9 Steps to Make Your Smartphone Totally Hacker-Proof

8 minute read

If you use an iPhone, your days of lording its security features over Android users are numbered.

When it comes to the seemingly endless head-to-head showdowns between the two operating systems used by 94% of Americans, Android’s major selling point is also its Achilles heel. Its customizability means Android users can download apps from anywhere, increasing the risk of infection via malware that can skim sensitive info, send spam messages, or freeze the phone until the owner coughs up a ransom.

Spyware is still far more prevalent for Android devices than iPhones due to Apple’s tight vetting of apps before they make it onto the App Store. Android’s greater market share has a lot to do with it, too, as cyber-criminals can attack more Android phones with a single infusion of malicious code.

But a recently discovered piece of malware called WireLurker attacked iOS devices through a compromised computer, indicating that not only are malware creators increasingly focusing on mobile, but that Apple may soon represent as good a piece of game as Android.

What about Windows Phone and BlackBerry, which make up just 5.9% of US smartphone users combined? “These haven’t attracted the same kind of attention from malware authors that Android has,” says Jeremy Linden, Senior Security Product Manager at Lookout security firm.

However, as our smartphones become our go-to devices for everything from shopping to business, it’s likely that the tiny computer in your hand – no matter which operating system it runs – will increasingly become a target for cybercriminals.

Here are nine things you can do to ensure the security of your device now:

1. Log out after banking and shopping

Using online banking on your smartphone browser should be as safe as using it with a desktop browser, assuming the bank implements the appropriate security measures, says Linden.

Just make sure you log out when you’re done. Signing out from your account prevents cyber-offenders from viewing your personal financial data if your smartphone is hacked. The same goes for shopping sites, where your credit card info may be visible to anyone snooping on the transaction.

Or use your bank’s official app. “Banking apps are set up to be encrypted and protect your information even if the network you’re using has been compromised,” Linden says. Ensure you’ve downloaded the real app and not a malicious copy. Earlier this year, Lookout found a clone of the app for Israel-based Mizrahi Bank, designed to steal customers’ login credentials.

PHOTOS: The Rise of Mobile Phones from 1916 to Today

A German field telephone station in the Aisne department of northern France during World War I.
1916 A German field telephone station in the Aisne department of northern France during World War I.Paul Thompson—FPG/Getty Images
French singer and actor Johnny Hallyday in a scene from the film 'Point de Chute' (aka 'Falling Point').
1970 French singer and actor Johnny Hallyday in a scene from the film 'Point de Chute' (aka 'Falling Point').Keystone/Holton/Getty Images
An early mobile phone during the Iranian Embassy siege at Princes Gate in South Kensington, London.
1980 An early mobile phone during the Iranian Embassy siege at Princes Gate in South Kensington, London.Kypros/Getty Images
Bob Maxwell, general manager of Englewood-based Mobile Telephone of Colorado, places a call on FCC-approved radio frequency while driving to work.
1983 Bob Maxwell, general manager of Englewood-based Mobile Telephone of Colorado, places a call on an FCC-approved radio frequency while driving to work.Lyn Alweis—Denver Post/Getty Images
THE A-TEAM -- "The Say U.N.C.L.E. Affair" Episode 5. (l-r) Eddie Velez as Frankie Santana, Robert Vaughn as General Hunt Stockwell, George Peppard as John 'Hannibal' Smith.
1986 THE A-TEAM "The Say U.N.C.L.E. Affair" Episode 5. (l-r) Eddie Velez as Frankie Santana, Robert Vaughn as General Hunt Stockwell, George Peppard as John 'Hannibal' Smith.Bill Dow—NBC/Getty Images
Bill Clinton,  Ray Flynn
1992 Democratic presidential nominee Bill Clinton talks on a cell phone while meeting with Boston Mayor Ray Flynn in a New York hotel on Sept. 25.Mark Lennihan—AP
Whoopi Goldberg during ShoWest in Las Vegas.
1993 Whoopi Goldberg during ShoWest in Las Vegas.Jeff Kravitz—FilmMagic/Getty Images
A farmer with his family sitting on a Bullock Cart and talking on a mobile Phone, in Delhi.
1997 A farmer with his family sitting on a Bullock Cart and talking on a mobile Phone, in Delhi.India Today Group/Getty Images
World Trade Center Terrorist Attack.
2001 A woman watches smoke pour out of the World Trade Center Towers in New York on September 11.Nicholas Goldberg—Gamma-Rapho/Getty Images
A rebel militiaman speaks on his mobile phone after capturing territory from government troops on March 25 2 in Ben Jawat, Libya.
2011 A rebel militiaman speaks on his mobile phone after capturing territory from government troops on March 25 in Ben Jawat, Libya. John Moore—Getty Images
A youth films the aftermath of tear gas police fired at protestors in Muhammed Mahmoud Street near Tahrir Square on November 23 in Cairo.
2011 A youth films the aftermath of tear gas police fired at protestors in Muhammed Mahmoud Street near Tahrir Square on November 23 in Cairo.Peter Macdiarmid—Getty Images
Audience members take pictures of President Barack Obama at Florida Atlantic University on April 10 in Boca Raton, Florida.
2012 Audience members take pictures of President Barack Obama at Florida Atlantic University on April 10 in Boca Raton, Florida. Marc Serota—Getty Images
A teenager takes a selfie in front of Queen Elizabeth II during a walk around St. Georges Market in Belfast.
2014 A teenager takes a selfie in front of Queen Elizabeth II during a walk around St. Georges Market in Belfast. The Queen has apparently voiced her dismay that when she carries out engagements she is greeted by a sea of mobile phones.Peter Macdiarmid—PA Wire/Press Association Images/AP

