Mobile phone security

These are some basic tips for keeping data on your phone secure.

Use a strong passcode on your phone with digits and, if possible, letters.

Always have a passcode on your phone made up of numbers and/or letters. Don't tell it to anybody that has access to your phone. You may consider telling your passcode to a friend that lives far away so that they can unlock your phone in the case that something happens to you.

Do not use biometric authentication like fingerprint detection (Touch ID) or face detection (Face ID).

In the United Staes, law enforcement cannot compel you to turn over the passcode to your phone because the Constitution protects you from self-incrimination.

However, law enforcement might be allowed to use your face or fingerprint to unlock your phone. This is an ongoing debate, but the safest thing is to avoid the debate and always use a numeric or alphanumeric passcode.

Take backups or sync to the cloud to avoid losing data.

Phones are easily lost, damaged, or stolen. It is important to back up the information on your phone if you do not lose it.

Nearly all modern phones can sync most of their data to a cloud service, but it might make it easier for computer hackers or law enforcement to obtain your phone's data. Do not connect your phone to a cloud service if you are worried about law enforcement. It is also possible to back up your phone to your local computer instead.

Beware that the government may be tracking your location with fake cell towers.

Fake cell phone towers go by a few different names:

  • Cell-site simulator

  • IMSI-catcher

  • StingRay (a brand-name IMSI-catcher manufactured by Harris Corporation)

These are all radio devices that send out signals advertising themselves as cell phone towers for your phone to connect to. Often, these devices then note your phone's identity and disconnect, returning you to a real cell phone tower.

There is research in detecting the presence of fake cell phone towers, and it is harder for fake cell phone towers to intercept connections using the latest protocols. However, you should assume that the only way to avoid detection from a fake cell phone tower is to turn off your phone's cell radio.

The Electronic Frontier Foundation has more information about how fake cell phone towers work.

Consider purchasing a second "burner" phone to use for sensitive situations.

It may be safer and more secure to conduct your activist work on a separate cell phone than you use for your personal life.

Considerations for when purchasing a burner phone.

Many mobile phone stores will require you to show a government ID in order to purchase a phone. When this happens, you should not consider the use of your phone to be untrackable by the government.

Apple iOS devices have a reputation for stronger security when compared to Android or other devices. However, Android phones are often cheaper.

Avoid putting your burner phone number in your real phone's contact list, and vice-versa.

The information you store in your burner phone and your real phone should not connect to each other. The two phones should not be in the same contact list.

Avoid syncing your burner phone to the cloud.

Syncing your burner phone to the cloud makes it easier for law enforcement or computer hackers to obtain the information on it. If you need to make backups, backup your phone locally to your computer. Apple's iTunes makes it possible to create encrypted local backups of an iPhone.

Avoid connecting your burner phone to the same WiFI networks and Bluetooth devices as your real phone.

Your phone's Wi-Fi and Bluetooth connections can be used to discern a lot of information about who you are and where you have been. For example, if your car offers Bluetooth connections, don't connect both your real phone and your burner phone, because that gives a hint to anyone examining both devices that they owned by the same person.

PreviousHome - Operational security for activistsNextSecure digital communication

Last updated