android / WIRED
Your entire life is contained in the black glass slab that’s in your hand. From emails and private messages to photos and videos of your most treasured moments, it’s all there. However, you probably don’t spend anywhere near enough time making sure your phone is configured to protect your secrets as you should do. This applies whether you’ve had your phone for years or just got a new one in the Black Friday sales.
There are a couple of different ways to think about privacy when it comes to your phone. There’s the data that it collects about your actions or behaviours and then there are the protections you can put in place to stop people around you accessing the physical device. Both are equally important and there are things you can easily do to improve each of them.
Before we get into what you can do to improve your phone, there’s the sticky issue of Google. The tech giant owns and develops the Android operating system and is also one of the biggest collectors of data there is. The firm’s business model is based on making money by getting people to click on adverts and the information you provide it with goes towards this – Android data can contribute to this.
So if you’re looking for more privacy over the everyday actions you take on your phone you may wish to consider moving to iOS. However, that doesn’t mean there aren’t ways to improve some areas of your phone’s privacy.
Get the basics right
Getting the fundamentals right is the first place you should start. These are the things that people in the security and privacy world have been advocating for years and, most likely, they’re the things you already know and (we hope) already do. The first line of defence to stop someone getting into your phone is a screen lock – a PIN or passcode is better than a pattern swipe.
Beyond that you should be using a password manager to create unique login details for all your online accounts and making sure two-factor authentication is turned on for as many of these accounts as possible. Both will limit how easy it is for someone to hack into your account using your details that were previously swept up in data breaches.
Automatic software updates should be turned on to plug any potential bugs or security flaws in the code that your device runs – for apps this is done in the Play Store settings under the auto-update apps option and for the wider Android OS you need to visit the Settings app and find ‘system updates’ (depending on the make of phone you have it can be in different folders). While we’re talking about apps you should also visit the privacy menu in the Android settings and check which permissions you have given each app: it’s likely that you’ll be able to turn off location sharing and access to photos and files for a fair few apps. Now all those bits are out the way, let’s move onto some of the meatier stuff.
Lock your apps
You have a password or PIN on your phone to stop people from getting inside it if it falls into the wrong hands. But sometimes it isn’t enough. There are times when you will want to hand your unlocked phone to the people around you – showing family or friends photos or giving it to your kids to play on, for instance – and you may want to consider putting some extra locks on the apps you want to be more secure. Unlike Apple’s iOS, Google allows apps to request permission to control other apps. This means password locking individual apps is possible.
To lock your apps, you’re going to need another app. There are plenty available on the Android app store and, as with all downloads, you should be cautious of what you’re accessing. If an app is full of ads, doesn’t have clear privacy policies, or isn’t from a trusted developer then you should probably avoid it. For an app locker, Norton App Lock is not a bad place to start. It’s from a trusted security name and allows individual apps or groups to be covered by the same passcode.
Hide leaky notifications
Travel isn’t really an option for lots of people right now but there’s nothing more mortifying than someone peering over your shoulder on public transport and seeing notifications pop up with the full message contained. It’s a feeling that’s also repeated when you’re sharing your screen with colleagues and a gossip-filled message about the meeting you’re in flashes up.
It doesn’t have to be this way though. Navigate to settings and search for notifications, and from this page turn off the option for ‘sensitive notifications’. This will mean the content of your messages won’t pop up in the notification banner when the phone is locked.
Check for stalkerware
There’s been a troubling rise in stalkerware in 2020. On phones, stalkerware manifests itself as apps running in the background that can record and track everything a person does. The technology can appear invisible unless you go specifically looking for it and is a form of coercive control and tech-abuse.
If someone has installed stalkerware on your device there are a few telltale signs it may be there. A phone may run hot and see its battery levels drop quickly. Cybersecurity companies have been increasingly detecting stalkerware code through their antivirus tools – both Kaspersky Antivirus and Avast’s Antivirus can check your phone for malicious apps. Refuge’s National Domestic Abuse hotline can also help people who are experiencing tech-based domestic abuse.
Use a VPN
Virtual Private Networks (VPNs) aren’t a failsafe for protecting your privacy but they can help. The software creates an encrypted connection from your device to a remote server and passes internet traffic through this: it stops your internet service provider from fully knowing and storing your browsing history, something that might be required under UK surveillance laws. Journalists, activists and people looking to avoid state censorship are some of the most frequent users of VPNs.
But which VPN should you pick? There are a lot of VPNs out there and they all have a lot of different pricing options. If possible, it’s best that you go for a paid VPN as these are less likely to have questionable data practices and ones that offer family, or multiple device, plans can cover whole households easily. Our pick of the best VPNs favours Windscribe and ExpressVPN. They’re both quick and have proven they don’t store logs of your browsing activity, unlike some VPNs.
Change your default apps
If you’ve had your Android phone for a while, you probably haven’t thought twice about the apps you use for search, voice assistants, phone and SMS. This summer Google launched a choice screen on new Android phones – after it was fined £3.8 billion by the European Competition Commission – that allows people to pick their search engine during the initial setup. This lets you pick a search engine that isn’t Google – yes, they exist.
Within Android’s settings options, look for ‘default apps’ in ‘apps & notifications,’ and you can pick the apps you use most frequently. It goes beyond search: you can change browsers, digital assistants, home app, phone app and SMS app. Some of our favourite privacy-friendly alternatives include Firefox (for a browser), DuckDuckGo (browser and search), Signal (SMS).
While your phone’s passcode protects your files and data from being accessed by someone trying to access your phone, it doesn’t do anything to secure the data stored on your phone at a technical level. For this, you need to encrypt your device’s disk. Turning on encryption means that the files can’t be accessed by anyone trying to extract them from your device unless they have the passcode. “Encryption ensures that even if an unauthorised party tries to access the data, they won’t be able to read it,” Google says.
You can encrypt your phone through the settings app – it’s easily found by searching for security or encrypt. To do this you’ll have to enter, or create, your phone’s PIN and make sure it is on charge. Encrypting a full device can take a little bit of time, so it’s probably best to do this during some downtime. Google has made it mandatory that Android devices can be encrypted since 2015 and is increasing its efforts to make it less resource intensive on low-end devices.
Matt Burgess is WIRED’s deputy digital editor. He tweets from @mattburgess1
More great stories from WIRED
🏷️ The WIRED edit of the best Black Friday deals still live now
❤️ It’s tempting to share passwords with you partner but you should stop
📧 Nigerian Prince email scams have a long legacy, including boosting the growth of a notorious police unit
🔊 Listen to The WIRED Podcast, the week in science, technology and culture, delivered every Friday
👉 Follow WIRED on Twitter, Instagram, Facebook and LinkedIn