You have in your pockets a snooper's best friend. You take it everywhere: from your office to your bedroom, from the dining room to the lavatory (and hopefully clean it after). It records almost everything you do and can be made to turn against you in a matter of minutes. Believe it or not, the modern day smartphone is a private citizen's worst privacy nightmare.
Think about what you have in there: email addresses and phone numbers from your contacts, calendar appointments, photos, and probably even personal financial information. On top of that, smartphones can continually track your location to build a detailed profile of your whereabouts.
But just because it can doesn't mean you have to let it. Here's five simple steps you can take to control your smartphone security and keep your data, and life, private:
1. Manage your apps
To enjoy all the conveniences of a smartphone you need apps. Unfortunately, apps are the weakest link between your private data and the world. Many access your personal data to 'enhance their experience', leaving you to trust that they will only use this data in a desirable way. Unfortunately, not every app clearly states how they use this information. But there are ways to find out what your app knows about you and to restrict them.
A critical component of your Android smartphone is the permissions system. When you install an app, it notifies you of what it would like to gain access to. You can then install the app, or not. Unfortunately, this system puts a lot of responsibility on the users to know whether these access requests are appropriate.
Fortunately there are multiple ways of visualising app permissions. BitDefender's free Clueful will scan your apps and categorise them as high risk, moderate risk, and low risk. You can then browse each list and click on an app to find out the features it can access. You should uninstall any High Risk apps as they might be pinching your passwords or reading emails.
There's also Malwarebytes' Anti-Malware mobile app, which scans apps and divides them into categories based on the phone feature they have access to, such as your calendar or contacts, giving you full transparency on what your apps are up to.
2. Protect yourself online
In addition to preventing apps from leaking info, you should also minimise the personal data you put out there, even when sharing something as innocuous as images.
Images can reveal a lot of information about you thanks to the exchangeable image file format (EXIF) data attached to them. If you take an image with a GPS-enabled camera or a smartphone it can reveal your location, the time it was taken, as well as the unique ID of the device.
To strip EXIF information from pictures before sharing them you can use Instant EXIF Remover. This app doesn't have an interface, instead once installed it'll be available as an option in the 'Share' action. When selected, the app will intercept any images you wish to share and delete all EXIF data, before passing them on to the email client or any other sharing app.
After securing your images it's time to take control of your web browsing activities. Just like any desktop web browser you can install a variety of add-ons to your Android browser.
The Phony add-on can be used to customise the user-agent on the browser and hide the fact that you are on a mobile device. Then there's Self-Destructing Cookies add-on, which will automatically delete all cookies when you close a site.
For more comprehensive control you can use the CleanQuit add-on, which removes all information about the previous session including the browsing & download history and site preferences.
If you want full anonymity, you should switch to the Orweb browser. It's loaded with plugins to disguise your device, gives you control over cookies, prevents loading of Flash content and keeps no browsing history. However, it requires the Orbot plugin and Orbot is Tor for Android, which may not be something you wish to install.
Protect your communications, device and data
3. Control your communications
You can encrypt SMS messages with the open source app TextSecure, which can encrypt SMS stored locally on your phone. However, to send encrypted messages over the air, the recipient must also have TextSecure or they'll receive unencrypted messages.
Before you can send messages you'll have to create a secure connection with the recipient's device by exchanging keys. TextSecure will send a message to the recipient, whose TextSecure app will automatically respond with a message to establish a secure connection. From then on you send and receive encrypted messages.
To keep your calls safe you can use free RedPhone app for free, which makes encrypted calls over the internet. There's also SilentPhone, which is developed by Phil Zimmerman (who gave us OpenPGP for securing email and ZRTP protocol for securing VoIP calls). The SilentPhone app works on multiple mobile platforms but comes with a $10 (about £6) subscription fee.
Both these solutions create encrypted calls. However the person at the other end of the line must be using the same app.
To encrypt email messages on your mobile device you need the Android Privacy Guard (APG) app, which is an open source implementation of OpenPGP. You'll also need the K-9 email app, which integrates seamlessly with APG.
To use these apps, first launch K-9 and configure it to connect to your email server. Then launch APG and tap the menu button, which brings up the option to manage private keys and public keys. You can export these keys from the desktop and import them into APG. Once the keys are imported, K-9 will display the option to sign and encrypt messages when you write a new email. Conversely it will let you decrypt emails when you receive a new encrypted message.
For encrypting instant messages, you'll need the open source ChatSecure app. The app uses the OTR protocol to enable secure chat sessions over XMPP accounts. Using the app you can have secure chats with your friends over popular networks including Google Talk and Facebook on any OTR compatible client including Pidgin, Adium, and Jitsi.
4. Secure your device
Locking your phone is one thing, but it doesn't help when you want to hand over an unlocked device to someone but still keep some things private.
You can use Screen Locker to lock your screen before handing the phone to someone else. The app disables all forms of inputs and prevents the users from viewing anything other than what's on the screen. You can then enter a preset pattern to unlock the device.
Privacy Master Free will lock access to apps and can also fake a crash to prevent an app from launching. You can also block the task manager as well as USB connections.
AppLock app has, along with the ability to block access to apps, two separate vaults where you can hide photos and videos. The app can also prevent toggling of settings such as WiFi. One of the best features is its ability to create lock profiles. So you can create a list of apps you want to lock when you in the office, and another set when you're with the kids. You can trigger the locks based on time or location.
Applock can also randomly rearrange its numeric keyboard to prevent others from figuring out your password by following your fingers. It also allows you to hide the app from the application drawer to keep its existence on your device a secret.
5. Encrypt your data
The key to securing your phone against any sort of surveillance is end-to-end encryption. Encryption safeguards data against any kind of snooping by making it unintelligible to anyone without the correct decryption keys.
However, there are some caveats involved with the process. For one, encryption is a one-way process, which is to say that once turned on there's no mechanism to turn off the encryption. You'll have to reset your phone to factory settings and lose all your data. Make sure you securely back up your data before initiating the encryption process and don't interrupt the process - if you do you'll lose the data and render the device unusable.
When using the standard Android encryption service make sure you have already set up a lock screen PIN or password. Android will use it as your decryption key. To begin encryption, head to System Settings > Security > Encrypt device. When it's done you'll have to enter the PIN or password each time you boot your phone.
Instead of encrypting the whole device, you can also choose to encrypt selected files. One of the best apps for this purpose is SSE Universal Encryption. The app has three modules: the Password Vault module allows you to safely store passwords and organise them into folders. The Message Encryptor module encrypts snippets of text. But the most interesting option is the File/Dir Encryptor module. It lets you pick a file using the built-in file browser and then encrypts it.