Boosting Cell Phone Privacy

finjanmobileBlog, Mobile Security

cell phone privacy

Issues concerning digital security and cell phone privacy have been thrust into the spotlight in recent weeks, as fresh hacks are exposed, and new legislation comes into play in various corners of the globe. With avenues and points of contact with the digital realm ever on the increase, there are opportunities for personal and corporate data to become exposed to both legitimate and illegitimate forms of scrutiny.

With so many people dependent on mobile devices for their communications and internet access, there’s been a clamor for more effective ways of boosting and ensuring cell phone privacy – from players in the IT industry, and consumers themselves.

Cell Phone Privacy and The StingRay Dilemma

The StingRay is a powerful surveillance device capable of imitating the function of a cell tower and capturing signals from nearby phones. This enables law enforcement officials (or anyone else with access to the technology) to sweep through hundreds of phone conversations, messages, and call logs.

The devices first came into public knowledge in 2011, as a result of investigations conducted by Daniel Rigmaiden, an inmate at a U.S. federal prison, into how the authorities were able to catch him. But they’ve been in use by federal, state and local law enforcement agencies in the United States for about 20 years.

Recent legislation has targeted the use of StingRays (also known as “dirtboxes”) and similar devices. For example, a law in California requires law enforcement agencies to seek permission from their constituencies via public meetings, before purchasing such a device (which can cost anything from $242,000 to $500,000).

But there are ways around these laws – such as the loophole which permits the use of StingRays if done in partnership with external agencies like the FBI, or the U.S. Marshals Service.

It’s this looseness of the law that has private citizens, civil liberties groups, and even technology companies worried about the governance of cell phone privacy.

Cell Phone Privacy – Moves From the Industry

On August 14th 2017, Verizon Communications Inc (the biggest wireless carrier in the United States) filed a 44-page brief with the U.S. Supreme Court, calling on them to make it harder for government officials to gain access to individuals’ sensitive cell phone data. The brief was filed in conjunction with over a dozen high-tech companies, including Apple (AAPL.O), Facebook (FB.O), Twitter (TWTR.N), Snap (SNAP.N) and Alphabet’s (GOOGL.O) Google.

At stake is the question of whether government and law enforcement agencies should be required to obtain a warrant before being allowed access to information such as geo-location and call tracking that might reveal the whereabouts of a cell phone user. Companies like Verizon typically receive thousands of requests from law enforcement for cell phone location records, every year – requests which are routinely granted, in the absence of official court documents.

It’s hoped that requiring the authorities to seek and obtain a warrant will at least add a layer of privacy protection to the information that’s being requested.

Cell Phone Privacy – Personal Protection Measures

Understandably, depending on the bureaucracy of the courts to guard their privacy isn’t a satisfactory option for many cell phone users. Fortunately, there are several measures you can take – beyond the general advice to keep location-based activities to a minimum (including geo-tagging, and location sharing), and disabling or uninstalling any apps that you don’t use.

Clearly too, your privacy is at risk in all its forms if someone steals your phone, or otherwise gains physical access to your device. So you’ll need to take precautions to guard against loss, theft, pickpocketing, or leaving your cell phone unguarded in public spaces.

Cell Phone Privacy Precaution #1 – Use a Lockscreen

Mobile devices habitually ship with some form of on-board lockscreen protection – a password, PIN, or pattern screen where you have to enter the correct code, number sequence, or connected motion on the touchscreen in order to gain access to your desktop. While not a perfect defense, it’s an additional obstacle that any potential thief or snoop will have to get through, in order to access your data.

The problem is that many users – 34%, according to a 2016 survey – choose to ignore this tool, or choose passwords and PIN numbers that are shockingly easy to guess (a point we’ll get to, in a moment).

As for choosing a lockscreen, there’s an entire subsection of the mobile app ecosystem dedicated to all kinds of clever variations on this theme. The best way to ensure that you actually use one is to select a lockscreen that appeals to you, and the way you work.

Precaution #2 – Use Password Management

About those passwords: Eight characters minimum for standard access codes (PIN numbers are usually four digits, with some variation), a combination of upper and lower-case letters, numbers, and symbols. NOT your birthday, your kid’s birthday, or any birthday, for that matter. The same goes for the “usual suspects” list of passwords like 12345678, or qwerty.

There are password generating apps which throw out random sequences of very hard to guess character sets, and password management apps that will store and remember all those passwords for you. The trick is to keep your password manager secure, and to not use the same password over several accounts or websites.

Precaution #3 – Check Those App Permissions

Before downloading or installing a mobile app (from an official app store, naturally), read a selection of user reviews, and carefully read the list of permissions it demands in order to run.

Strictly speaking, an app should only ask for those permissions it specifically needs to do its job. If it’s asking for access to your personal information, contact data, camera, the ability to use your data connection and make calls – and it’s something like a desktop wallpaper or flashlight – move on to a different product.

Precaution #4 – Encrypt Your Device

Encrypting the entire content of your cell phone is an option that would require a potential thief or hacker to use up a lot of time and resources in order to access your personal data. The process is offered natively on Apple’s iOS devices and more recent versions of Android. And as with everything else these days, there are third-party apps for it.

It may take about an hour to complete the encryption process, so make sure your battery is fully charged and your device is plugged into an electrical supply before proceeding.

Precaution #5 – Enable “Find My Phone” Tracking

A “Find My Phone” or “Find My Device” app or service will enable you to geo-locate any of the active devices you register with the system – which could be useful in tracing the whereabouts of a lost or stolen phone. Google offers this capability as part of your account set-up, and there are third-party apps which do the same.

Options to lock or remotely erase the contents of a device that has become unavailable through loss or theft should also be part of the package.

Precaution #6 – Use a Virtual Private Network (VPN)

A Virtual Private Network (VPN) service or mobile app will provide secure encryption for your internet connection, and protection from snooping or hacking attempts on unsecured wireless networks.

There’s a growing market for VPNs, and we recommend our product, InvinciBull™ VPN.

Precaution #7 – Use an Encrypted Messaging Service

Some services like WhatsApp, Facebook Messenger, Skype, Snapchat, and BlackBerry Messenger apply one form of encryption or another to communications streams such as text messaging and video calling.

Apps and services that use end-to-end encryption (where the encryption keys are held by the correspondents at either end of a communication) are preferable. Some services use server-based encryption, which gives the service provider some access to the encryption keys – and may oblige them to share information with the authorities, on request.

Precaution #8 – Install Security Software

Finally, with the rise of mobile malware (including spyware and adware), it’s a good idea to have a mobile security app installed. This should typically include an automatically updating anti-virus/anti-malware engine, device optimization tools, and options to regulate the internet access granted to your various apps.

Share this Post