📋
Operational security for activists
  • Home - Operational security for activists
  • Mobile phone security
  • Secure digital communication
  • Email, online banking, and social media security
  • Running a pseudonymous social media account
  • WiFi security
  • Virtual Private Networks (VPNs) and Tor
  • Editing images for security
  • Laptop security
  • How the government tracks your location
  • Talking to journalists
  • Glossary
  • Further reading
Powered by GitBook
On this page
  • Use a strong passcode on your phone with digits and, if possible, letters.
  • Do not use biometric authentication like fingerprint detection (Touch ID) or face detection (Face ID).
  • Take backups or sync to the cloud to avoid losing data.
  • Beware that the government may be tracking your location with fake cell towers.
  • Consider purchasing a second "burner" phone to use for sensitive situations.
  • Considerations for when purchasing a burner phone.
  • Avoid putting your burner phone number in your real phone's contact list, and vice-versa.
  • Avoid syncing your burner phone to the cloud.
  • Avoid connecting your burner phone to the same WiFI networks and Bluetooth devices as your real phone.

Mobile phone security

These are some basic tips for keeping data on your phone secure.

PreviousHome - Operational security for activistsNextSecure digital communication

Last updated 4 years ago

Use a strong passcode on your phone with digits and, if possible, letters.

Always have a passcode on your phone made up of numbers and/or letters. Don't tell it to anybody that has access to your phone. You may consider telling your passcode to a friend that lives far away so that they can unlock your phone in the case that something happens to you.

Do not use biometric authentication like fingerprint detection (Touch ID) or face detection (Face ID).

In the United Staes, law enforcement to turn over the passcode to your phone because the Constitution protects you from self-incrimination.

However, law enforcement might be allowed to use your face or fingerprint to unlock your phone. This is an , but the safest thing is to avoid the debate and always use a numeric or alphanumeric passcode.

Take backups or sync to the cloud to avoid losing data.

Phones are easily lost, damaged, or stolen. It is important to back up the information on your phone if you do not lose it.

Nearly all modern phones can sync most of their data to a cloud service, but it might make it easier for computer hackers or law enforcement to obtain your phone's data. Do not connect your phone to a cloud service if you are worried about law enforcement. It is also possible to back up your phone to your local computer instead.

Beware that the government may be tracking your location with fake cell towers.

Fake cell phone towers go by a few different names:

  • Cell-site simulator

  • (a brand-name IMSI-catcher manufactured by Harris Corporation)

These are all radio devices that send out signals advertising themselves as cell phone towers for your phone to connect to. Often, these devices then note your phone's identity and disconnect, returning you to a real cell phone tower.

Consider purchasing a second "burner" phone to use for sensitive situations.

It may be safer and more secure to conduct your activist work on a separate cell phone than you use for your personal life.

Considerations for when purchasing a burner phone.

Many mobile phone stores will require you to show a government ID in order to purchase a phone. When this happens, you should not consider the use of your phone to be untrackable by the government.

Apple iOS devices have a reputation for stronger security when compared to Android or other devices. However, Android phones are often cheaper.

Avoid putting your burner phone number in your real phone's contact list, and vice-versa.

The information you store in your burner phone and your real phone should not connect to each other. The two phones should not be in the same contact list.

Avoid syncing your burner phone to the cloud.

Avoid connecting your burner phone to the same WiFI networks and Bluetooth devices as your real phone.

Your phone's Wi-Fi and Bluetooth connections can be used to discern a lot of information about who you are and where you have been. For example, if your car offers Bluetooth connections, don't connect both your real phone and your burner phone, because that gives a hint to anyone examining both devices that they owned by the same person.

There is the presence of fake cell phone towers, and it is harder for fake cell phone towers to intercept connections using the latest protocols. However, you should assume that the only way to avoid detection from a fake cell phone tower is to turn off your phone's cell radio.

The Electronic Frontier Foundation about how fake cell phone towers work.

Syncing your burner phone to the cloud makes it easier for law enforcement or computer hackers to obtain the information on it. If you need to make backups, backup your phone locally to your computer. Apple's iTunes to create encrypted local backups of an iPhone.

cannot compel you
ongoing debate
IMSI-catcher
StingRay
research in detecting
has more information
makes it possible