Top 9 EASY Smartphone Security Tips For Android and iPhone!

In the past year or so, we’ve seen news article after news article about malicious apps found on the Google Play Store. We’ve seen vulnerabilities that can own your device by just clicking on a link that looks like it was sent to you by a friend, but was actually used to hack your phone. We’ve also seen news about smartphone zero click vulnerabilities. In this case, you don’t even need to click on anything. The moment one of these messages is sent to your phone, your phone gets owned. That could happen while it’s sitting on your desk or in your pocket without you ever knowing.

There are several steps you can take to protect your phone from these kinds of security issues, so just taking one step isn’t enough in this day and age. Now, you have to look at securing your device past the lock screen. Sure, that first step is great if your phone gets stolen, for example, but it doesn’t protect your phone from remote attacks.

So here are 9 steps you should take right now to protect your smartphone. These are your basic fundamental security options, so if you already know how to do these, send this video some your friends or family that could benefit from knowing these tips.

This episode is sponsored by DeleteMe! If you want to take your security and privacy game to the next level, stick around for my sweet coupon code just for viewers!

1. Set up that screen lock. This may sound like a “duh” moment, but I recently hung out with a family member who didn’t have a screen lock on their phone. Using facial recognition or a fingerprint to unlock is plenty for most folks, and these biometrics are kept locked away inside your phone. They are never sent to some server farm or copied by any apps - this is because your phone is using “sandboxing” to protect your biometrics. But it is easier for law enforcement to “force” you to use biometrics to unlock a device, and if an attacker has physical access to your phone, some device biometrics can be figured out. You could also lose a biometric if something happens to your finger or face. While biometric usage has offered a ton of folks a convenient security option when chances are they’d never lock their device, these are legitimate issues, so using a PIN or a password to lock your phone is great as well, although not as convenient. There are laws protecting your PIN or a password from being given up to law enforcement because it would be considered self incriminating (depending on your jurisdiction). But if an attacker stole your device, they could still try to guess your PIN or Password. Today’s devices can allow you to use biometrics to lock your device, plus a PIN as a backup. This gives you two options for unlocking your phone, making the most convenient option the primary one.

Even with the downsides, a lock screen is multitudes more secure than not having one at all. Think about it - you have a banking app, email, messaging, you’re probably already signed in to all your social media, you’ve got photos… It’s a whole treasure chest of data reap for taking so why keep that unlocked?

1. Next is protecting your apps. Some apps, like banking apps, will require you to log into them every time you open the app. They don’t remember your login, and that can protect your app in the event your phone is stolen. Some apps will allow you to customize these login settings. For example, you could choose to login with biometrics in your apps as well. You could require a password every time you reopen the app. These options will either be on the login page when you open your app or they’d be under the settings for your account. In either case if the app is storing sensitive data, you may want to consider also locking down the app.

2. Enable 2FA or Passkeys! Whether that be social media, banking, your google or apple ID account, your email… whatever it might be - make sure all of those accounts require 2FA or passkeys to login (if they support it!). Most of your commonly used apps will now support some kind of second factor or authentication after you input your password to open the app, if they don’t remember your login. If they do, you’ll see it ask you to input a six digit code after your password or it’ll ask you to tap on a hardware key. I’ve done several videos about the importance of 2FA and I go into deeper detail on those episodes explaining how 2FA works, where it’s available, and how to set it up. Passkeys are somewhat new and not supported everywhere, but these can allow you to authenticate with an app by just using your biometrics or sticking a hardware security key into your phone (or tapping it against your phone). This is a cool option because Passkeys replace the password. Wanna learn more about passkeys? I have a whole series of videos about those too!

3. You may run into apps that don’t support passkeys or two factor authentication. In those cases, having strong, unique passwords that you don’t use on any other sites will help keep those accounts secure. I use a password manager to safely store all of my passwords so I don’t have to try and remember them all.

