![eb303623](https://pic-cc.com/data/avatars/m/150/150934.jpg?1733143058"){kind=avatar}
eb303623
Master Carder
- Joined
- 01.05.24
- Messages
- 209
- Reaction score
- 1,574
- Points
- 93
Today, we will look into securing our mobile device. I already wrote a guide on Securing Your Mobile Device but this is quite different. We will delve a bit deeper into it.
Let's go,
Today’s smartphone is an incredibly compact, marvelously powerful portable device that is carried on a normal daily basis, and also happens to be able to place and receive calls. For most of us, the collective time spent capturing and reviewing photographs,texting or chatting, streaming music, reading e-books, playing games, Watching Movies and browsing the internet etc. far more time spent actually talking on the phone. I believe it is crucial to notice this distinction and to think about smartphones differently than “just a phone”, and to understand that this conceptualization has serious
security implications.
Why is this distinction important, and how does it impact security? Many still view their phone through the “just a phone” lens and put very little effort into securing it. But with all of their uses, smartphones are now a part of our everyday lives and reflect this daily inclusion more each year. With the Internet of Things becoming a reality, smartphones are now linked to our real, physical worlds in ways that were unimaginable just a few decades ago.
The threats arrayed against smartphones are also increasing. Because they are used everywhere and contain increasingly large chunks of personal information,
smartphones are more dangerous than ever. Fortunately securing them is getting somewhat easier. Both Apple and Google have taken steps to make privacy and security easier, but there are still many ways this can be compromised. There are
many improvements that can be made. Ultimately it is up to the individual user to take control of his or her own security and privacy to the extent possible.
In this chapter, we shall examine the threats against smartphones, of which there are many. I will also discuss how to take your anonymously purchased and registered phone and secure it against these threats.
phone completely secure against the threats they face is an impossible goal. The only way to be completely secure is to forego having a phone at all, an idea that becomes more attractive to me with each passing day, even as it becomes less and less realistic. With the knowledge that a mobile phone can never be completely
secure should come the realization that a smartphone is a security and privacy compromise regardless of the measures you take.
Before you begin the process of securing your device, it is important to note that, the threats arrayed against it. With this knowledge you can assess your own threat profile and the treats from which you wish to defend yourself. The primary threats facing smartphones can be broken down into three broad categories:
1. Metadata collection,
2. Traffic interception, and
3. Hardware exploitation.
whom it was placed, and how long the conversation lasted. Where text and SMS messages are concerned, metadata would include who placed the text and to whom, how often the two text each other, and how many texts are generated
during a conversation. Metadata about text messages and telephone calls can be used to link you with others and to draw conclusions about your level of association.
Historical location data is also a form of metadata that can be collected from smartphones. Combined with call and SMS data, this information amounts to an
alarming body of information. Anyone with this data can see where you went, how long you stayed there, who you talked and texted with, when you left, and where you went after that (as well as all of this data for everyone with whom you interacted). If every individual were legally compelled to carry a personal tracking device at all times, revolt would ensue. In spite of that we still pay hardware
manufacturers and service providers hundreds or thousands of dollars per year for the privilege of carrying a tracking device in our pockets.
This is because a phone (whether smart or dumb) is, first and foremost, a tracking device. In order for the phone to function correctly it must be able to connect to nearby service towers. These tower connections or “check-ins” are the most common way mobile phones are tracked and can be used for both Near-Real-Time
(NRT) and historical data. Cell providers can access your location data now and forever through your use of their towers. Law enforcement may do so through
warrants to obtain the tower data, or through cellular site simulators.
Smartphones may also be tracked through a number of other means as well. Most smartphones utilize an internal Global Positioning System (GPS) to provide mapping and other location-specific services. The GPS data may be shared by a
number of applications and transmitted back to numerous third-parties. Other technologies such as Wi-Fi and Bluetooth may also allow their location (and that of their owners) to be tracked, often with extremely high levels of precision.
