Users can protect their device physically by turning on security features and installing antivirus software with anti-theft capabilities.
In addition, it's important to understand what's happening with our data within apps and why a company thinks it needs the permissions it does.
Children can be particularly at risk from unnecessary permissions, but a new Children's Code puts their privacy at their heart of online design.
The average cost of UK mobile devices has been rising steadily in recent years with the release of expensive flagship devices like the Samsung Galaxy S21 Ultra in early 2021 that had a price tag of £1,149.
In reality, many of us have devices cheaper than this, but mid-range handsets are still likely to cost around £300 to £400.
It makes sense, then, to protect our devices physically.
1. Enable privacy protections
Some mobile users, especially older people who may not easily remember a password or passcode, skip this crucial part of setting up their device.
What this means is that a stranger could pick up their phone from a table in a coffee shop and immediate access some of the private data on it.
Ensure you secure your device in some way through one or more of these methods:
- Pattern recognition
- Face ID
This can slow thieves down and anyone looking for an easy win may be deterred if they see security features when they try to power up the screen.
Certain apps on devices like banking apps can allow customers to turn on biometric recognition or Face ID as an extra layer of security for those apps: don't ignore these features.
2. Turn on phone tracking
Modern operating systems allow users to turn on a location tracking system. These aren't fool proof and a canny thief may be able to circumvent it, but they can give victims of theft or loss the opportunity to find their device.
On iOS, this service is called Find My, and it can help customers locate their missing iPhone or iPad on a map via a customer's iCloud account, and remotely lock it to prevent unauthorised access.
It also features the ability to send a message to the lock screen containing an alternative contact number; whoever has the phone can call the number displayed and that number only.
Even if the device is taken offline, it is possible to setup an email alert to notify us when the device is reconnected to a wi-fi or mobile connection.
Plus, users can adjust the settings on their device to ensure location sharing can't be turned off without a passcode; it's another layer for thieves to get through.
This can be found in the Privacy section of a device's settings, usually under Location Services.
On Android phones, the app that generally comes pre-installed on devices is called Find My Device by Google Play Protect. If it's not pre-installed, it can be downloaded via Google Play.
It offers similar functions, and it allows users to zone in on where their device is via their Google account.
Because Find My and Find My Device are connected to a customer's account rather than the device, they allow account information and other to be scrubbed from that device even if a customer doesn't have it in their hand.
At least this provides some peace of mind for customers if their phones fall into the wrong hands, although it's worth noting it might not work for SD cards inside the phone.
3. Buy antivirus mobile security
Mobile phone security often comes as standard with antivirus software or there are specific mobile security apps generally on annual contracts.
Some of the best features of these apps are: secretly taking photos of the person using the device, remote wiping the phone, remote control via SMS, alarms, even placing a block on the device rendering it useless.
Commonly recommended mobile security apps include:
- Bitdefender Mobile Security (£9.99)
- Norton Mobile Security (£9.99)
- Kaspersky Mobile Security (£9.99)
There are plenty of others available but remember to check the features within a given plan include the ones you need - some mobile security options are only available to customers willing to sign up to monthly subscriptions or pay for a top tier of service.
These apps will also assist with preventing malware and phishing attacks. We cover those in more depth below.
Malware used to be thought of as an exclusively Android problem, yet a large-scale attack on the App Store in 2015 brought iOS malware to wider attention.
Even so, it's fair to say Android still has a bigger problem with fake apps, so Android users need to be more on guard for suspicious software - including more recent types like Ransomware - than iPhone owners.
Luckily, there are plenty of security options out there as we've mentioned above, but it's often worth sticking to the ones from the big names in anti-malware like AVG and Avast.
Most of the big names offer free versions of their apps, which may not feature all the bells and whistles of the premium versions but will nevertheless be kept up to date against new threats.
But remember that a free anti-malware app that we've never heard of, or an app with a similar name to a well-known one from an unknown developer, is probably the opposite - a nasty trick from a dodgy scammer.
Avoid any apps offering "free wallpaper", "free music" or "free anything". If it seems too good to be true, it probably is.
Those who are worried about mobile malware might want to consider combining malware and anti-theft protection by using a phone protection package like one of the paid for products listed above.
Is it safe to buy a Huawei mobile phone? Find out more.
Texting a premium rate number to download mobile content might seem like a bit of a throwback to the days of polyphonic ringtones, but it remains big business for scammers, as too are fake links to pay for missed parcels or check unusual transactions on bank accounts.
Such scams are still a serious threat for mobile users, allowing fraudsters to steal millions each year from unsuspecting consumers.
SMS scams normally work either when a rogue app fires off text messages to a premium rate number owned by the fraudsters or spammers send out messages sometimes along the lines of:
"CAT FACTS, YOU HAVE SUBSCRIBED TO CAT FACTS. TO STOP RECEIVING FACTS ABOUT CATS, TEXT 'STOP' TO 823433. (£12 per message)"
There are also phishing texts, similar to emails that purport to come from a trusted institution, usually a bank, asking you for account or personal information. Never reply to these messages.
Spam texts, just like spam calls, follow trends in subject matter, so it shouldn't be surprising that in recent years there have been an unusual amount relating to PPI, free energy saving schemes, pension reviews, and, most recently, relating to anything and everything connected to the coronavirus pandemic.
