Web Culture

Ten Common Smartphone Mistakes That Expose You To Security Risks

Kihara Kimachia 20-01-2014

The smartphone has evolved into an integral part of life. Think about it, how many times do you use your phone for some task in single day? Numerous times I suppose. Yet, for a device that is so important, I am often shocked by the mistakes people make on their smartphones and unnecessarily expose themselves to security risks.


The following is a run-down of ten of the most common smartphone mistakes.

Not Locking That Phone

It may be a tad irritating to have to enter a screen lock password every time you want to use your phone but this is one of the easiest ways to prevent unauthorized access and/or use of your phone. While tech savvy villains can crack any screen lock security with time, implementing this measure provides you with at least some basic form of security that will prevent most people from accessing your phone.

The best type of screen lock is a PIN or password. Avoid screen lock patterns Which Is More Secure, A Password Or a Pattern Lock? Our smartphones carry a lot of personal information. All of your text messages, emails, notes, apps, app data, music, pictures, and so much more are all on there. While it's a very great convenience to... Read More which can easily be hacked. Set the phone to lock the screen after one minute of being idle.


Joining Public Wi-Fi Networks

Public Wi-Fi networks may be cheap but they are also a major security risk. Information sent over public Wi-Fi networks is visible to anyone on the network if they know how to view it. Hackers can easily steal your information and remotely access your device. If you must use a public Wi-Fi network, connect to the Internet using a VPN The Best VPN Services We've compiled a list of what we consider to be the best Virtual Private Network (VPN) service providers, grouped by premium, free, and torrent-friendly. Read More . VPN stands for Virtual Private Network and is a method to connect to websites securely even on public networks. Otherwise, use your mobile data network.



Not Using An Antivirus & Other Security Software

Many people don’t realize that a smartphone is actually a computer and is still prone to the same malware risks. They will go to great lengths to make sure they have the latest and most up-to-date antivirus for their PC but have zero protection for their smartphone. According to the Journal of Information Systems Technology and Planning, over 96% of smartphones do not have pre-installed security software. Few smartphone users go to the trouble of installing antivirus and other security software.

Some good free antivirus software for Android phones include; Bitdefender, AVG and Avast. Apple says their iPhones are practically impermeable to malware but only time will tell.

By installing an antivirus on your smartphone, you also avoid transferring a virus to your computer via USB which is a common problem these days. In addition to that, it is also a good idea to install antitheft software that prevents access to your phone after it has been stolen. An application such as Prey Use Prey & Never Lose Your Laptop Or Phone Again [Cross-Platform] Here’s the thing about mobile and portable devices: since they aren't tethered to anything, it’s almost too easy to lose them or, worse, have them stolen from right under your nose. I mean, if you... Read More wipes your data remotely if your phone is stolen.


To track your phone using GPS, you can also install an app such as Where’s My Droid for Android or Find My iPhone for iPhones.

Forgetting To Install Those Updates

Smartphone manufacturers and app developers regularly issue software updates to improve functionality and to patch security gaps. In general, you should accept updates to your phone’s operating system as soon as you are notified. The same goes with apps running on your phone. Make it a habit to regularly update the software running on your smartphone.


Not Verifying Your Apps

Few people verify apps before they download and install them. By verify, I mean checking to see the developer’s history, prior products, reviews and going online to carry out some basic research before installing an app. Many smartphone users download and install apps that come packaged with malware that gives a remote hacker root access. The problem is mainly with Android phones due to the relaxed rules required to host an app in the Play Store. iPhone users are safer due to Apple’s closed wall policy.



Simply Tapping On Links

According to RSA’s cyber security experts, smartphone users are more susceptible to phishing attacks than desktop users. They tend to be less vigilant about security. It is harder to spot a fake login page on a smartphone than on a computer. Further, shortened URLs make it harder to detect illegitimate addresses. The best defense is to avoid clicking on links sent via SMS or instant messaging apps. Also, always open email links using your computer.


Jailbreaking or Rooting

I know I will get lots of flak for this from hardcore ‘jailbreakers’ and ‘rooters’ on this one. The fact of the matter is that non-rooted Android devices and non-jailbroken iPhones have security safeguards that limit the amount of access a user has to vital parts of the phone’s operating system. Jailbreaking or rooting gives you access to hidden system settings that allows you to do much more with your phone. Of course, the price you pay for that is greater security risk.


But, I am not saying you should not jailbreak or root your phone. All I am saying is that if you choose to do so, make sure you know what you are doing. If you are new to these concepts, please read our Android Rooting Guide The Complete Guide to Rooting Your Android Phone or Tablet So, you want to root your Android device? Here's everything you need to know. Read More and our article on Jailbreaking for newbies A Newbie's Guide to Jailbreaking [iPhone/iPod Touch/iPad] Read More .