Location tracking may not seem like a big deal or it may seem so beyond the pale that few will worry about it. However, location tracking can reveal a great deal of very sensitive personal information about you. It can reveal with whom you meet, where you meet, and for how long. Location tracking can reveal what church you go to, how often you go, or whether you go at all. It can reveal your interests and
hobbies as well. Do you visit gun stores, marijuana dispensaries, adult-themed shops or club, or other niche locations? Do you attend politically - oriented conventions, speeches, or protests? Do you attend alcohol or drug-addiction recovery meetings or clinics? Have you had a one-night stand lately?
If you took your phone with you (and it is a near certainty that you did), your cell service provider knows all of this about you. The stores and shops are mapped,
and the trysts can be extrapolated from the confluence of two phones in the same location overnight. Some of the apps on your device know where you’ve been, too. In all likelihood, so does your device’s hardware manufacturer. Though none of these things may seem especially provocative or embarrassing to you now, how
would you feel if this data was breached or accessed through a court order by law enforcement? How will you feel about those actions in 10 years? Data storage is
cheap and it is unlikely that any of this information will ever be forgotten.
concern for individuals traveling overseas or those who work on exceptionally sensitive projects, it is also still a concern for the average individual. Cell site simulators have placed the ability to intercept voice and data traffic in the hands of even small local police departments. And as security guru Bruce Schneier reminds us, “Today’s National Security Agency (NSA) secrets become tomorrow’s Doctor of Philosophy (PhD) thesis and the next day’s hacker tools”.
CELL SITE SIMULATORS :
Cell site simulators are devices that, as the name suggests, masquerade as legitimate cell phone towers. These devices are useful only in a relatively small
area, but they emit a very powerful signal that forces all the phones in that area to connect to the simulator rather than legitimate towers. Once connected these
devices collect metadata about every device in the area, not just the target’s. They can capture the content of phone calls, texts, emails, etc...
impressive quantities of data (up to 256GB in the case of the iPhone). A smartphone may contain or be able to access tens of thousands of emails, thousands of photos, personal and intimate text messages, logins, web browsing
history, call histories, and more. The loss of a device can potentially give all of this information away to anyone who bothers to look, which will almost certainly be someone. Like so many problems in the security world, the best solution to
hardware exploitation is encryption. Well-implemented encryption and a strong passcode are the surest defense against this type of exploitation.
Another potential avenue through which your hardware may work against you is camera and microphone hijacking. Sometimes this is a feature, not a bug. In the
case of some smartphones with voice-recognition capabilities, the phone may “listen” constantly, even when you are not using the voice recognition feature. This information is recorded, saved, and analyzed. Your camera and/or
microphone can also be compromised by malware that allows the attacker to turn one or both on at will. Microphones may be hijacked by government agencies by calling into the phone in a way that does not make the phone show any signs of being on or operating but leaves the line open so an eavesdropper can hear
everything within earshot of the device.
iOS DEVICES: A badge will typically be displayed on the settings icon when an update is available. If you suspect an update is available but do not have a badge on the Settings icon, you can search for and update manually. If an update is available, follow the instructions and allow it to download and install.
Application updates are made available for iOS devices through the App Store. You have the option to have app updates download and install automatically or on
demand.
On most Android devices you will still have to choose to encrypt the device. I recommend you use a very strong password for your
iPhone, to make it very hard for anyone to crack.
constantly sends out probes searching for all networks that it “knows”. Knowing a network means that you have previously connected to that network and have not
manually removed it. These probes can be identified and can set you up for an evil twin attack.
An evil twin attack occurs when an attacker sets up a rogue Wi-Fi access point that masquerades as a legitimate access point. Unsuspecting users will connect to it, not realizing that all traffic transmitted over it is being intercepted. If the attacker conducts this attack in real time, he or she can make it more effective by making a network with the same name as a network your phone knows. By capturing your phone’s probes, he or she can see these networks and quickly set up a malicious network of the same name. Your phone will automatically connect to that network when it recognizes the name, and all your traffic will be routed through that network.