2. Only use public Wi-Fi hotspots that require passwords

Use public Wi-Fi only on secure networks requiring a password to access, ideally only from providers you trust such as the coffee shop you’re at, a city’s official Wi-Fi or a telecommunications operator. Unsecured networks allow hackers to view all web traffic over the network, including passwords and even the contents of unencrypted email (that is, most people’s email).

If you’re planning to connect to public Wi-Fi a lot — for example, while traveling abroad — use an encryption app such as Freedome (Android or iOS) that can secure your connection to any Wi-Fi network so that your data is unreadable. The app also blocks tracking while you’re surfing the web.

3. Set a password on your lock screen

The humble password can prevent an even more insidious crime: allowing someone you know to install spyware onto your device.

Last year, Lookout found that 0.24% of the Android phones it scanned in the United States included spyware designed to target a specific person. That’s tens of thousands of people whose calls, messages and photos were being monitored by someone close enough to access their phones.

No matter what type of smartphone you use, a good password is also your first line of defense against the most basic security issue: losing your phone. As long as you don’t pick an easily guessed combo like 1111, a password can hold off a would-be thief long enough for you to locate and remote-erase your device via the Android Device Manager, Find My iPhone or Windows Phone sites. (BlackBerry users need to have previously downloaded the BlackBerry Protect app, unless the device uses the BlackBerry Enterprise Server.)

4. Check permissions requested by new apps

According to Lookout, adware is the most common security risk with apps. While ads help app makers turn revenue, some contain adware that may collect personal details or usage habits without your consent, send messages with links to buy fake products or force your device to send premium-rate SMS text messages.

Before downloading an app, read through what permissions it requests from you. If a Flappy Bird clone wants access to your contacts and call history, for example, it’s probably best to cancel that download.

If you suspect you’ve already downloaded adware (based on symptoms such as a deluge of pop-up ads or in-app messages asking you to click on a link), uninstall the app that is delivering the aggressive advertising.

