In our daily activities, our smartphones increasingly store or access sensitive business and personal data -- not just email, but also financial and medical information, company systems, travel itineraries, etc. Many of us also use smartphones to access cloud data repositories like Dropbox, Evernote, Google Docs, Microsoft OneDrive and Apple iCloud.
And then there's the growing use of smartphones in other privacy/control-sensitive aspects of our personal lives -- as home monitors, for example, or as smart keys for doors.
Given the important information and accounts that your smartphone -- and tablet -- can access, it's essential to keep unauthorized users from using it as a gateway to your data. Unfortunately, since your mobile device travels with you almost everywhere, the odds of it being misplaced, lost, hacked or stolen -- and, in turn, putting your data and apps at risk -- are high.
What follows is a look at some products, services and techniques to protect access to the data on your Android, iOS or Windows Phone mobile devices.
(There's more to smartphone protection than just this, of course, including backing up/synching data, using antivirus/malware software and VPNs, protecting the hardware with screen protectors and cases, insuring the device against damage or loss, etc. These issues are outside the scope of this article -- but that doesn't mean you should neglect them.)
Much of the advice here will take only a few minutes to implement, and cost anywhere from nothing to a few bucks. What's important is to take these steps as soon as possible.
Grab-proof your phone
Preventing your smartphone from being stolen beats trying to recover a device after the fact.
The most obvious tactic is to exercise common sense -- such as not leaving your smartphone at a table unwatched. But it's hard to keep an eye on your phone every second. Locking cables might be useful for bicycles, notebooks, displays and other medium-size objects, but they don't make much sense for smartphones -- it would be cumbersome to have to physically lock and unlock your phone every time you wanted to use it, even assuming there was something to lock it to.
One of your best "grab-prevention" options is a wireless proximity alarm system. These handy app/device combos let you know when your phone gets more than the pre-set distance limit from the proximity device (which is usually small enough to fit on a key ring).
If you leave your phone in a cab, or somebody picks up the wrong iPhone, there are a number of things these products can do, depending on the specific product: lock the phone screen, trigger an alarm on the phone or locate the phone using GPS. (Some also work in reverse, so you can use your smartphone to find the keys that you dropped behind your desk.)
- Kensington's Proximo Tag and Fob ($24.99 for the Tag and and $39.99 for the Fob) work with a free app; once you've installed the app, a proximity alarm can let you know if your phone and Tag/Fob get beyond a pre-set distance (you can optionally Remote Lock your phone). You can also use a button on the Fob or Tag to trigger an alarm. Note: Works only with specific Samsung Galaxy and iOS devices.
- iFi Systems' Smart Tag for iPhone 4S or 5 ($29.95) or Android ($34.95) pairs with an app on your iPhone or Android device, and beeps if one gets too far from the other. You can set safe zones -- inside your home, for instance -- where the alert is disabled. A few minutes after a proximity alert is triggered, the system sends you an email with a Google Map showing the location of your device -- though of course if your phone has disappeared you'll need to use another device to access your email.
- HipKey Proximity and Movement Alarm ($59.95) alerts you if your iPhone or iPad (loaded with the free app) and the HipKey dongle get too far apart -- you can pick one of three distances -- or is carried outside of a safe zone. There's also a motion detection mode that sounds an alarm if someone moves your belongings.
Foil unauthorized users
One key part of mobile security is preventing unauthorized people from being able to use your smartphone if they get hold of it, whether it's for the minute or two that you've stepped away from the table, or for an hour or more after it's been found or stolen.
The first and easiest solution: Use a screen lock to require authentication.
Authentication and time-lock security features are baked into all current mobile operating systems -- they are typically found in Settings; enabling them doesn't take more than a minute or two.
There are a variety of options, depending on your operating system. My iPhone 4 running iOS 7, for example, only supports a simple four-digit numerical passcode or what it calls a "non-Simple" passcode, which can have more alphanumeric characters -- harder to guess, but also harder to keep re-entering whenever the lock screen appears.
On the other hand, my Nexus 7 tablet running Android 4.2.1 has more screen lock choices: Slide (essentially just sliding your finger to one side, which really isn't a lock; Face Unlock (using facial recognition); Pattern (a drawn pattern between a set of dots); PIN (a four-digit numerical passcode) and Password (which can be longer than four characters and can include letters, numbers and non-alphanumeric characters).
