Level Up Your Mobile Data Privacy
First of all, I should say that the idea of writing this article struck me a long time ago. The thought “C’mon these things are elementary, everybody should know these” kept me wondering for a while. But, here you are reading this right now, which means I finally made up my mind and gathered time to finish it off.
In this article, I am aggregating most of the features that you might already know. That will help you increase your data security for most commonly used day to day mobile apps and services — at the same time, pointing out the common pitfalls which might render all your security configurations worthless.
What is Security?
What is security? Let’s get that cleared out next. Think of the door lock at your home, while it prevents someone without the key from unlocking, it can’t help if someone picked the lock or used a crowbar to break the door open. Similarly, in the digital world, while password protecting your sensitive data will provide adequate security under most circumstances, it won’t be able to prevent someone from accessing your data 100%. That’s where additional security steps such as two-factor authentication, identification of unusual behavior, or unknown devices come in. But will that be enough? Anyway, the latter is more towards alerting the genuine user in case the security has been breached. In case someone else is trying to access data, you can take immediate actions to rectify the situation if that wasn’t you who logged in (Yeah yeah, all those emails and SMS you get when you logged in to your email account from a new device.). So that is similar to someone breaking the door lock and entering your home, so you will at least get to know that your home has been intruded once you get back home. Call me paranoid if you want, or if you think, “It won’t happen to me.” Once I take you through the rest of the article, I will leave you doubting yourself. Back to the same door lock analogy, what if you locked the door but left a window open, scared? Yes, that’s what I am going to discuss, not about how your home can get robbed, but how your data can get exposed due to plotholes in your security configurations.
Next thing we need to agree upon before proceeding is what sensitive data is. That is relative to each person. If you have no sensitive data, you wouldn’t be here reading this anyway, right. Unfortunately or fortunately we all have something to secure or protect, maybe your bank account details, personal media or your top-secret office work. Why I am calling this relative is that you won’t consider your bank details as sensitive data if only a few cents are remaining in your account. In that case, you should consider making your bank details publicly available, so there is a possibility that someone might sympathize and make a transfer. Or would you leave those glamor shots of you or your partner (Let’s just accept the fact that it happens more than we think) just hanging around in your phone? Or email for someone else to see unless you are a model or a pornstar who is planning to, or already published them in social media? Got the point? The less we talk, the more it happens. So here we are.
1. Two Factor Authentication
Let’s get started with what you know already. You are probably using Facebook, Gmail, Whatsapp daily. If you have not enabled two-factor authentication in any of these apps, it’s time you do so. I am not planning to dive into the details of “How to” in any of the security configurations I am going to mention; since It’s going to make this lengthy, and there are more than enough tutorials and help available on the internet. That’s it? No, we are just beginning here.
2. Hide Notification Content in Lock Screen
Your mobile phone is attached to your life, or rather your mobile phone is your life. What if some attacker gets their hands on your phone? Even though you have locked your phone using some locking mechanism (password, pin, face lock, fingerprint, etc), If your messages and notifications popup on the lock screen, there is a possibility that the attacker could read the messages and notifications to get an OTP, Recovery link or passwords into any of your accounts. Most smartphones provide you with the settings to disable content being visible on the lock screen. You may choose to hide the content if you need additional security using those settings.
3. Use SIM card lock
Do you feel safe enough? What if the attacker can remove the sim and insert it into another phone and receive text messages, use your number to get access to your accounts or make calls. Never thought of that? Well, if you didn’t know, every sim has the option of enabling pin lock, which will pop up whenever you insert the sim into a phone or when you are restarting your device. Same as encrypting your phone with a password, the sim lock helps to almost prevent someone from using your sim card.
4. Face lock or Fingerprint lock?
Speaking of phone locks, how many of you are using patterns, passwords, pins to lock your phone? I don’t know about you; I couldn’t help but notice how many people use their patterns or pins in public places or public transport to unlock the phone to check in to Facebook or Whatsapp. Your screen lock pattern or PIN is something you will be using regularly regardless of where you are. If you are in a very crowded place, it would be challenging to avoid prying eyes from noticing your PIN or the password. This is where face lock and fingerprint lock features would come in handy. While face lock is the latest tech and is cool to have, there are situations where someone else having similar face features could unlock your phone. Hence I prefer to have the fingerprint lock enabled and face lock disabled.