Ten Common Smartphone Mistakes That Expose You To Security Risks jailbreak

Not Switching Off Bluetooth

Have you heard of the terms bluejacking, bluebugging or bluesnarfing? These all describe a situation where a hacker gains access to your phone using your Bluetooth connection. Using this technique, the hacker only needs to be at least 30 feet away from you and you’ll never know what hit you. Within seconds, a Bluesnarfer can steal data such as confidential information and even login data to various sites. So, unless you are transferring or receiving a file, switch off your Bluetooth connection.

Ten Common Smartphone Mistakes That Expose You To Security Risks bluetooth logo

Forgetting To Log Out

If you are always logged into PayPal, Amazon, eBay and other sensitive sites where your finances are within easy reach, you might as well leave your credit card lying on the table at your local eatery. Don’t keep your phone permanently logged into such websites. Don’t check the box in the app that asks to save your username and password. It is convenient not to have to log into the app every time but it exposes you to considerable financial risk. If your phone were to be stolen, a thief would have unrestricted access to your finances and you could end up with a massive bill for things you never bought.

The same goes for a browser. If you log into sensitive sites such as mentioned above, do not give the browser permission to save your username and password. Also, make sure you clear your browser history after surfing for sensitive material. Chris Hoffman published an excellent article on how to delete your Android browser history How to Delete Your Browsing History on Android Here's how to delete your browsing history in popular Android browsers, including Chrome, Firefox, Dolphin, and more. Read More and for the iPhone users, read “How to Delete Any and All History on Your iPhone How to Delete Any & All History on Your iPhone Whether you want to selectively delete a few records or indiscriminately nuke the whole lot, this is how you do it. Read More ” by Joshua Lockhart.


Storing Sensitive Data On Your Phone

I have never quite understood why some people insecurely store credit card PINs, bank online passwords, social security numbers and other such sensitive data on their phones. In the event your phone is stolen, it wouldn’t take a genius to figure out that a four digit number stored as a phone contact is a PIN to one of your accounts. With a bit more digging, a clever crook can mess up your life.

Ten Common Smartphone Mistakes That Expose You To Security Risks muo cardclone keyboard

The Take Away

The safeguards for all the mistakes listed here are easy and simple to implement. The problem is that many people take security for granted and assume the worst won’t happen to them. Security is about ‘when‘ you get hit not ‘if‘you get hit. At the end of the day, you must take charge of your smartphone’s security.

Now, over to you, are you guilty of any of these mistakes? What other security recommendations do you have? Please share with us in the comments below.

Image credits: warrenski via Flickr, Rocco Lucia via Flickr,  quinn.anya via Flickr,  ryanne via Flickr, Shopping Cart Icon Via Shutterstock

Affiliate Disclosure: By buying the products we recommend, you help keep the site alive. Read more.

Whatsapp Pinterest

Leave a Reply

Your email address will not be published. Required fields are marked *

  1. Anonymous
    February 19, 2014 at 4:06 pm

    The thing about Android's pattern locks; it is very easy for someone to see your pattern when the phone is being unlocked. Try it and you will see what I mean. My blackberry has a 16 digit password. The stuff on it is always encrypted. I keep passwords and bank stuff in my password store, and that's passworded AND encrypted too. My messages (BBM) and email are cannot be snatched out of the air. BB's are known for their security. Wanna play games, get Android or iPhone. Want an online commerce tool that has unquestionable security? BLACKBERRY. End of story.

  2. sl0j0n
    February 10, 2014 at 8:24 pm

    Hello, all.
    I don't why you need bluetooth for "hands free".
    Does your device *not* have a "speaker phone"?
    Even at that, research proves conclusively that simply using *ANY* cellphone while driving is dangerous than drunk driving, in terms of safety.
    My neighbor's nephew, in his early '20s,
    killed himself, texting while driving.
    Clearly, phone use while driving is too dangerous,
    and should be illegal.
    Since it isn't, [in most places] cellphone users *should* restrict cell phone use while driving.
    If I get a call I *must* take, I pull over, and stop, so that I don't endanger myself, and particularly others.
    But then I have been told that I'm a 'reasonable' person.
    Have a GREAT day, neighbors!

  3. LVdave
    January 28, 2014 at 3:49 pm

    Regarding the "turn off bluetooth".. umm.. how is one supposed to do that with a bluetooth hands-free device? I'm FAR more worried about people driving while holding their phone up to their ears than the very rare possiblity of getting "bluejacked".... Otherwise a pretty good writeup..

    • kihara
      January 30, 2014 at 8:24 am

      Well, the risk of being 'bluejacked' while driving isn't too high because you are constantly on the move ...unless of course you are caught up in a gridlock. But, at any other time, it makes sense to turn off your Bluetooth.