In addition, a growing number of smartphones, like the iPhone 5S, HTC One Max and Samsung Galaxy S5, include fingerprint scanners. And there are other biometric IDs besides fingerprint scanners, such as iris scanners, voice recognition, even ear shape (using Descartes Biometrics' Ergo Android app. You can also use an external identification token such as the Motorola Skip.
We may even someday have external identification options like temporary tattoos or Fantastic Voyage-type pills containing authentication microcircuits.
Remember, though, that screen locks only work if you use them, so be sure to enable the time-out option -- that way, your smartphone defaults back to the lock screen if too much time has passed since you last did any input. You can manually set how long the device will wait before the screen lock goes on -- it's typically anywhere from one to 30 minutes.
Sometimes, you can even set your smartphone to lock away and even to wipe your data after too many failed authorization attempts. In iOS 7, for example, Settings > General > Passcode lock > Erase data lets you set your device to "Erase all data on this iPhone after 10 failed passcode attempts." Some manufacturers have added this feature to their Android smartphones as well.
However, think carefully before you enable this: If somebody else makes too many failed attempts to use your phone, causing it to erase, you won't be able to remotely find or lock your device.
When your phone goes astray
So you've just gotten home from a long dinner with friends, and your smartphone is nowhere to be found. Did you leave it at the office? In the restaurant? In the cab? Or did somebody palm it while you weren't looking?
If your smartphone slips out of reach, you want to be able to do some remote control to either secure your data, try to get the phone returned, or both.
Android, iOS and Windows Phone now all include all remote find/lock/wipe features built-in for free:
- iOS: iPhone and iPad owners can use Apple's iCloud-based Find My iPhone app from another iOS device or via any Web browser. The app tracks where your device is (and where it's been); you can also put it in Lost Mode (which locks the screen) and do a remote data erase.
- Android: Google's Android Device Manager website lets users find the device, ring it (the device emits a loud noise so you can find it), remotely lock the device or erase the data.
- Windows Phone: Microsoft's Find My Phone features can help users map the phone's location; there are separate instructions for Windows Phone 7 and Windows Phone 8. You can make the phone ring, lock the phone and show a message (with an email address or another way for a finder to contact you), or erase the data.
- Most major security software packages offer mobile apps that will help users track and/or wipe their missing devices as well.
There are also a number of third-party apps that offer additional find/protect/recover features like remotely taking pictures (which may, with luck, let you see who is using the device or where it is) or locating it another way.
Prey Project can, when you trigger it via the Web dashboard, track your device (based on GPS/Wi-Fi geolocation), display a message on the screen, push an alert sound or take front/back photos with the device's cameras. The basic version is free; Pro versions start at $5/month and handle multiple devices, more reports and other advanced features. It is available for Windows, OS X, Linux, Android and iOS.
- FinderCodes Electronics - Lost and Found Kit ($24.99) comes with seven tags that each have a QR code and printed code number (there's also an iOS app that lets you set the QR code as your lock screen wallpaper image). When someone finds your device and scans the tag (or hand-enters the code) with their smartphone, FinderCode lets you and that someone email/text anonymously to arrange a return. (You also see the GPS location of their phone, if they haven't disabled it.)
- Cerberus Anti Theft (2.99 Euros) is an Android app that, through its website, lets you locate and track your device, receive alerts if somebody uses it with an unauthorized SIM card, wipe the phone, or record any audio coming from the microphone, among other features.
- AndroidLost is a free app that also offers a long list of features, including recording sound from your Android device's microphone and making the phone speak to whomever is using it with text-to-speech.
Like most security scenarios, protecting your smartphone is best done by taking basic precautions before something bad happens. You can do a fair amount in just a few minutes and without spending any money.
And it's worth doing. If your phone is lost or stolen, knowing your data is protected will make you glad you took those precautions. And if you think your smartphone has simply burrowed under a cushion, there's nothing quite like the satisfaction that comes with being able to have it make a loud sound on command -- even if you've muted your ringer.
This article, How to keep your smartphone (and its data) secure , was originally published at Computerworld.com.
Daniel P. Dern is a freelance technology writer based in Newton Center, MA. His website is www.dern.com and his technology blog is TryingTechnology.com.
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.