Leaving Wi-Fi on can also allow an attacker to discover a great deal about your pattern of life in the real world. He or she can see which Wi-Fi access points you have connected to and map these networks using websites like wigle.net. If you connect to a typical number of wi-Fi networks and these probes are captured, a quick analysis will likely reveal where you live, work, and the coffee shops, stores, and bars that you frequent. Several national retail stores have been caught using unique sets of Wi-Fi probes to track customers around stores to identify their
shopping behavior.
To avoid this, I recommend keeping Wi-Fi off when you are not actively using it. At home, for instance, I will enable Wi-Fi long enough to download podcasts, application updates, and other bandwidth intensive data. I then immediately turn it off. It is very easy to forget to turn it off when you leave your home or office. Not only does leaving Wi-Fi on have security ramifications, your phone’s constant searching for a signal can drain your battery rapidly.
In addition, when you are finished using a wireless network that you will never use again, you should remove the network from the list of networks in your phone. One complaint that I have about iOS is that it never forgets a wireless network and doesn’t let you remove that network manually if you don’t remove while connected to it. This means that every Wi-Fi network that you have ever
connected to is still remembered and searched for by your phone. If you have had your phone for a couple of years, or have rebuilt new phones from previous iTunes
backups, there may be scores of Wi-Fi networks on your phone that make your device unique and reveal quite a lot about your pattern of life. If you wish to
remove them (and I strongly recommend you do), you can reset all network connections. Be aware that this will remove all of your Wi-Fi networks as well as any credential-authenticated VPNs that you have set on your device. If you have been careless with Wi-Fi up to this point, it is not a bad idea to start fresh. To do this, go to Settings > General > Reset > Reset Network Settings.
short distances from a receiver. Bluetooth traffic can also be intercepted and though the security protocols for Bluetooth have gotten better, it can still be broken by a sufficiently skilled attacker. Because of its susceptibility to attacks like Bluebugging, Bluejacking, and Bluesnarfing, Bluetooth should be turned off when not actively in use. Bluetooth can be toggled on and off by accessing the control center in both Android and iOS devices.
consent. Though it may do more good on some apps than others, I prefer to restrict the ability to use cellular data to only those applications and services that
truly need it.
aircraft’s navigation and communication systems. Placing the device in airplane mode eliminates all communication, including your ability to send and receive texts, phone calls, emails, or anything else requiring a cellular or data connection.
Airplane mode may be useful for privacy and security in certain instances: if you want to disable all transmission from the phone (when having a sensitive conversation, for instance) you can do so easily with the push of a single button. It
can be used to defeat location tracking by Apple, Google, or any of the apps that are installed on your phone. I am a big proponent of using airplane mode frequently. As a word of warning, this is not a one-hundred percent solution. As
long as the phone has power applied (even if it is turned off), it may be accessed by entities with the requisite technology (US Government for example) and should not be relied upon to fully protect you.
disabled, the phone cannot be tracked if it is lost or stolen. iOS offers very granular control over what applications request access to your location data. I recommend
leaving Location Services on and individually selecting apps and services that can access this data. You should limit these applications to the smallest number of
apps possible.
Let's take this for example ;
The following details were extracted from the hex data of a video file that I created on an iOS device.
FORMAT: MPEG-4
FORMAT PROFILE: QuickTime
FILE SIZE: 7.00 MB
DURATION: 30s 82ms
RECORDED DATE: 2024-09-15T17:46:36-0500
MAKE: Apple
XYZ: +19.369528-81.40232038.8890+161.000/
MODEL: iPhone 13
com.apple.quicktime.software: 6.1.3
As you can see, anyone that possesses this video file would know my phone make and model the operating system installed, and the GPS location of the image
capture. Free programs such as MediaInfo make this collection process automated.
