Smartphones and tablet devices are storing more and more information with each new model. It is important to ensure that you are protecting what is possibly sensitive personal information stored on your phone. The steps you follow to secure your smartphone or tablet device will differ depending on which device you have, but there are some general principles that should be followed.
# |
Topic |
Requirement |
Examples of Security Standard Controls met |
1 | Encryption | You should enable encryption on your device if possible. If your device does not support encryption, it should not be used for University email / confidential information. | |
2 | PIN / Passcode Protection | You should lock your device with a PIN or passcode. This is essential to protecting information should it go missing or be stolen. If you do not protect the device with a Pin or password, it should not be used for University email / confidential information. | |
3 | Updating your Device | You should make sure that you have the latest software updates installed on your device. | |
4 | Nonessential / Default Services | It is recommended that any nonessential services and /or default services be turned off, and turned on only when needed (e.g. Bluetooth). These could possibly be exploited, giving access to confidential information on your device. | |
5 | Backups | Make sure that you are regularly backing up your device. | |
6 | Recovery | Set up recovery tools, if they are available for your device. These tools include being able to locate your phone and/or remotely wipe the content on the phone, and help in cases the device is lost or stolen. |
In addition to these six basic principles, “jailbreaking” (the process of circumventing a device’s operating system to gain full access to the device) it is highly discouraged. Jailbreaking your device can open your phone or tablet up to software that has not been properly checked for bad code.
Instructions
(Original document available here)
The instructions below are for iOS (including iPhones and iPads) and
Android OS (including both phones and tablet devices). Please note that tablets and phones are frequently updated, and the instructions might not apply to your latest device.
iOS (iPhone, iPad)
These instructions relate to devices running iOS 5 and later.
-
Encryption
Full-device encryption is automatically enabled when a passcode is established for your device. You can ensure that your device has encryption turned on by navigating to Settings ➜ General ➜ Passcode and verifying that “Data protection is enabled” is visible. PIN /
-
Passcode
- Go into the Settings ➜ General ➜ Passcode screen.
- Click on “Simple Passcode” to turn OFF the simple 4 digit passcode.
- Click “Turn Passcode On”, and enter your passcode when prompted.
To ensure the maximum security of the device, set “Require Passcode” to “Immediately”, and enable “Erase Data” to automatically erase your device after ten failed passcode attempts.
-
Updates
- Make sure you have the latest version of iTunes installed on your computer.
- Connect your iPhone to your computer, and select it under the Devices section on the left hand side.
- Click “Check for Update” on the Summary tab.
-
Services
If you are not using Bluetooth to connect a headset to your device, it is recommended that you turn it off. Navigate to Settings ➜ General ➜ Bluetooth. If it is currently turned on, click the toggle button to turn it off.
Many people use Wifi to connect their device to a wireless network. At the very least you should ensure that your device does not automatically join wireless networks. Navigate to Settings ➜ Wifi and make sure that Ask to Join Networks is ON.
In the Mail app settings, you should disable loading of remote images. This can be done by navigating to Settings ➜ Mail, Contacts, Calendar and moving the Load Remote Images slider to OFF.
-
Backups
The iPhone is backed up by iTunes each time the device is synced, updated or restored. The content on your device such as downloaded applications, audio, video and photos are not included in the backups because they are automatically synced if you have the Sync option checked in their respective tabs. When your device is plugged into iTunes, ensure that the Encrypt Backups option is selected on the Summary screen in iTunes. If your device is storing confidential information, you should turn off iCloud backups. Navigate to Settings ➜ iCloud ➜ Storage and Backup and make sure that the iCloud Backup slider is set to OFF.
-
Recovery
iOS devices come with a “Find My iPhone” app that allows you to locate your phone if it goes missing. Details about how to use this app to find your lost phone or remotely wipe it if it has been stolen are available on Apple’s website: http://www.apple.com/iphone/built-in-apps/find-myiphone.html
-
iCloud
If you have an iCloud account registered on your device you should be careful that confidential information is not being stored on Apple’s servers. Under Settings ➜ iCloud, turn off at least Documents and Data and Notes, as well as any other services that you do not explicitly need. If you do not need the iCloud service, it is recommended that you turn it off entirely.
Android (Phones and Tablets)
-
Encryption
Starting with Android 4.0 Ice Cream Sandwich, Android Phones support on-device encryption. To enable this go to Settings ➜ Security and enable encryption. You will be asked to set a password at which point the device will reboot and the encryption process will begin. For those with Android Phones running a version of the OS before version 4.0, there are a few third-party applications that can provide this functionality for specific parts of the operating system. The following page highlights a some of the best: http://www.brighthub.com/mobile/google-android/articles/106101.aspx
-
PIN / Passcode
- Go to Android Settings ➜ Security ➜ Change Unlock Pattern.
- Check “Require Pattern” and you will be able to enter a swipe pattern.
- Choose a pattern by running your finger over the dots; don’t choose anything overly simple. Those running a version of Android OS later than 2.2, there is also the option to set a PIN or password.
-
Updates
Android phones automatically update themselves “over-the-air”. It varies from carrier to carrier how quickly these updates are pushed out to phones. When a system update becomes available the carrier will push a notification out to your home screen giving you the option to update your phone. Be sure that your phone is either plugged in or fully charged before choosing to update to avoid it running out of battery half way through the update process. Be patient!
-
Services
Click on Settings ➜ Wireless Connections. From this screen you can turn off both Bluetooth and Wifi if you are not using them.
-
Backups
Backing up an Android phone is not as simple as the BlackBerry or iPhone. Your email, contacts or events are automatically backed up the GMail account you configured the phone with. Other third party applications are available to back up other parts of the phone. The following web page details some of the options available to the Android Phone user: http://www.tested.com/news/feature/2468-the-new-complete-guide-to-backing-up-your-androidphone/
Recovery
There is a free third-party application called “Mobile Defense” that allows you to track your Android phone using its GPS. This application is available from their website at https://www.mobiledefense.com/