4. Is your phone encrypted? Newer phones encrypt data stored on your phone by default, but older phones may require you to do this manually or they don’t support it at all. Here’s how you can check for encryption:

   1. First, if you’re using an Android phone and you set up your lock screen in step 1… good news! That lock screen also sets up encryption at the same time, so you’re good to go. You don’t need to do anything else.

   2. If your phone has a microSD card installed, data stored on that microSD card isn’t encrypted with the lock screen. So look for a feature in your phones operating system settings that allows you to encrypt external device data or MicroSD card data. If your phone doesn’t support external storage or you don’t use a microSD card in your phone, then you can skip this step.

   3. Similar to Android, iPhones also encrypt by default when you set up a lock screen. But if you want to take it further, iPhones have a setting called Advanced Data Protection, which can increase the types of data that are encrypted on the phone. To activate this end to end encryption, open your iPhone settings and find the iCloud settings. Tap Advanced Data protection then choose Account Recovery and follow the on screen instructions. These recovery options will protect you from accidental data loss. Go back into that menu after setting up your recovery option to ensure that Advanced Data Protection is turned on.

5. Now here’s a step you can take online to protect that phone number of yours - because no one likes to receive spammy text messages. Data broker websites make our data easily searchable and publicly available - that’s data like your full name, home address, phone number, email address and more. Yes, you can totally go to each of these sites one by one, find your data, and request that they remove it, but that could take days every month to do because there are so many data brokers out there. So I signed up for DeleteMe many, many years ago as a paid customer, and they take the hassle and stress off my shoulders. DeleteMe sends those opt outs so I don’t have to by searching all these data broker websites and sending them all those manual opt out requests.

   1. Even though several of my friends who work in cybersecurity recommended DeleteMe to myself, I realize you might be sus about trusting a company to do this work for you. DeleteMe takes a hardline approach to data security as well, with regulatory compliance and internal and external auditing, MFA for your account, and security awareness training for their own employees. When it comes to threat monitoring, DeleteMe monitors their network traffic 24/7 for anomalies and encrypts Personal Information both in transit and at rest. And if you’re skeptical, you can always reach out to DeleteMe directly with your own security questions.

   2. So if you are ready to take control over your data online, especially that phone number, check out joindeleteme.com/morsecode to get 20% off any of their consumer plans with the coupon code SNUBS, which will automatically apply at checkout. That’s joindeleteme.com/morsecode and 20% off with coupon code SNUBS. Thanks to DeleteMe for sponsoring this episode!

6. Your phone is already more secure, so the next three steps are things you should keep in mind going forward. First, never install apps from third parties. While the iOS store and the Google Play Store are far from perfect, only installing apps from these places will protect you a whole lot more than if you just click links from your browser or text messages and install packaged apps. Apple and Google screen apps before they can be administered in their stores, and even though slip ups do happen, it’s better than trusting any link. If a malicious app is found in either of the legit stores, those apps are removed and developers can be banned. If you want to take this a step further, read reviews of apps, check which developer made the app, and only download ones that you absolutely need on your phone. Sometimes a company will make an app but it’s so glitchy and terribly made that it may be better to just browse to their website via Chrome or Safari. You don’t need to install an app just because some company says you do.

7. If you DO receive links or attachments sent to your phone via private message, via text message, or through email and they were unsolicited (i.e. you never requested those links or attachments - they just showed up out of the blue), then delete them. If it’s important, call your friend or family member and say “hey, what was that link / attachment you were trying to send me?”. If it’s real, they’ll tell you. If it’s not, then that could be a sign they got hacked and they should start remediating that hack through their own accounts.

8. Lastly on this list is make sure you keep your phone up to date. Don’t ignore any prompts you see to update your phone. Enable automatic software updates because often times, these updates are patching known security issues. Set your phone to download updates on Wifi and while you’re sleeping so they don’t interrupt your normal usage times.

If you want to take things further, I would recommend checking out my security and privacy playlist on my channel where I’ve delved into a lot more detail about encryption, data security, recommended apps for security and a lot more. Thanks again for watching, bye yall!