should enforce these settings for each application, it is not a bad idea to view the settings for each app individually. The most dangerous of these settings are Location Services, Contacts, Photos, Microphone, and Camera. Some applications may have a legitimate need for access to these functions that may not be readily apparent. For example, two-factor authentication apps often request access to the camera. Though this may not seem necessary the app does need the ability to scan
QR codes when setting up two-factor authentication on a new account. Regardless, when in doubt deny the permission and if it interferes with the function of the app, you can temporarily or permanently allow it in the future.
constantly communicating with several servers. It is exchanging information about your contacts, messages, and activities with numerous data collection sources. On many devices, the audio noise occurring near the unit is being recorded as a “feature” for use within apps. You may have followed my methods of having an anonymous phone. This will provide an amazing layer of security, but it will not stop the data transmissions about your alias.
If you shut your device completely down, or at least place it in airplane mode without any active connections, you prevent this data from escaping. You may choose to simply turn your phone off at night. If you use it as an alarm, disable the cellular, Wi-Fi, GPS, and Bluetooth connections very important. You may choose to take this to another level and shut down your device while traveling. I like both of the
following strategies.
o When traveling toward your residence or workplace, turn the device off within five miles. This will prevent your cellular records from profiling these important locations. When leaving your residence or workplace, turn the device back on after passing the five-mile radius.
o If you travel extensively, turn your device off before arriving at an airport and back on when needed away from the airport in the new city. This will create a wild pattern and chaos will appear normal in your profile. If your records are ever compromised or monitored, and your device is turned off routinely, this will appear normal to the viewer.
Remember that even with a VPN on your device, it is still connected to a cellular provider. You cannot prevent them from knowing the location of the device if the
cellular connection is established. Possessing a device completely in an alias name cannot stop the companies from tracking the device, but they will have no idea
that you are the owner. Below, I will detail my individual configuration which may inspire you to create your own strategy.
CONCLUSION :
This brings us to the end of mobile phone or smartphone Security. Hope this guide will help you secure and give your mobile device privacy.
GOODLUCK !
Let's go,
Today’s smartphone is an incredibly compact, marvelously powerful portable device that is carried on a normal daily basis, and also happens to be able to place and receive calls. For most of us, the collective time spent capturing and reviewing photographs,texting or chatting, streaming music, reading e-books, playing games, Watching Movies and browsing the internet etc. far more time spent actually talking on the phone. I believe it is crucial to notice this distinction and to think about smartphones differently than “just a phone”, and to understand that this conceptualization has serious
security implications.
Why is this distinction important, and how does it impact security? Many still view their phone through the “just a phone” lens and put very little effort into securing it. But with all of their uses, smartphones are now a part of our everyday lives and reflect this daily inclusion more each year. With the Internet of Things becoming a reality, smartphones are now linked to our real, physical worlds in ways that were unimaginable just a few decades ago.
The threats arrayed against smartphones are also increasing. Because they are used everywhere and contain increasingly large chunks of personal information,
smartphones are more dangerous than ever. Fortunately securing them is getting somewhat easier. Both Apple and Google have taken steps to make privacy and security easier, but there are still many ways this can be compromised. There are
many improvements that can be made. Ultimately it is up to the individual user to take control of his or her own security and privacy to the extent possible.
In this chapter, we shall examine the threats against smartphones, of which there are many. I will also discuss how to take your anonymously purchased and registered phone and secure it against these threats.
SMARTPHONE THREATS
Always not that, There is no perfect secure solution to any security problem, and making your phone completely secure against the threats they face is an impossible goal. The only way to be completely secure is to forego having a phone at all, an idea that becomes more attractive to me with each passing day, even as it becomes less and less realistic. With the knowledge that a mobile phone can never be completely
secure should come the realization that a smartphone is a security and privacy compromise regardless of the measures you take.