Customers can forward spam texts they've received to 7726 (free text number) to enable the authorities to keep on top of the latest threats.
It's like playing Whack-a-Mole for Ofcom and others, though, so the best thing customers can do is keep vigilant to the threats and always remain sceptical of anything unexpected, even if it's from a firm we have dealings with.
Follow these steps if you receive an unexpected message that looks like it could be legitimate:
- Don't click on any links
- Go direct to a company's website if you have an account and check there for any messages
- Check the firm's social media or blog to see if they're aware of similar messages being sent to customers
- Reach out to the company and ask if it's legitimate
It's better to miss out on something than risk getting scammed. Plus, the likelihood is that we're missing out on nothing but an attempted fraud - legitimate companies will always try a different way of getting in touch.
Fraud: how likely is it? Read our guide.
Privacy on mobile
Controlling our personal information while we're on our mobiles can help protect our privacy.
We've written about the reasons why keeping your personal information safe on social media and elsewhere is vital, but this one point bears repeating: never give personal information to an untrusted source.
There are plenty of hurdles to be aware of when it comes to protecting personal information on a mobile phone.
Many applications like Facebook and LinkedIn like to connect us to as many people as possible.
Often, on first use, or after an update, an app will ask if we would like to sync our contacts with our account.
While this can be very useful - as with syncing our phonebook with an online email account such as Gmail - it can lead to such apps sending out emails soliciting connections from people in our phonebook.
Legitimate apps will usually explain what syncing can lead to and give us a yes/no tickbox option; ticking "no" won't affect the app's usability. Should we choose to sync, it should also be possible to "disconnect" again by using the phone's account settings dialogue.
Often, we choose the easiest option, and syncing everything can be so much easier than answering the same question every time. But taking some time to understand what an app is trying to do and why can prevent unnecessary data being synced
Bear in mind, however, that while we can be as careful as possible with our private data, apps can still gain access to at least some of it if someone with our contact data chooses to sync their data with their app.
That's why, when face swap and face ID apps became so popular in 2019/20, there was frustration among some Facebook users who found their data may have passed on by virtue of their friends signing up to the service.
Permissions are theoretically the way our data can be protected from apps, both the good ones we want to use and the ones that find their way onto our devices and mean us harm.
Rogue apps often ask for extra permissions that they really don't need - such as a bakery app asking for access to our phone book or a game asking for permission to make calls.
It's become easier for users to check the permissions already given to apps and check permission options after installing new apps. It's also become more common for app developers to explain why they need the permissions they're requesting.
Apple have caused consternation among advertisers by allowing users to alter their settings in iOS 14.5 to avoid being tracked around the web by ads. The fact that advertisers kicked up such a fuss suggests this feature will make a huge impact on data privacy, but only time will tell.
Parental controls and protection for kids
Choosing a mobile phone for a child and then setting it up with all the right security features can be a worrying process for a parent or guardian, so it's worth understanding a couple of key things and how they work in practice.
Mobile networks block adult or unsuitable content by default and require us to opt in, usually verifying via credit card in order to turn off the restrictions.
This won't prevent access to unsuitable content when a mobile device is hooked up to unprotected wi-fi, however.
Further protection using a third-party app with parental controls can be helpful when mobile phones are being used by children.
Norton Family and Kids Place are often recommended for parents wishing to block access to adult material online, prevent app downloads, texting, making calls or other functions that little hands might be tempted to alter.
Some ISPs include network level parental controls with their packages which cover connected phones - we've got a full guide to those services here.
There are also device-specific protections which can usually be adjusted via the settings menus on iOS and Android.
If in doubt about whether a setting needs to be switched on for a child's phone to function properly, turn it off and see if it changes the functionality of the device.
Apps and features that use our location can be incredibly useful as we've already seen above with the ability to find our phone if it's stolen.
Yet there can be an insidious side to location tracking, especially where kids and their safety are concerned.
If an app asks for permission to access a child's location, it should be the default response to ask why they think they need that information.
Under a new Children's Code administered by the Information Commissioner's Office (ICO), the designers of online services need to put children's privacy at the heart of their design principles.
We cover the 15 standards in more detail here, but one of the key points is that geolocation should be switched off by default for children-centric services unless there is a compelling reason to do otherwise. Plus, a signal must be given to children to show location tracking is active.
Companies will need to ensure their online products and services meet the Age Appropriate Design Code by September 2021.
Read more: can the Government keep kids safe online?
Conclusion: meeting the mobile security challenge
Device security is more important than ever and, thanks to the way developers and manufacturers have built systems into our phones, they're easier to set up than ever before too.
It's better to be suspicious and disable a setting we're not sure about than to figure out it was spying or tracking us later. It's also better to put all the security protocols our phone offers us (biometrics, passwords) into practice rather than regret letting a thief get hold of our handset and our information.
Three final tips:
- Install manufacturer updates as soon as they are offered
- Install app updates when offered
- If an app asks for extra permissions following an update, double-check what they want and why
Fear of missing out is a big part of modern life and that's partly why malicious apps and services can spread so easily.
Make sure the chain ends with you and just ask the question no one else seems to be asking: why does a company need that information about me and who are they really anyway? That simple question may solve a lot of mobile security headaches.
Use mobile banking apps? Find out how safe they are to use.