of fussing around to figure out how to reflash it so it worked properly, and I tried a few different alternative firmwares before settling on one that’s derived from LineageOS as the fastest, smallest and best looking in default configuration.
But at least it was *possible* to do this.
If I had an iPhone of similar vintage, I would be stuck with [a] an ancient, unpatched version of iOS [b] landfill (only kidding. I’d dispose of it responsibly).
It would be impossible to do anything else with Apple. I think that’s a pretty fundamental difference.
Theresa
I found this a very helpful article for checking privacy settings on my Google Pixel. Interesting that I cannot change some settings for Google since it is considered my “default assistant”. I refuse to use it for voice commands. What do I know ? … It’s likely listening in anyway :-D
Thank you and your crew for all that you do to keep us educated and informed.
Paul Ducklin
Thanks for your kind words. Glad you found the article useful.