Before you begin the process of securing your device, it is important to note that, the threats arrayed against it. With this knowledge you can assess your own threat profile and the treats from which you wish to defend yourself. The primary threats facing smartphones can be broken down into three broad categories:
1. Metadata collection,
2. Traffic interception, and
3. Hardware exploitation.
1. METADATA
Metadata is data about data. In the context of a telephone conversation, metadata would not include the content of the call, the actual conversation. Metadata would include such information as who placed the call, to whom it was placed, and how long the conversation lasted. Where text and SMS messages are concerned, metadata would include who placed the text and to whom, how often the two text each other, and how many texts are generated
during a conversation. Metadata about text messages and telephone calls can be used to link you with others and to draw conclusions about your level of association.
Historical location data is also a form of metadata that can be collected from smartphones. Combined with call and SMS data, this information amounts to an
alarming body of information. Anyone with this data can see where you went, how long you stayed there, who you talked and texted with, when you left, and where you went after that (as well as all of this data for everyone with whom you interacted). If every individual were legally compelled to carry a personal tracking device at all times, revolt would ensue. In spite of that we still pay hardware
manufacturers and service providers hundreds or thousands of dollars per year for the privilege of carrying a tracking device in our pockets.
This is because a phone (whether smart or dumb) is, first and foremost, a tracking device. In order for the phone to function correctly it must be able to connect to nearby service towers. These tower connections or “check-ins” are the most common way mobile phones are tracked and can be used for both Near-Real-Time
(NRT) and historical data. Cell providers can access your location data now and forever through your use of their towers. Law enforcement may do so through
warrants to obtain the tower data, or through cellular site simulators.
Smartphones may also be tracked through a number of other means as well. Most smartphones utilize an internal Global Positioning System (GPS) to provide mapping and other location-specific services. The GPS data may be shared by a
number of applications and transmitted back to numerous third-parties. Other technologies such as Wi-Fi and Bluetooth may also allow their location (and that of their owners) to be tracked, often with extremely high levels of precision.
Location tracking may not seem like a big deal or it may seem so beyond the pale that few will worry about it. However, location tracking can reveal a great deal of very sensitive personal information about you. It can reveal with whom you meet, where you meet, and for how long. Location tracking can reveal what church you go to, how often you go, or whether you go at all. It can reveal your interests and
hobbies as well. Do you visit gun stores, marijuana dispensaries, adult-themed shops or club, or other niche locations? Do you attend politically - oriented conventions, speeches, or protests? Do you attend alcohol or drug-addiction recovery meetings or clinics? Have you had a one-night stand lately?
If you took your phone with you (and it is a near certainty that you did), your cell service provider knows all of this about you. The stores and shops are mapped,
and the trysts can be extrapolated from the confluence of two phones in the same location overnight. Some of the apps on your device know where you’ve been, too. In all likelihood, so does your device’s hardware manufacturer. Though none of these things may seem especially provocative or embarrassing to you now, how
would you feel if this data was breached or accessed through a court order by law enforcement? How will you feel about those actions in 10 years? Data storage is
cheap and it is unlikely that any of this information will ever be forgotten.
2. TRAFFIC INTERCEPTION
Traffic interception is the practice of capturing the actual content of your phone calls, texts, and emails. While traffic interception is a major concern for individuals traveling overseas or those who work on exceptionally sensitive projects, it is also still a concern for the average individual. Cell site simulators have placed the ability to intercept voice and data traffic in the hands of even small local police departments. And as security guru Bruce Schneier reminds us, “Today’s National Security Agency (NSA) secrets become tomorrow’s Doctor of Philosophy (PhD) thesis and the next day’s hacker tools”.
CELL SITE SIMULATORS :
Cell site simulators are devices that, as the name suggests, masquerade as legitimate cell phone towers. These devices are useful only in a relatively small
area, but they emit a very powerful signal that forces all the phones in that area to connect to the simulator rather than legitimate towers. Once connected these
devices collect metadata about every device in the area, not just the target’s. They can capture the content of phone calls, texts, emails, etc...
