It’s likely that you’ve got details of your whole life stored on your phone—the people you know, the banks you’ve used, the videos you’ve wasted hours watching—and you don’t necessarily want that info getting out into the wider world. If you’re keen to lock down your handset against unwelcome visitors, you need to take a few steps.
There’s lots to cover, from protecting against friends at parties who might pick up your phone and start scrolling through photos, to government agencies who might be eager to tap into your outgoing messages. There are plenty of ways to put up barriers and stop all but the most advanced attacks, and we’ll cover the most important ones here, for phones and tablets running iOS and Android—though many of the principles can be applied to laptops and other kinds of devices too.
It’s worth noting at the outset that it’s very hard to make a device completely snoop-proof—even if you physically remove the camera and the microphone, Edward Snowden-style, determined hackers can still get at your data.
Every so often a new report appears lamenting the high number of people who leave their phones unlocked, or who use an easily guessable PIN like 1234. In 2017 there really is no excuse for leaving your device unprotected, with so many options available—from trusted locations on Android, which helpfully turns on additional security when you’re not at home, to Touch ID on iOS, which demands your fingerprint for accessing protected data. Go to Security in Android’s Settings app or Touch ID & Passcode in the iOS one to get something in place.
That should stop passers-by and curious friends from getting at your phone, but more information than you might think can be accessed from the lock screen—for example, by default on an iOS device you can launch Siri and ask “who do I call most?” to see a list of recent calls, no unlock required.
The feature is designed to help someone return your phone to you if it gets lost, but if you’re not comfortable with it you can turn this and other lock screen pop-ups off by going to Touch ID & Passcode menu in Settings. You can disable notifications too if you don’t want people taking a peek at your Twitter mentions as they flash up on screen.
On Android devices the only settings to really be aware of are the notification ones controlling what appears on the lock screen. Go to Notifications in Settings and you can disable all alerts or just ones for certain apps; the recent versions of Android also let you hide “sensitive” information on the lock screen, which typically means anything that comes through one of your messaging apps.
As we’ve explained before, some apps are more secure than others when it comes to protecting and encrypting your data. Our picks for the most snoop-resistant messaging apps are currently Signal (iOS, Android) and WhatsApp (iOS, Android), and if you’re using anything else you’re leaving yourself more at risk to getting snooped on.
When it comes to browsing, the built-in apps do a decent job protecting you against various kinds of snooping, but there’s certainly room for improvement as well. Apps like Orbot (Android) and Onion Browser (iOS) will keep all your browsing encrypted, anonymous, and very difficult (though not impossible) to track. On top of that, a VPN tool such as Opera VPN (Android, iOS) will encrypt all the data going to and from your device, and they’re especially useful on public Wi-Fi networks in coffee shops and hotels.
Worried about app developers snooping on your activities? Besides studying the terms and conditions very closely, you can check on (and revoke) permissions for a particular app—on Android tap Apps in Settings, then select an app and choose Permissions, or on iOS, from Settings tap Privacy then choose a category to see which apps have privileges and take them back. As a nuclear option you can simply uninstall offending apps.
On Android devices, you also have the extra option of installing an app locker, which adds an additional layer of protection for specific apps or files if someone should get past your lock screen. It can range from demanding a pin number or password, to demanding a fingerprint scan every time you want to open the app. AppLock (Android), Privacy Knight (Android), and Norton App Lock (Android) are all great choices.
One of the best ways of minimizing the risk of snooping is to have as little data on your phone as possible at any one time. How you go about this will vary from app to app, but to take iMessage as an example, you can go to Messages from Settings and then tap Keep Messages to have them automatically cleaned up after 30 days or a year. Other apps will have similar options. Though be sure to offload photos and videos to the web using something like iCloud or Google Photos before you start auto-deleting old texts.
Your phone also has a habit of tracking places you’ve been and subjects you’ve searched, so you’ll want to deactivate that, if possible. Check in the Activity Controls page of your Google account, where you can enable or disable location history, the storing of voice searches, YouTube viewing history, web browsing activities, and so on.
And something you might not often think about are third-party apps hooked up to your main apps—all those little utilities and add-ons you’ve granted permission to use your Facebook or Twitter accounts. While these are usually nothing to worry about, out-dated and unsecured connected apps can be used to snoop on your activities remotely, so it’s best to keep as few active as possible.
Head into the settings pages for all your services on the web to do this. For Google, you can go to the Connected apps and sites page; on Facebook, connected apps are listed in the App Settings page; while on Twitter, you can go to the Apps page to kick out any connected tools you don’t recognize or no longer have any need for.