People have come up with all sorts of hacks to bypass these security features. As technology advances with time, security technologies we consider safe right now will become just another set of fancy features that look cool. But, as of right now, I believe we don’t have to worry beyond the security measures we are discussing in this article unless you are an undercover agent holding confidential government information, or an international terrorist.
What we discussed above will provide adequate security to ensure your mobile data doesn’t end up in the wrong hands. Let’s dig deeper and take a peek at measures we can take to minimize the exposure in the unfortunate situation where an attacker manages to access your data.
5. Image Caches
The best way to secure your data is not to save your data at all. Confused? All your images are cached in the storage for performance. Even when you deleted the original file, the cached images might still be intact in the storage. So it is better to make sure that once you delete a file you get rid of the cached images as well. Speaking of deleting files, in modern operating systems you will be able to undo the delete operation. This feature is possible only because the files you delete are not immediately removed from the storage, only they are being stored to a separate location so in case you decide to retrieve the files you can recover it from the location where your deleted files are being stored. While making a note on that, next I would like to bring your attention to Whatsapp. Being an app used by millions of daily users which provides end to end encryption for messages we ought to believe that our messages are secure and our privacy is preserved. However, even the end to end encryption adds resistance against man in the middle attack, it is not effective against someone who directly extracts the WhatsApp database from your phone. Yes, It’s possible to extract the WhatsApp encryption key. Even though the WhatsApp key is stored in a sandbox, and eventually can be used to decrypt all stored and backed up messages, I will spare the details on how we can do it as it is not related to this article. Maybe we will follow that up in a later article. But one thing you should take note of is all multimedia files you sent across WhatsApp gets stored in a folder named “sent” inside the WhatsApp multimedia directories, and it is not visible in the image gallery. Therefore there is a chance you might have spared some private data in these directories without knowing that it is there eating up your storage space and making your data vulnerable, even though you believe you have removed them permanently. Some cleaning apps may help you in detecting these files and removing these files for you. Otherwise, you may manually delete these files to make sure they don’t exist in your storage.
6. Encrypt Confidential data
In case you have decided you need to store some of your private data for some reason, it’s better to keep them encrypted to avoid any data leaks. There are various encryption tools you can find at your disposal on the internet. But be sure to use a secure encryption algorithm and to secure your passwords and keys. One thing I would like to highlight is to be sure to wipe the plain data after encrypting. Yes, read that again, not “Delete”; wipe your plain data after encrypting them. When you encrypt your data, it will create a new encrypted data file while leaving the original data file intact. If you simply leave it as it is, or just delete it using a generic file removal command, there is no point of encryption since it is possible to recover deleted data. I am going to write articles on Data storage and how data recovery works in detail. For now, I will just end the article by giving a brief introduction to what Wiping is, in case you haven’t heard already.
7. Wiping your storage
Sorry to break it out to you, this might seem like that your whole belief on data storage is falling apart, but the truth is when you delete your files from a storage system, the file system doesn’t remove the records entirely. At least, not immediately. That’s what makes it possible for recovery software to recover your lost or deleted files. So if you are considering encrypting your data, or selling your used phone or laptop, it is better you reset your device, wipe it clean (free space wiping) before giving it away. Let’s discuss data recovery in detail in my next article, “HDD, SSD and Data Recovery.”
While I have just introduced and presented basic security features and how to configure them in a way that they complement each other, it’s up to the user to decide what is level of security you need to implement on your data. So some of the features I have mentioned might sound a bit overkill, but you know, no point in closing the stable once the horse is gone. So plan your security configurations. Protect your data. Ultimately there is nothing unbreakable or unbreachable about security; it’s just a matter of time and effort at disposal. Right now, we have managed to keep it in control up to some level. Let’s hope it stays that way.
Feel free to express your feedback and any more features you might know of that might not include in here. After all, this is all about sharing knowledge and helping each other.