3. HARDWARE EXPLOITATION
Hardware exploitation is taking data directly from the device through physical access. It is hardly news that smartphones store impressive quantities of data (up to 256GB in the case of the iPhone). A smartphone may contain or be able to access tens of thousands of emails, thousands of photos, personal and intimate text messages, logins, web browsing
history, call histories, and more. The loss of a device can potentially give all of this information away to anyone who bothers to look, which will almost certainly be someone. Like so many problems in the security world, the best solution to
hardware exploitation is encryption. Well-implemented encryption and a strong passcode are the surest defense against this type of exploitation.
Another potential avenue through which your hardware may work against you is camera and microphone hijacking. Sometimes this is a feature, not a bug. In the
case of some smartphones with voice-recognition capabilities, the phone may “listen” constantly, even when you are not using the voice recognition feature. This information is recorded, saved, and analyzed. Your camera and/or
microphone can also be compromised by malware that allows the attacker to turn one or both on at will. Microphones may be hijacked by government agencies by calling into the phone in a way that does not make the phone show any signs of being on or operating but leaves the line open so an eavesdropper can hear
everything within earshot of the device.
OS AND APP UPDATE
Keeping the operating system and applications on your mobile device up to date is just as crucial as it is on your home computer. OS and application updates are patched to add more function. In nearly all cases they also patch known security vulnerabilities.iOS DEVICES: A badge will typically be displayed on the settings icon when an update is available. If you suspect an update is available but do not have a badge on the Settings icon, you can search for and update manually. If an update is available, follow the instructions and allow it to download and install.
Application updates are made available for iOS devices through the App Store. You have the option to have app updates download and install automatically or on
demand.
ENCRYPTION AND PASSCODES
This section is one of the most important to the physical security of a mobile device. Apple has used very strong full-disk encryption Advance Encryption Standard (AES) on iOS devices since iOS 3 and the iPhone 3GS. To take advantage of this encryption, you must passcode-protect the device.On most Android devices you will still have to choose to encrypt the device. I recommend you use a very strong password for your
iPhone, to make it very hard for anyone to crack.
WIRELESS FIDELITY (WIFI)
Wi-Fi should be turned off when not in use or you are not connected to a network that you trust. When your device is not connected to a network and Wi-Fi is on, it constantly sends out probes searching for all networks that it “knows”. Knowing a network means that you have previously connected to that network and have not
manually removed it. These probes can be identified and can set you up for an evil twin attack.
An evil twin attack occurs when an attacker sets up a rogue Wi-Fi access point that masquerades as a legitimate access point. Unsuspecting users will connect to it, not realizing that all traffic transmitted over it is being intercepted. If the attacker conducts this attack in real time, he or she can make it more effective by making a network with the same name as a network your phone knows. By capturing your phone’s probes, he or she can see these networks and quickly set up a malicious network of the same name. Your phone will automatically connect to that network when it recognizes the name, and all your traffic will be routed through that network.
Leaving Wi-Fi on can also allow an attacker to discover a great deal about your pattern of life in the real world. He or she can see which Wi-Fi access points you have connected to and map these networks using websites like wigle.net. If you connect to a typical number of wi-Fi networks and these probes are captured, a quick analysis will likely reveal where you live, work, and the coffee shops, stores, and bars that you frequent. Several national retail stores have been caught using unique sets of Wi-Fi probes to track customers around stores to identify their
shopping behavior.
To avoid this, I recommend keeping Wi-Fi off when you are not actively using it. At home, for instance, I will enable Wi-Fi long enough to download podcasts, application updates, and other bandwidth intensive data. I then immediately turn it off. It is very easy to forget to turn it off when you leave your home or office. Not only does leaving Wi-Fi on have security ramifications, your phone’s constant searching for a signal can drain your battery rapidly.
In addition, when you are finished using a wireless network that you will never use again, you should remove the network from the list of networks in your phone. One complaint that I have about iOS is that it never forgets a wireless network and doesn’t let you remove that network manually if you don’t remove while connected to it. This means that every Wi-Fi network that you have ever
connected to is still remembered and searched for by your phone. If you have had your phone for a couple of years, or have rebuilt new phones from previous iTunes
backups, there may be scores of Wi-Fi networks on your phone that make your device unique and reveal quite a lot about your pattern of life. If you wish to
remove them (and I strongly recommend you do), you can reset all network connections. Be aware that this will remove all of your Wi-Fi networks as well as any credential-authenticated VPNs that you have set on your device. If you have been careless with Wi-Fi up to this point, it is not a bad idea to start fresh. To do this, go to Settings > General > Reset > Reset Network Settings.