  4. dragonmouth
    January 21, 2014 at 8:31 pm

    @Slashee the Cow:
    "But since then, Google has taken efforts to prevent it happening again, and I haven’t seen it happen since they did"
    Just because YOU haven't seen it happen does not mean it hasn't. As far as "Google has taken efforts to prevent it happening again" I would not be so sanguine. In the past couple of days I read another article on Android phone security. (Sorry, I cannot provide a link) In the article the author mentioned that, because Google does not control the Android universe as tightly as Apple controls the iPhone universe, Google does not and cannot screen all of the apps submitted to them for malware.

    If you want to live dagerously, be my guest, after all, it is YOUR phone that will get infected by malware. I just hope that, because of your hubris, that malware is not spread to thousands of other phones.

  5. android underground
    January 21, 2014 at 4:26 pm

    Root your Android! Rooting lets you control all permissions and most privacy (Xprivacy), block ads that can steal your info and be infected with who knows what (AdAway), and run a firewall to keep apps offline that don't need internet to do their job (AFWall+).

    And the anti-theft and remote wipe capabilities of Avast with root options switched on are waaay better than Google's ineffective device manager.

    If you know what you're doing (and it's not that hard), a rooted Android is the safest smartphone you can get.

  6. Smee
    January 21, 2014 at 9:23 am

    Yet another smartphone article with no mention of Windows Phone!

  7. yanice
    January 20, 2014 at 10:06 pm

    Iphones cankt get vurises and are perfect android sucks and is bad

  8. Anonymous
    January 20, 2014 at 6:42 pm

    Thanks for the info, wss preety useful and the concerns raised shows how we take this little safety measure for granted.

  9. RichardJ
    January 20, 2014 at 6:33 pm

    Would you trust an RSA Expert when they couldn't even spot what the NSA was up to?

  10. JOEdirty
    January 20, 2014 at 5:34 pm

    Android itself is a security risk because its based on stealing your information.

  11. Nikola K
    January 20, 2014 at 4:57 pm

    do not lock your phone!
    if its stolen the thief can't unlock it and will want to reset/reinstall it to gain access. This will remove your anti-thief app and will lost it forever.
    Better will be to store sensitive data on encrypted storage.

  12. david
    January 20, 2014 at 1:41 pm

    Thanks for a very informative and very useful article! In the section on Bluetooth, though, did you mean "within 30 feet of you” instead of "at least 30 feet away from you"?

  13. LM
    January 20, 2014 at 1:30 pm

    Very good article. An eye opener. There is one grammatical mistake though. In "Not Locking That Phone" section, it reads "... to prevent authorized access...". It should have been written as "...to prevent unauthorized access...".
    Thank you for your efforts.

  14. LM
    January 20, 2014 at 1:28 pm

    Very good article. An eye opener. There is one grammatical mistake though. In "Not Locking That Phone" section, it reads "... to prevent authorized access...". It should have been written as "...to prevent unauthorized access...".
    Thank you for your efforts.

    • kihara
      January 20, 2014 at 2:28 pm

      Thank you for pointing that out. Oversight on my part.

    • Anonymous
      January 20, 2014 at 2:35 pm

      By grammatical, I think you mean logical.

  15. Slashee the Cow
    January 20, 2014 at 12:53 pm

    Why do people keep saying that the average person with an Android phone needs an antivirus program? You don't, and it'll just drain your battery.

    I'm not by any means an "average person" but most of the people I know with Android phones only ever install apps from the Google Play Store, and your odds of getting malware through that are very, very, very low. (Yes, I know it has happened. But since then, Google has taken efforts to prevent it happening again, and I haven't seen it happen since they did).

    You really only need to worry about viruses and such if you sideload apps frequently from unreputable or unknown (and remind me - why are you doing that?). I'd bet the average Android user - not the sort of person who reads a site like this - probably doesn't know what sideloading is, let alone how to do it (especially in newer versions of Android, which hide the developer settings menu).

    (As for iPhones on the subject of viruses: nothing major yet, but remember a few years ago when you could jailbreak your phone through Safari? Apple fixed the security hole, but imagine if someone nefarious figured out how to do the same thing again... all you'd have to do is visit a compromised website and they'd have complete control).

    As for locking your phone: generally a prudent meausre, however I don't buy that pattern unlocks are particularly unsafe. I've never seen anyone use an alphanumeric password to unlock their phone, it's usually either a four digit pin (total combinations: 10^4 = 10,000) or a pattern unlock (total combinations: 9*8*7*6 = 3,024). Sure, there might be less than a third as many possible patterns, but with either option, the odds of a bad guy guessing the combination before the phone locks itself due to too many tries (if your phone has such an option) are rather low.

    Also, for Android, you no longer need a separate app to track or lock your phone if something happens to it, assuming your phone is running a reasonably new version of Google Play services (which gets automatically updated in the background). Just go to play.google.com, click the gear icon in the top right, and go to Android Device Manager.

