How to: Lock down your data on a smartphone

If the last major incident of cloud hacking, where a major celebrity's nude photos were leaked online, should teach us anything, it's that your security online is tenuous . While technology is constantly evolving to provide better protection to the user’s data, the onus lies on us to safeguard our personal devices against data theft. Smartphones have become an inseparable part of our lives and, as such, a majority of our personal data is stored on them. As a result your phone is always at risk for data theft. So here are a few ways you can keep your data safe:

Do not download apps from an unknown or untrusted source
Stick to the official application store. Typically, there are checks carried out before an app is allowed on popular platforms from Apple, Microsoft and Google. These checks ensure that the downloaded app functions as intended and is safe to use. Apps downloaded from unknown sources can infect your phone with malware, putting the data on your device at risk. Bottom line: if you don’t know or can’t trust the source of an app that you’re trying to sideload, it’s best you avoid installing it.

Avoid jailbreaking or rooting the device
Jailbreaking or rooting a device will give you access to the operating system files and features. With root permissions, an app can bypass the OS' security channels, thereby providing access to all the information on the device. That aside, with root access, a malicious app can take complete control of the phone.

Enable password protection
This is the easiest of the lot and offers significant protection. Adding a password will provide another layer of protection to your data; it can't hurt right? iPhones come with a Touch ID sensor which will scan your fingerprint and unlock it only when it's a perfect match. Apart from password protecting the phone, individual apps can also be password-protected by using tools like AppLock on Android, that lets you lock apps with passwords. It also offers an option to move your pictures into a photo vault, keeping it safe from prying eyes. iPhone users can install Overswipe, a simple app that lets you showcase selective photos from your gallery to people.

Encrypt the phone
Encryption is password protection taken to the next level. What encryption does is, it takes your photos, videos, music etc and converts it into unrecognisable data. The data is only readable when the password is entered to unlock the phone. So, picture a scenario where an unscrupulous person steals your phone, and connects it to a computer to retrieve data stored on it, the thief cannot simply copy the files. Encrypting a phone is highly recommended if you have sensitive data on the device. iOS supports encryption by default. We'll show you in a bit how you can encrypt your Android as well .

Use a Password Manager
There are so many services that require you to remember a username and password. If you end up using the same or similar passwords for all your accounts, and an attacker gets hold of one, your other accounts could also be compromised. A password manager like 1Password (Android & iOS) or LastPass (Android & iOS) require you to remember only one ‘master password’. These apps can then generate and auto-fill random strings of characters, ensuring that every service you use has a different, garbled password. This makes it harder for brute-force attacks, that try to figure out your password by choosing related words. 

Those were a few generic safety measures you can make use of, but what about platform specific precautions?

Security on Android
Encryption has been supported on the Android OS since 4.1 Jelly Bean. The option to encrypt the device is present in the settings menu. It's very likely that a majority of people reading this have an Android device running 4.1 or higher. Encryption can be enabled right away by going to Settings > Security and selecting the Encrypt Phone option. The phone will need to be plugged into a charger to carry out the encryption process. Be warned, it's time consuming and can take anywhere from 30 minutes to over an hour depending on the data you have on your phone. During this time the device is unusable, so we recommend you do this when you won't need your phone for a while.

Phones that are shipped with Android Lollipop, like the Nexus 6, have encryption enabled by default. Android would originally use a 128-bit key for encryption but, with the Lollipop update, it now uses a 256-bit key for encryption. What that translates to is better security for the data on the device. 128-bit is still safe -- it’ll take a couple of years to crack the code on a phone with this level of encryption, but the improved 256-bit makes it way harder to crack.

While on the subject of Lollipop, there are a couple of easy steps to lock your data down. Don’t you just hate it when you hand your friends your phone to look at something, and they swipe and scroll around? On Lollipop you have an option to pin the screen, which will keep the device pinned on a single app. For example, if you give them your phone with a game pinned (provided you’ve put in a password lock) there is no way they can snoop around your private chats or photo gallery.

User Profiles
Other than screen pinning there is also a Guest mode which makes a separate temporary profile on the phone. A guest profile has the default Google Apps and nothing else. None of your apps or your data are visible in guest mode. Remember sharing PCs with a sibling? You probably had multiple users on the desktop to keep your individual data private. The same concept applies to Android Lollipop. The feature has been present in Android Tablets since Android 4.1 (Jelly Bean) and is quite handy if you share your device with other people.

Enable Android Device Manager
Android Device Manager is a built in device tracker on Android devices. This feature allows you to remotely track your phone, lock it, and erase its contents completely if required. Sadly, the Lock and Erase options are not enabled by default. To enable it, you’ll have to go to Settings > Security > Device Administrators and check Android Device Manager. There are also third party apps like Cerberus that do a lot more than Android Device Manager. Cerberus offers many more features like, remote audio recording and generating an alert when the SIM card is swapped. In case someone is trying to unlock your smartphone, after a couple of attempts, it snaps an image from the front camera (if your device has one) and mails it to the registered email ID.

Locking Down iPhones
Apple devices come with encryption enabled right from the factory, so there isn’t much left to do here in terms of encryption. To prevent your data from falling into the wrong hands, in case of theft, there is an auto-erase feature. This can be enabled from the Settings > Passwords menu. What this does is erase all the data on the phone after 10 wrong password attempts. Do keep your phone away from mischievous friends in case this option is checked. 

Enable "Find my iPhone"
Syncing an iCloud account will help you maintain a backup of the data on your phone; it offers 5GB of storage space on activation. The cloud storage is not the reason we're suggesting it though, it also offers an option to find your iPhone. With "Find my iPhone" enabled, you can lock, locate, erase and also deactivate the iPhone. This ensures that your data is locked down in case your phone is stolen. If you manage to retrieve your device, all it needs is your iCloud password to reactivate. Last year, with iOS 7, Apple tried to disincentivise stealing iOS devices, by requiring the owner’s Apple ID and Password be entered when a device is put in ‘Lost Mode’. The small joy this bring is that, even if you never recover your iPhone, without your ID and password, all the thief has is a shiny paperweight.

Aditya Shenoy is the Associate Editor and the in-house car guy at Pricebaba.com