BLUETOOTH
Bluetooth presents challenges similar to those presented by Wi-Fi. Bluetooth can be used to track your location to a very high degree of accuracy (though only overshort distances from a receiver. Bluetooth traffic can also be intercepted and though the security protocols for Bluetooth have gotten better, it can still be broken by a sufficiently skilled attacker. Because of its susceptibility to attacks like Bluebugging, Bluejacking, and Bluesnarfing, Bluetooth should be turned off when not actively in use. Bluetooth can be toggled on and off by accessing the control center in both Android and iOS devices.
CELLULAR DATA
Cellular data is the primary communications pathway for mobile phones and tablets that have a cellular data plan. By default, many applications and services on your device will want to access or use your cellular data. Allowing all applications and services to use this data has two potential consequences. Most prosaically, this uses the expensive data that you pay for each month. From a security standpoint, access to a communication pathway allows the application a way to transmit and share data in the background without your knowledge or explicit consent. Though it may do more good on some apps than others, I prefer to restrict the ability to use cellular data to only those applications and services that
truly need it.
AIRPLANE MODE
Airplane mode is designed to allow you to turn off all transmit and receive capabilities (interfaces) inherent to the phone with the touch of a single button. This allows the device to be used on aircraft without risk of interfering with the aircraft’s navigation and communication systems. Placing the device in airplane mode eliminates all communication, including your ability to send and receive texts, phone calls, emails, or anything else requiring a cellular or data connection.
Airplane mode may be useful for privacy and security in certain instances: if you want to disable all transmission from the phone (when having a sensitive conversation, for instance) you can do so easily with the push of a single button. It
can be used to defeat location tracking by Apple, Google, or any of the apps that are installed on your phone. I am a big proponent of using airplane mode frequently. As a word of warning, this is not a one-hundred percent solution. As
long as the phone has power applied (even if it is turned off), it may be accessed by entities with the requisite technology (US Government for example) and should not be relied upon to fully protect you.
LOCATION SERVICES
The absolute best practice would be to disable Location Services entirely but there are negative security consequences to that. With Location Services completely disabled, the phone cannot be tracked if it is lost or stolen. iOS offers very granular control over what applications request access to your location data. I recommend
leaving Location Services on and individually selecting apps and services that can access this data. You should limit these applications to the smallest number of
apps possible.
EXIF DATA
We discussed this earlier on how metadata within photos, often called Exif data, could potentially identify sensitive data within the image files. This has become fairly common knowledge. However, many people become careless when distributing video files created on mobile devices. Let's take this for example ;
The following details were extracted from the hex data of a video file that I created on an iOS device.
FORMAT: MPEG-4
FORMAT PROFILE: QuickTime
FILE SIZE: 7.00 MB
DURATION: 30s 82ms
RECORDED DATE: 2024-09-15T17:46:36-0500
MAKE: Apple
XYZ: +19.369528-81.40232038.8890+161.000/
MODEL: iPhone 13
com.apple.quicktime.software: 6.1.3
As you can see, anyone that possesses this video file would know my phone make and model the operating system installed, and the GPS location of the image
capture. Free programs such as MediaInfo make this collection process automated.