    Finally, one more piece of advice, for Android users: please, pay attention to what permissions an app needs. Be suspicious if a simple game or something requires permission to, for example, send SMS messages. If it looks like an app requests more permissions than it should, don't install it and contact the developer to ask why it needs so many permissions.

    • cynflux
      January 20, 2014 at 3:50 pm

      Run the anti-virus when the phone is plugged into a wall outlet.

    • Kevin M
      January 20, 2014 at 8:05 pm

      @Slashee the Cow - it is attitudes like yours that is making mobile hacking such a lucrative sport for hackers and thieves. To think your odds are somehow better downloading from the Google Play Store you are sadly mistaken. The people that want to steal your data understand whats at stake and will go to any and all lengths to make it work. This includes building an app for the Google Play Store that appears clean and appears to serve a valuable purpose. You cannot honestly expect Google to be your savior can you?

      You make some valuable comments otherwise and I agree that the pattern lock should not have been seen as weak. In fact the default pattern lock on Google came under attack by the FBI and CIA last summer because they had phones they could not break with their tools. That has to say something positive about pattern lock tools. I know the US government overall is not that smart but still, worth the note that they cannot break the Google Pattern Lock Tool!!!

      I would also comment on your last topic about permissions. Fact is NO app should be asking to change the permissions. If it cannot run under the permissions setup for the Android it should not be installed and in fact should be reported for the Google team to take a closer look. Unless it is clearly documented on the app info page why it would even need to change permissions I would not trust it as far as I could see it (regardless if is documented or not).

    • Slashee the Cow
      January 21, 2014 at 12:25 am

      I suppose I'd think of Android antivirus as not much use to myself because I pay attention to what I'm installing and what websites I go to. To someone who will just blindly press "accept" on anything asking for permission and click on any link (also covered in the article), an antivirus app might help protect someone from themselves.
      (@Kevin M: I don't entirely expect Google to be my saviour - I know viruses can and have gotten into the Play Store. But these days every app is scanned for virus-like behaviour by Google's servers before it gets published, so I expect that Google's doing at least half the work for me. The other half is probably common sense - IIRC the few viruses that did get into the Play Store were fake versions of apps posing as the real thing.)

      Also, a couple more comments on the article, now that I've had some sleep (I posted my last comment at about midnight):
      "Smartphone manufacturers and app developers regularly issue software updates to improve functionality and to patch security gaps." App developers, sure. Smartphone manufacturers (other than Apple)? Not so much. A lot of Android phones will only receive a few system software upgrades throughout their lifetime (my One X, which HTC recently announced wouldn't receive any more updates, got, by my count, four... from 4.0 to 4.2.2, with one or two security patches along the way). Fortunately, Android isn't exactly rife with security holes itself, so running an older version isn't the end of the world, but if I was on a contract and forced to keep a phone with out of date software for another year or two, I'd be more cautious (and probably be more inclined to install an antivirus app)... that or I'd root it and install a custom ROM with the latest version of Android (which in itself can be a pretty dangerous procedure if you don't know what you're doing, I'd imagine there's more than one ROM out there designed for nefarious purposes).

      "By installing an antivirus on your smartphone, you also avoid transferring a virus to your computer via USB which is a common problem these days."
      I have literally never heard of this happening (though I'm always amenable to being proven wrong, because at least I've learned something).

      Also, about storing PINs or social security numbers (still seems like a funny concept to me, we don't have anything like that down under) in your phone... you shouldn't just be worried about someone getting to that if they steal your phone, smartphones sync so much stuff with the cloud (especially contacts) automatically that someone might just need to break into your account to get to your sensitive information. My point is: make sure your Google account (Android) or iCloud account (iPhone) have a strong password, and if you can (and since you have a smartphone, you probably can), use two-factor authentication. That's something you should be doing anyway, but it's especially important for accounts that might be syncing more sensetive information.

    • panda
      January 21, 2014 at 10:36 pm

      if you dig deep enough, the lock screen pattern is stored as plain looking numbers. that's why

    • Etienne
      January 23, 2014 at 4:40 pm

      Slashee the Cow, you are incorrect about the pattern lock. When I bought my first Android phone a few months ago (previously an iPhone user) I used the pattern lock for a while just to see how I liked it. I "patterned" the character "R", which consisted out of 6 points. So, with the pattern lock you are not limited to just four points as you are with just 4 digits in a PIN. I don't know exactly how many point you can use, but at least with 6 points there are already over 60,000 possibilities. If you can use all 9 points in any random order, there are over 360,000 possible combinations.

    • Denise E
      February 3, 2014 at 2:47 pm

      good to know about that android phone tracking is inbuilt!

  16. yanice
    January 20, 2014 at 12:30 pm