These Vintage Computer Ads Show We've Come a Long, Long Way

http://pop.bitpig.com/oldads/nov/pdp-11-70.jpg
1974
1976
1976
http://www.everyjoe.com/2009/07/30/technology/blast-from-the-past-the-3398-10mb-hard-disk/
1977
http://www.mopo.ca/uploaded_images/honeywell_email-763551.jpg
1977
http://www.vintagecomputing.com/wp-content/images/retroscan/ibm5110_large.jpg
1978
1978
1980
http://www.macmothership.com/gallery/MiscAds/AdamAd.JPG
1980
http://www.vintagecomputing.com/wp-content/images/retroscan/ibm_pc_woman_large.jpg
1981
http://www.aresluna.org/attached/computerhistory/ads/international/lotus/pics/byte8311
1983
http://www.vintagecomputing.com/wp-content/images/retroscan/msmouse_large.jpg
1983
http://www.vintagecomputing.com/wp-content/images/retroscan/osborne_large.jpg
1983
http://pop.bitpig.com/oldads/nov/keeping-up.jpg
1984

5. Get a security app

If you don’t know which app is the culprit or if you simply want to check your phone’s bill of health, a free security app such as Lookout (Android or iOS) or Avast Free Mobile Security (Android or iOS) can scan the apps on your phone for malware including adware, spyware and viruses. If malware is detected, the security app will remove it.

These apps can also locate your device if you lose it, sound an alarm or message it in case someone has found it, back up your contacts online and remote-erase everything if all hope of getting your phone back is lost.

Check out our comparison of free and paid security apps for more information.

6. Review your download habits

“Non-jailbroken iOS devices are less likely to download malware,” says Linden. (The same goes for Windows and BlackBerry phones.) But if you’ve performed tech surgery to rid your iPhone of its limitations or if you use an Android phone, Linden recommends avoiding downloads from third-party app stores, where malware is much more prevalent. Install a security app that can alert you to suspected malware.

Even if apps are on the official app market, only download from trusted developers, and check the reviews for complaints.

7. Disable app downloads from unknown sources (Android only)

Lookout recently identified a piece of malware called NotCompatible.C that allows your phone to be used without your permission. For example, ticket scalpers could use the malware to route bulk ticket purchases through a group of infected phones, thus hiding their identity and location.

NotCompatible is downloaded secretly onto Android phones from sites harboring it; links to such sites have been found in phishing emails. To avoid similar sneaky malware downloads, disable app downloads from unknown sources, found in the Settings/Security menu.

In general, it’s best to avoid clicking on links in emails from unknown senders or, according to Lookout, clicking on shortened URLs like bit.ly, since you can’t see the domain it leads to.

8. Don’t grant apps administrator access (Android only)

Back in July, an intimidating type of Android malware made the rounds. The so-called FBI ransomware froze infected phones, popping up a message that the FBI had locked the phone because the owner had violated federal law by visiting illegal sites including child pornography websites. To access the phone (and its data), victims were asked to pay several hundred dollars.

Ransomware may also request administrator rights at installation, giving the wayward app the ability to lock the phone, read notifications and remote-wipe your data. Once given, you may never be able to retract the access, as in the case of the trojan Obad.a, which hid itself and set to work scraping users’ info, spamming contacts and downloading more malware.

“When ransomware is downloaded to a phone from a malicious website, it takes the form of an APK (Android application package), often disguised as an anti-virus app,” Linden says. “Or it may in some way trick you into launching the app. To avoid this, do not grant applications administrator access unless the app is reputable.”

If you must travel off the beaten path for apps, only download non-app store apps from trusted third parties.

9. Install OS and app updates

Finally, the obvious but biggest way to protect your smartphone security: Download software updates for your phone and its apps whenever they’re available. Updates are designed to patch bugs and vulnerabilities.

This article was written by Natasha Stokes and originally appeared on Techlicious.

More from Techlicious:

Researchers Develop a Smartphone Screen that Corrects for Vision Problems
Amazon Now Lets You “Make an Offer”
1.2M Smartphones Stolen in 2013, Thefts Down in 2014
Colleges Using Big Data to Track At-Risk Students

More Must-Reads From TIME

Contact us at letters@time.com