CONSIDER APPS CAREFULLY
The biggest thing you can do from a privacy standpoint is limit the number of applications that you install on your phone to the absolute minimum. Each additional application you install on your device introduces new potential vulnerabilities. Before installing a new app, ask yourself if you really need it. If you decide that you do need a particular application, do your due diligence. See what it does in the background and read its privacy policy carefully. REVIEW APP PERMISSION
You should verify the permissions that each app on your device is allowed access to is actually needed for the function of that app. Though changing global settings should enforce these settings for each application, it is not a bad idea to view the settings for each app individually. The most dangerous of these settings are Location Services, Contacts, Photos, Microphone, and Camera. Some applications may have a legitimate need for access to these functions that may not be readily apparent. For example, two-factor authentication apps often request access to the camera. Though this may not seem necessary the app does need the ability to scan
QR codes when setting up two-factor authentication on a new account. Regardless, when in doubt deny the permission and if it interferes with the function of the app, you can temporarily or permanently allow it in the future.
A FINAL STRATEGY FOR SMARTPHONE SECURITY
Sometimes, the best solutions are the simplest. I believe that one extremely powerful, yet simple idea, is to turn your device off when not in use. Compare your smartphone to your computer. Do you shut down your computer when not in use? Do you leave it on all night every night? We need to view smartphones as computer, which they are. While you sleep or work away from your device, it is constantly communicating with several servers. It is exchanging information about your contacts, messages, and activities with numerous data collection sources. On many devices, the audio noise occurring near the unit is being recorded as a “feature” for use within apps. You may have followed my methods of having an anonymous phone. This will provide an amazing layer of security, but it will not stop the data transmissions about your alias.
If you shut your device completely down, or at least place it in airplane mode without any active connections, you prevent this data from escaping. You may choose to simply turn your phone off at night. If you use it as an alarm, disable the cellular, Wi-Fi, GPS, and Bluetooth connections very important. You may choose to take this to another level and shut down your device while traveling. I like both of the
following strategies.
o When traveling toward your residence or workplace, turn the device off within five miles. This will prevent your cellular records from profiling these important locations. When leaving your residence or workplace, turn the device back on after passing the five-mile radius.
o If you travel extensively, turn your device off before arriving at an airport and back on when needed away from the airport in the new city. This will create a wild pattern and chaos will appear normal in your profile. If your records are ever compromised or monitored, and your device is turned off routinely, this will appear normal to the viewer.
Remember that even with a VPN on your device, it is still connected to a cellular provider. You cannot prevent them from knowing the location of the device if the
cellular connection is established. Possessing a device completely in an alias name cannot stop the companies from tracking the device, but they will have no idea
that you are the owner. Below, I will detail my individual configuration which may inspire you to create your own strategy.
| Primary Device Hardware: iPhone 13 Carrier: Various Primary Alias Incoming/Outgoing Calls: Google Voice/Talkatone (non-personal use only) Secondary Alias Outgoing Calls: Silent Circle Secure Personal Incoming/Outgoing Calls: Signal Primary Alias Text Messaging: Google Voice/Talkatone Secure Personal Text Messaging: Signal/Matrix Secure Personal Email: Tuta VPN: Mullvad Vpn NOTE: Because the iPhone is capable of operating on both CDMA and GSM networks I alternate between a variety of providers. Because I nearly always have a Wi-Fi connection, I only need a limited phone plan and go with the smallest and most economical prepaid plans available. I have no need to maintain the same telephone number for any extended period of time. |
| Secondary Device Hardware: iPad Touch Carrier: None Primary Alias Incoming/Outgoing Calls: Google Voice/Talkatone Primary Alias Text Messaging: Google Voice/Talkatone Primary Secure Voice: Signal Secure Text Messaging: Matrix Secure Email: Tuta (different account if needed) VPN: Mullvad vpn (different account) NOTES: I purchased this lightly used, latest-generation iPod Touch. I paid more for it than most used devices of similar age and condition but am confident it is not a stolen device. I keep it turned off at all times when not in use, it is never connected to my home Wi-Fi network, none of the accounts on it are associated with true name personal accounts, and it is on a completely separate iTunes/iCloud account. This means I had to pay for some apps twice but I am OK with that. |
CONCLUSION :
This brings us to the end of mobile phone or smartphone Security. Hope this guide will help you secure and give your mobile device privacy.
GOODLUCK !
